How to Fix Cloudflare 522 Connection Timed Out Error
In this tutorial, you'll learn about How to Fix Cloudflare 522 Connection Timed Out Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
The Problem
Visitors see Error 522 Connection Timed Out when accessing your site through Cloudflare, meaning Cloudflare successfully reached your origin server's network but the origin did not complete the TCP handshake in time.
Quick Fix
Check If the Origin Server Is Running
curl -I --connect-timeout 10 http://your-origin-ip:80
# curl: (28) Connection timed out after 10000 milliseconds
If a direct curl request to your origin also times out, the problem is on your server (down, overloaded, or firewalled), not Cloudflare.
Allow Cloudflare IP Ranges in the Firewall
curl -s https://www.cloudflare.com/ips-v4 | xargs -I {} sudo ufw allow from {} to any port 80,443
curl -s https://www.cloudflare.com/ips-v6 | xargs -I {} sudo ufw allow from {} to any port 80,443
sudo ufw reload
# Firewall reloaded
Cloudflare 522 often means a firewall is blocking Cloudflare's IPs. Allow all Cloudflare IP ranges (/ips-v4 and /ips-v6) on ports 80 and 443.
Increase the Cloudflare Timeout Setting
# In Cloudflare Dashboard:
# Speed > Optimization > Content Optimization
# Increase "Proxy Read Timeout" from 100s to 120s or higher
echo "Cloudflare default timeout is 100 seconds for HTTP and 30 seconds for the TCP handshake"
For slow origins, increase the Cloudflare proxy timeout. The TCP connection timeout is 30 seconds by default and cannot be changed, but the read timeout can be increased.
Check the SSL/TLS Configuration
openssl s_client -connect your-origin-ip:443 -servername yourdomain.com < /dev/null 2>/dev/null | grep -E "CONNECTED|error"
# CONNECTED(00000003)
Cloudflare 522 can also occur when SSL/TLS handshake fails. Use openssl s_client to verify the origin's SSL certificate is valid and the cipher suite is compatible.
Monitor Origin Response Times
# Install and use httping to measure response times
httping -c 10 -g http://your-origin-ip:80
# PING your-origin-ip:80 (http):
# connected to your-origin-ip:80 (154.2ms), seq=0 time=43.12 ms
# connected to your-origin-ip:80 (154.2ms), seq=1 time=38.45 ms
Use httping to measure response times from your origin server. If response times are consistently high, the origin may be overloaded or the network connection between Cloudflare and your origin may be slow.
Additional Troubleshooting
# Check the error message and stack trace for more context
echo "Review the full error output to identify the root cause"
If the above steps do not resolve the issue, examine the complete error message and stack trace. Often the key detail is in the middle of the traceback rather than the final line. Search for the error message in the project documentation or issue tracker for additional solutions.
Prevention
- Whitelist all Cloudflare IP ranges in your firewall and update them quarterly
- Monitor origin server load and upgrade resources if traffic exceeds capacity
- Set up health checks and auto-scaling so a single server failure does not cause timeouts
- Use Cloudflare's "Always Online" feature to serve a cached version during origin downtime
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro