Skip to content

How to Fix Cloudflare 522 Connection Timed Out Error

DodaTech 2 min read

In this tutorial, you'll learn about How to Fix Cloudflare 522 Connection Timed Out Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

The Problem

Visitors see Error 522 Connection Timed Out when accessing your site through Cloudflare, meaning Cloudflare successfully reached your origin server's network but the origin did not complete the TCP handshake in time.

Quick Fix

Check If the Origin Server Is Running

curl -I --connect-timeout 10 http://your-origin-ip:80
# curl: (28) Connection timed out after 10000 milliseconds

If a direct curl request to your origin also times out, the problem is on your server (down, overloaded, or firewalled), not Cloudflare.

Allow Cloudflare IP Ranges in the Firewall

curl -s https://www.cloudflare.com/ips-v4 | xargs -I {} sudo ufw allow from {} to any port 80,443
curl -s https://www.cloudflare.com/ips-v6 | xargs -I {} sudo ufw allow from {} to any port 80,443
sudo ufw reload
# Firewall reloaded

Cloudflare 522 often means a firewall is blocking Cloudflare's IPs. Allow all Cloudflare IP ranges (/ips-v4 and /ips-v6) on ports 80 and 443.

Increase the Cloudflare Timeout Setting

# In Cloudflare Dashboard:
# Speed > Optimization > Content Optimization
# Increase "Proxy Read Timeout" from 100s to 120s or higher
echo "Cloudflare default timeout is 100 seconds for HTTP and 30 seconds for the TCP handshake"

For slow origins, increase the Cloudflare proxy timeout. The TCP connection timeout is 30 seconds by default and cannot be changed, but the read timeout can be increased.

Check the SSL/TLS Configuration

openssl s_client -connect your-origin-ip:443 -servername yourdomain.com < /dev/null 2>/dev/null | grep -E "CONNECTED|error"
# CONNECTED(00000003)

Cloudflare 522 can also occur when SSL/TLS handshake fails. Use openssl s_client to verify the origin's SSL certificate is valid and the cipher suite is compatible.

Monitor Origin Response Times

# Install and use httping to measure response times
httping -c 10 -g http://your-origin-ip:80
# PING your-origin-ip:80 (http):
# connected to your-origin-ip:80 (154.2ms), seq=0 time=43.12 ms
# connected to your-origin-ip:80 (154.2ms), seq=1 time=38.45 ms

Use httping to measure response times from your origin server. If response times are consistently high, the origin may be overloaded or the network connection between Cloudflare and your origin may be slow.

Additional Troubleshooting

# Check the error message and stack trace for more context
echo "Review the full error output to identify the root cause"

If the above steps do not resolve the issue, examine the complete error message and stack trace. Often the key detail is in the middle of the traceback rather than the final line. Search for the error message in the project documentation or issue tracker for additional solutions.

Prevention

  • Whitelist all Cloudflare IP ranges in your firewall and update them quarterly
  • Monitor origin server load and upgrade resources if traffic exceeds capacity
  • Set up health checks and auto-scaling so a single server failure does not cause timeouts
  • Use Cloudflare's "Always Online" feature to serve a cached version during origin downtime

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro