502 Bad Gateway using Cloudflare and Kestrel

Sam Hobbs Sam at SimpleSamples.info
Mon Sep 4 04:57:54 UTC 2023 

I hope I can at  least get help diagnosing this.

I have an ASP.Net Core application in a Ubuntu headless VM (DigitalOcean 
Droplet) using a page TLD (therefore I must use SSL) using Cloudflare. 
When I execute it using:
dotnet domain.page.dll --launch-profile https
Then use:

curl -k https://127.0.0.1:5443

(the address that Kestrel is listening to) I get a page that I am 
expecting. Therefore Kestrel and the application seem to be working. 
Cloudflare is managing the domain name and I have a Cloudflare 
certificate in the appsettings.json file. I hope that since Kestrel is 
working it has accepted the certificate.

When I browse to the domain from another system (over the internet) 
Cloudflare is saying 502 Bad Gateway and that the problem is in the 
server.  Is there a log somewhere showing the incoming request and more 
details of the error?

The following is my server block.

server {
         listen 443 ssl;
         listen [::]:443 ssl;

         #ssl_client_certificate /etc/ssl/cloudflare.crt;

         ssl_certificate        /etc/ssl/domain.crt;
         ssl_certificate_key    /etc/ssl/domain.pem;
         server_name domain.page *.domain.page;

         location / {
                 proxy_passhttp://127.0.0.1:5443;
                 proxy_http_version 1.1;
                 proxy_set_header   Upgrade $http_upgrade;
                 proxy_set_header   Connection keep-alive;
                 proxy_set_header   Host $host;
                 proxy_cache_bypass $http_upgrade;
                 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header   X-Forwarded-Proto $scheme;
         }
}


I get the same results if I uncomment the ssl_client_certificate.

Is there a way to determine with relative certainty that the 502 is 
caused by something in nginx and not Cloudflare or Kestrel or the 
application? Is there a way to get more details? If someone knows how to 
fix the problem regardless of where and why it is happening then that 
would be great help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230903/861ae917/attachment.htm>

More information about the nginx mailing list