Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy and Cloudflare DNS (522 error)

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gschmidt
      last edited by

      Hi,

      I have bought a domain name from Namecheap to host a domotica web app on a local computer on my network. My router/mini-pc is running pfSense.
      I use the HAproxy - SSL Offloading and ACME for taking care of the letsencrypt certificates.

      To avoid buying a Namecheap API for ACME create/renewal certificates, I have set up the DNS records in Cloudflare. The Issue/renewal with method "DNS-Cloudflare" was valid.

      But when I enter my domain name to connect to the host I get a 522 error page. The message was that the request was able to connect the webserver but the request didn't finish.

      Strange is that if I go back to the Namecheap DNS servers, there is no Error.

      Is pfSense or HAproxy blocking Cloudflare DNS servers?

      Notes:

      • I also run pfBlockerng (but DNSBL is not activated)...when I turn it off same 522 error
      • On Cloudflare I have activated DNSSEC
      G 1 Reply Last reply Reply Quote 0
      • G
        gschmidt @gschmidt
        last edited by gschmidt

        I already figured it out.

        Changed 2 options in my Cloudflare account

        b530eb2a-a2e9-4ec9-87eb-620378256273-image.png

        Under SSL/TLS menu:
        Overview
        Default setting was Flexible, but needs to be Full(Strict)

        Edge Certificates
        I had checked "Always use HTTPS" to ON....but needs to be OFF

        Thats it...I think it was the HTPPS trick...because in HAproxy I use SSL Offloading and HTTP to access the Host

        1 Reply Last reply Reply Quote 2
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.