521 error using NGINX proxy manager and cloudflare

Go to solution Solved by dswede43,

Recommended Posts



Tried posting this on the cloudflare community but it wouldn't let me as "you can't include links in your posts" for some reason, even though I had no links. So here I am posting this here instead.


My domain name is stratz.me. I am trying to create various subdomains to connect to my docker container GUIs over the internet via a secure encrypted connection. However, I keep getting 521 errors when trying to connect through https.


My server is running unraid OS, reverse proxy is NGINX proxy manager with an origin certificate from cloudflare added to it, my router has port 80/443 forwarded to 180/1443 respectively (HTTP/HTTPS ports of NGINX proxy manager), and cloudflare SSL is set to full (strict).


I have 2 questions:
1. My DNS records are shown below:


The 1st A record points to my public IP and the 2nd points to the local IP of my unraid server, then I have a CNAME for my jellyfin docker that points to a duckdns domain, which points to my public IP. Could someone tell me if this is correct?


2. I came across another post with a similar issue as me and mentioned adding cloudflare iptables to the server to fix the issue, which included a link to some commands to do this as shown below:


# For IPv4 addresses
iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
# For IPv6 addresses
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT


However, I'm confused as to where I run these commands? Do I open up the command prompt within my unraid server or SSH into the server? Some clarification here would be nice as I am not an experienced linux user.

Also of note, when I unproxy my jellyfin CNAME on cloudflare, I no longer get a 521 error but instead get the error code "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". Not sure if this helps but I thought I'd add this detail in regardless.


Lastly, here are my results when testing my URL on the cloudflare diagnostics center.
DNS results:


HTTP results:


SSL results:


Please guide me as this is my first server I've ever built.


Thank you

Link to comment
  • 1 month later...
  • Solution

So I never figured it out in the method I described above. But I did find a different method that achieved the same result successfully using Cloudflare tunnels. Following Ibracorps tutorial (https://docs.ibracorp.io/cloudflare-tunnel/) allowed me to reverse proxy all my docker services with an SSL certificate without any port forwards and according to Ibracorp, Cloudflare tunnelling is a faster and more secure method for self-hosting on the internet.


Hope this helps you out and let me know if you have anymore questions

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.