Recently I hit a 521 error from Cloudflare even though my server was running. Here’s the step-by-step process that solved it.
1️⃣ Check Nginx Status
sudo systemctl status nginxI found:
[emerg] host not found in upstream "ip-10-0-0-25.internal"This means Nginx could not resolve the upstream host in its config.
2️⃣ Locate the Problem Config
sudo nano /etc/nginx/sites-enabled/example-site.confInside I had:
proxy_pass http://ip-10-0-0-25.internal:3000;The hostname was not resolvable.
3️⃣ Replace With a Private IP or Stable DNS
Find the backend’s private IP (example):
hostname -I
# → 10.0.1.42Update the config:
proxy_pass http://10.0.1.42:3000;Save and exit (Ctrl+X, Y, Enter).
4️⃣ Test and Reload
sudo nginx -t
sudo systemctl restart nginx🔑 Tips
- Use Elastic IP or a private DNS name if the backend instance’s private IP might change.
- Keep your firewall/security group rules tight: allow port 3000 only from the Nginx proxy server.
- Always run
nginx -tbefore reloading to catch syntax errors.
💡 Summary
A 521 error often means Cloudflare can’t reach your origin.
In my case the root cause was an invalid hostname in the Nginx proxy_pass.
Switching to a valid private IP (or a resolvable internal DNS name) fixed it immediately.
Donate Now