How To: Whitelist CloudFlare IPs

Question

When trying to setup Cloudflare DNS for SSL for my DigitalOcean Ubuntu server, I received a “Error 521” and started troubleshooting.

I found this article: https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

And followed the steps until saving. Since there was no change, when I tested https://MyDomain.com, I didn’t bother saving the iptable entries.

Is there something I’m missing here??

Answer 1

IcyApril July 18, 2016

MDS nailed it in the comment section, essentially when your are getting a 521 error on SSL requests, but non-SSL requests work fine; it usually indicates one of two things:

Your web server is not set-up to receive SSL connections.
Your firewall is blocking connections over SSL.

This behaviour can occur in Full and Full (Strict) mode, but not Flexible as the connection will be in plain-text HTTP.

If your web server is not configured to receive SSL connections, you will need to add this configuration before using Full or Full (Strict), however if it is configured you will instead need to whitelist port 443 on your server.

In IP Tables it is possible to open up port 443 as follows:

iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

The next step would be to whitelist CloudFlare’s IPs, there is a guide on how to whitelist CloudFlare IPs in IPTables.

Reply Report

Related

Question

How To: Whitelist CloudFlare IPs

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

How To: Whitelist CloudFlare IPs

Related

Leave a comment

Related

question

Why are snapshots so slow

question

my site i down please see http://www.cheri3a.com/

question

Can you clone your instance

question

Why is my droplet stuck at "creating"? it has been hours now :(

Looking for something else?