My website is hosted at digitalocean droplet. I use ssh to access the VM. Website uses Cloudflare for CDN. I notice the website is inaccessible via web browser (522 error) and denied new ssh sessions few days ago. I have another PC with an existing ssh session to the droplet. (The PC never shutdown for troubleshooting purposes) I had to stop the firewall (# systemctl stop firewalld) then the website is up and running, and able to access ssh from new session.
After web and ssh is up, I turn on the firewall (# systemctl start firewalld) but the disconnection happenes again after few hours, I had to disable the firewall and it will work again. This just started one month ago. Please help on this.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Heya, @dannyaung
On top of what’s already mentioned there might be a limit to the max concurrent connections to the server, also the already established connections are likely to not be affected by the firewall change until the ssh daemon is restarted.
Hope that this helps!
Heya @dannyaung,
This means the issue is with your firewall. Additionally, the 522 error typically indicates that Cloudflare is unable to establish a TCP connection to your server, which can be caused by a firewall blocking the necessary ports.
When
firewalld
is running, you should check the existing firewall rules to ensure they’re correctly set up to allow HTTP/HTTPS traffic (ports 80 and 443) and SSH traffic (port 22 by default).firewalld
to allow traffic from these IPs.