Docs Overview/
521/522 Status Code Troubleshooting Guide/

521/522 Status Code Troubleshooting Guide

When you use Tencent Cloud EdgeOne to accelerate site access resources, the client's requests will be sent to the EdgeOne edge node, then back to the middle layer node, and finally back to the origin. Therefore, if there are issues during the access process, it may involve problems with multiple layers of network links. When EdgeOne fails to reach the origin, a 52x error will occur. This document will guide you on how to troubleshoot when encountering a 521/522 status code.
Taking the 522 status code as an example:

Definition

The 522 status code is a custom status code defined by EdgeOne, indicating that the node's request to the origin has timed out during the TCP connection stage because the origin did not respond. Thus, the node responds to the client with a 522 status code. Please refer to the list of abnormal status codes for the meanings of other status codes.


Phenomenon



Possible Causes

Issues with the origin's own services
Security policy of the origin
ISP restrictions (HTTP)

Troubleshooting Method

Initiate an HTTP/HTTPS request from a third party (not from CDN or origin) directed at the origin for testing. The third party can be a personal PC, server, monitoring platform, etc. You can use the command-line tool CURL on the server to troubleshoot.

Step 1: Confirm the Origin Configuration Information

If you have no special configurations, it is sufficient to follow the origin, protocol, and port set in "Domain Management". If you have special configurations, you can determine them as follows:
1. Origin IP: The origin IP needs to be confirmed based on the origin, origin group, load balancing, and the configuration of "Modify Origin" in the rules engine in "Domain Management".
2. Origin-pull Protocol: The origin protocol needs to be confirmed based on "Domain Management", the rules engine "Origin HTTPS", and the origin protocol in "Modify Origin".
3. Origin-pull Port: If there are no special configurations, it will be 80 or 443. If you modified the origin port in the "Modify Origin" operation in the rules engine, follow the modified one.
4. Origin-pull HOST: Default follows the acceleration domain name. If you set it in the rules engine "Host Header Rewrite" operation, the set one shall prevail.
5. Origin-pull Path: Default follows the request URL. If you modified it in the rules engine "Rewrite Origin URL" operation, the modified one shall prevail.

Step 2: Troubleshoot Issues with the Origin's Own Services

There may be issues with the origin's services, such as port not being open. Use the command-line tool telnet to send a telnet request to the origin port from the third-party platform:
telnet  [origin_ip]  [port]
Note: Ensure CURL version is above 7.21.3.
Assuming the origin uses port 80, and the origin IP is 1.1.1.1.
telnet 1.1.1.1 80
If the TCP connection is disconnected or remains in connection from the third-party platform, execute the following command on the origin to confirm whether the origin's 80 port is open:
netstat -tnlp|grep -w 80
If the TCP connection is successfully established or you found the origin port is open, proceed to Step 3.

Step 3: Troubleshoot Origin Security Policies

Possible reasons include:
1. The origin has set a firewall, and the EdgeOne return node IP is not on the IP whitelist.
Use CURL to obtain an EO-LOG-UUID, submit it to Tencent Cloud technical support, and have them check the IP of the EdgeOne return node. Verify whether the return node IP is in the origin's IP whitelist. The method to obtain the UUID is as follows:
2. The origin has set access rate limits, causing the EdgeOne return requests to be too frequent.
Directly point to the origin and initiate multiple requests concurrently to see if the failed connection or timeout phenomenon can be reproduced.

Step 4: ISP Restrictions

If all the above checks are normal, it is possible that there are restrictions from the ISP. You need to capture packets at the origin to confirm whether TCP SYN packets are received. The troubleshooting method is as follows:
Capture packets on the EdgeOne return node and the origin concurrently, and initiate a telnet request from the EdgeOne return node to the origin (to be performed by Tencent Cloud technical support). The test command is as follows:
EdgeOne return node:
telnet  [origin_ip]  [port]

# Capture packets
tcpdump -nn -s0 -i [network card] -w src_port.pacp
Origin:
tcpdump -nn -s0 -i [network card] -w src_port.pacp
By comparing the packets from the EdgeOne return node and the origin, confirm whether the SYN packets from the EdgeOne return node were received by the origin.