简体繁体 English

Cloudflare Intermitten 521错误出现在Digital Ocean和Wordpress多站点之前

[英]Cloudflare Intermitten 521 Error in front of Digital Ocean and Wordpress Multisite

原文 2019-05-30 03:07:44 8 2 php/ wordpress/ nginx/ cloudflare/ multisite

I keep getting intermittent 521 error code in my website. 我在我的网站上不断收到间歇性521错误代码。 Here is a bit explanation about the architecture. 这是有关体系结构的一些说明。 I have a wordpress multisite server to serve client sites. 我有一个wordpress多站点服务器来服务客户端站点。 The webserver is NGINX with PHP-FPM. 该网络服务器是具有PHP-FPM的NGINX。 Every site has its own domain, so for every client site, I have one Cloudflare account that connects to the wordpress. 每个站点都有其自己的域，因此对于每个客户端站点，我都有一个Cloudflare帐户连接到wordpress。

Somewhat I have been getting intermittent 521 errors in all the sites to the server after some change in configuration (which I kind of forgot which one). 在进行一些配置更改后，我在服务器的所有站点中都出现了间歇性521错误（我有点忘记了哪一个）。

Before the errors, basically the Cloudflare configuration has 1) A name from the site to the multisite IP address 2) flexible ssl enabled 3) https rewrite and https redirect enabled 4) 1 page rule to redirect .domain to www.domain. 在发生错误之前，基本上Cloudflare配置具有1）从站点到多站点IP地址的名称2）启用了灵活的ssl 3）启用了https重写和https重定向4）1页规则将.domain重定向到www.domain。 5) 1 page rule to bypass cache to wp-admin 6) 1 page rule to cache all content under wp-content/ 5）1页规则可绕过wp-admin的缓存6）1页规则可将wp-content /下的所有内容缓存

But then suddenly the 521 errors happening to all microsites. 但是随后突然，所有微型站点都发生了521错误。 What I tried to fix are 1) install SSL in multisite, set the domain to CNAME, set the HTTPS to Full (from Flexibe). 我试图解决的是1）在多站点中安装SSL，将域设置为CNAME，将HTTPS设置为Full（来自Flexibe）。 2) test enabling the development mode 2）测试启用开发模式

Somewhat the problem still persist, so I tried curl one of the site and see the log in the nginx. 有些问题仍然存在，所以我尝试卷曲一个站点，并在nginx中查看日志。

Above is example of the log. 上面是日志示例。 On the first section, on the left, I tried to curl based on timestamp while the right is the nginx log. 在第一部分的左侧，我尝试基于时间戳进行卷曲，而右侧是nginx日志。 In the 155xxxxxxx033 I got 521 Origin Down but there is no entry in the right. 在155xxxxxxx033我获得了521 Origin Down但右侧没有任何条目。 Only the previous 155xxxxxxxx00994 and next 155xxxxxx8901 . 仅前一个155xxxxxxxx00994和下一个155xxxxxx8901 。 Also for this one microsite, I remove all the Page Rules. 同样对于这个微型网站，我删除了所有页面规则。

After that, I tried again with changing the HTTPS configuration from Flexible to Full. 之后，我再次尝试将HTTPS配置从Flexible更改为Full。 Still the same. 还是一样。

I am now stuck in where to investigate next and what configuration I am missing. 现在，我陷入了下一步要调查的地方以及缺少的配置。 Really appreciate help and ideas. 非常感谢您的帮助和想法。

2 个解决方案

I had this problem, and I had to turn off my fail2ban IP address jails/intrusion detection. 我遇到了这个问题，必须关闭我的fail2ban IP地址监狱/入侵检测。 Or add the Cloudflare IP addresses to your whitelist: 或将Cloudflare IP地址添加到您的白名单中：

https://www.cloudflare.com/ips/ https://www.cloudflare.com/ips/

It's likely fail2ban, banning Cloudflare IPs. 很可能是fail2ban，禁止了Cloudflare IP。 Follow Cloudflare's official guide here to restore visitor's original IP address. 请按照此处的 Cloudflare官方指南还原访问者的原始IP地址。 I had the same issue and doing this solved for me. 我遇到了同样的问题，解决了这个问题。

In brief, 简单来说，

Install mod_remoteip . 安装mod_remoteip 。
Cloudflare sends the visitor IP in the header as CF-Connecting-IP . Cloudflare在标头中将访问者IP发送为CF-Connecting-IP 。 Get that logged instead of Cloudflare's IP. 获取该记录而不是Cloudflare的IP。
And add Cloudflare's IP ranges as trusted proxies in remoteip.conf . 并在remoteip.conf中将Cloudflare的IP范围添加为受信任的代理。