
1. Introduction
Cloudflare Error 521 (“Web server is down” / “Can’t connect to host”) means Cloudflare cannot reach your Ubuntu origin server. In this Ubuntu-focused guide you’ll learn why it happens, how Cloudflare’s network interacts with your server, and step-by-step fixes to restore access quickly.
2. Understanding Error 521
Cloudflare proxies traffic to your server for speed & security. A 521 indicates Cloudflare’s edge servers failed to get any response. Possible culprits include your server being offline, services (web, DB, cache) down, firewall rules blocking ports 80/443, or network/DNS issues.
3. Common Causes
- Server Offline: Hardware, provider outage, or maintenance.
- Web Service Down: Apache/Nginx crashed or misconfigured.
- Database Down: MySQL/PostgreSQL service unavailable.
- Port Blocked: UFW/iptable rules blocking HTTP(S) traffic.
- HTTP Errors: 500-series errors preventing connections.
- Cache/Proxy Down: Redis, Memcache, or Varnish offline.
- Network/DNS Issues: ISP/DNS mis-routing or DNS record errors.
- Unskilled Changes: Incorrect tweaks by inexperienced staff.
4. Quick Fixes & Basic Checks
4.1 Check Server Uptime & Connectivity
SSH in or ping your server’s IP, then:
curl -I http://YOUR_SERVER_IP
If no headers return, the issue is local to your server.
4.2 Whitelist Cloudflare IPs
Cloudflare publishes its IP ranges—allow them in UFW:
sudo ufw allow from CLOUDFLARE_IP to any port 80
sudo ufw allow from CLOUDFLARE_IP to any port 443
4.3 Inspect Web Server Logs
Check `/var/log/apache2/error.log` or `/var/log/nginx/error.log` for crash or permission errors.
4.4 Restart Apache/Nginx
sudo systemctl restart apache2
# or
sudo systemctl restart nginx
5. Advanced Troubleshooting
5.1 Monitor Resources
top
htop
High load can starve services—consider scaling or tuning.
5.2 Tune MySQL & Web Server
- max_allowed_packet: in `/etc/mysql/my.cnf`
- innodb_buffer_pool_size: increase to cache more data
Tip: These require Linux/MySQL expertise—consider Private DevOps for help.
5.3 Validate DNS & SSL
Ensure A/AAAA records point correctly and that your SSL cert is valid. Use Cloudflare’s diagnostic page for guidance.
5.4 Contact Your Host
If all else fails, your provider can diagnose network or virtualization layer issues.
6. Preventing Future Issues
- Automated Backups: Regular snapshots of files & DB.
- Firewall Hardening: Keep UFW rules lean and up-to-date.
- Pro Maintenance: Ongoing care from experts like Private DevOps.
- Performance Monitoring: Use Nagios/Zabbix for real-time alerts.
- Timely Updates: Patch Ubuntu, Apache/Nginx, MySQL, and other services promptly.
7. Wrap-Up
Error 521 can be frustrating, but with systematic checks—verifying uptime, whitelisting Cloudflare, examining logs, and tuning your stack—you’ll restore access quickly. For mission-critical sites, a managed support plan from Private DevOps ensures your Ubuntu servers stay online, performant, and secure.
Need Expert Help?
We’re here to support you and manage your tasks.