{"id":2738,"date":"2019-10-23T11:08:49","date_gmt":"2019-10-23T03:08:49","guid":{"rendered":"https:\/\/www.mondoze.com\/guide\/?post_type=kb&p=2738"},"modified":"2022-10-05T08:01:59","modified_gmt":"2022-10-05T00:01:59","slug":"527-railgun-listener-to-origin-error","status":"publish","type":"kb","link":"https:\/\/www.mondoze.com\/guide\/kb\/527-railgun-listener-to-origin-error","title":{"rendered":"527 Railgun Listener to Origin Error"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

527 Railgun Listener to Origin<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
For requests being optimized by Railgun, any interruption or failure in the WAN connection from Railgun’s sender. At Cloudflare’s edge and the Railgun Listener at the customer’s. Origin will result in the following error page being displayed in the browser:

\"\"<\/p>

A 527 error indicates that the connection between Cloudflare and the origin’s Railgun server (rg-listener) was interrupted. This could result from a firewall block or other network incident between rg-listener and Cloudflare. Such as packet loss on the line.<\/p>

It may be required to\u00a0increase logging for Railgun\u00a0in order to troubleshoot further, and see what rg-listener is reporting.<\/p>

Below are details on common scenarios where a 527 error would be presented to a user, and the associated.\u00a0 Railgun error that would be found in the local Railgun logs.<\/p>

Common Railgun Log Errors<\/strong><\/h3>

Connection Timeouts<\/strong><\/h4>

If the Railgun Listener is unable to establish or complete a TCP handshake with the origin server. Then the following errors would be produced within the Railgun logs for requests:<\/p>

connection failed 0.0.0.0:443\/example.com: dial tcp 0.0.0.0:443: i\/o timeout<\/p>

no response from origin (timeout) 0.0.0.0:80\/example.com<\/p>

*What to do if connection timeouts are seen: If these errors are being seen. Then it is recommended to confirm and test if the server hosting the Listener is able to connect to the origin directly.<\/p>

This can be done by using commands like\u00a0cURL<\/code>,\u00a0ping<\/code>,\u00a0nc<\/code>, or running\u00a0traceroute<\/code>\/mtr<\/code>\u00a0against the web server’s source IP.<\/p>

Some example commands would be:<\/p>

curl -svo \/dev\/null –resolve example.com:PORT:SERVERIP ‘http[s]:\/\/example.com\/’<\/p>

This cURL would need to be run on port 80 for HTTP and port 443 for HTTPS tests. Depending on the protocol used for the expected traffic.<\/p>

ping SERVERIP<\/strong><\/h4>

nc -vz SERVERIP PORT<\/p>

Using\u00a0ping<\/code>\u00a0or\u00a0nc<\/code>\u00a0is helpful to confirm the web server’s ports are open and accepting traffic from the Listener.<\/p>

This will help determine if the connection is being accepted from the site’s origin server. Or if an issue is present that is impacting the webserver from accepting requests.<\/p>

If a problem at the webserver can be confirmed, then next steps would be to contact. The host provider to assist in resolving the issue local to the origin server.<\/p>

LAN Timeout is Exceeded\u00a0<\/strong><\/h4>

By default, the timeout limit for the origin server to send an HTTP response to the Listener is thirty seconds. This value is determined by the\u00a0lan.timeout<\/code>\u00a0parameter found in the\u00a0railgun.conf<\/code> file. If the origin server does not respond within the specified timeout limit. Then the following error would be seen in the Listener logs:<\/p>

connection failed 0.0.0.0:443\/example.com: dial tcp 0.0.0.0:443: i\/o timeout<\/p>

*What to do when the LAN timeout limit is exceeded:<\/p>

It is advised to either increase the timeout limit. Or review the webserver configuration as to why the origin is taking a long time to respond to requests from the Listener. In most scenarios, it is also helpful to check the current load\/bandwidth received on the webserver to confirm. If the server is overloaded and unable to respond efficiently for requests.<\/p>

Connection Refusals<\/strong><\/h4>

If requests from the Railgun Listener are being outright refused, then the following errors would be seen in the Railgun logs:<\/p>

Error getting page: dial tcp 0.0.0.0:80:connection refused<\/p>

*What to do if requests are being refused:<\/p>

If these errors are being observed, then next steps would be to ensure the Listener’s server IP is whitelisted from the origin server’s access control settings (such as\u00a0IPtables<\/code>\u00a0or\u00a0Fail2ban<\/code>\u00a0rules).<\/p>

TLS\/SSL Related Errors<\/strong><\/h4>

If TLS requests fail to complete or connect to the origin server from the Railgun Listener, then the following errors could be seen within the Railgun Logs:<\/p>

0.0.0.0:443\/example.com: remote error : handshake failure<\/p>

0.0.0.0:443\/example.com: dial tcp 0.0.0.0:443 : connection refused<\/p>

127.0.0.1:443\/www.example.com: x509 : certificate is valid for example.com, not www.example.com<\/p>

*How to doif HTTPS requests are failing:If any TLS\/SSL errors are being seen in the logs, then the following checks should be conducted on the origin server:<\/p>