527 Railgun Listener to Origin Error

For requests being optimized by Railgun, any interruption or failure in the WAN connection from Railgun's sender at Cloudflare's edge and the Railgun Listener at the customer's origin will result in the following error page being displayed in the browser: 


A 527 error indicates that the connection between Cloudflare and the origin's Railgun server (rg-listener) was interrupted. This could result from a firewall block or other network incident between rg-listener and Cloudflare, such as packet loss on the line.


It may be required to increase logging for Railgun in order to troubleshoot further, and see what rg-listener is reporting.

Below are details on common scenarios where a 527 error would be presented to a user, and the associated Railgun error that would be found in the local Railgun logs. 

Common Railgun Log Errors

Connection Timeouts

If the Railgun Listener is unable to establish or complete a TCP handshake with the origin server, then the following errors would be produced within the Railgun logs for requests:

connection failed dial tcp i/o timeout
no response from origin (timeout)

LAN Timeout is Exceeded 

By default, the timeout limit for the origin server to send an HTTP response to the Listener is thirty seconds. This value is determined by the lan.timeout parameter found in the railgun.conf file. If the origin server does not respond within the specified timeout limit, then the following error would be seen in the Listener logs:

connection failed dial tcp i/o timeout

Connection Refusals

If requests from the Railgun Listener are being outright refused, then the following errors would be seen in the Railgun logs:

Error getting page: dial tcp refused

TLS/SSL Related Errors

If TLS requests fail to complete or connect to the origin server from the Railgun Listener, then the following errors could be seen within the Railgun Logs:

connection failed remote error: handshake failure 
connection failed dial tcp refused
connection failed x509: certificate is valid for example.com, not www.example.com

Submitting a Support Ticket for 527 Errors

If a support ticket is to be filed in the event further assistance is needed, please submit the following pieces of information from the Railgun Listener so that Cloudflare Support can troubleshoot further in reviewing the the Railgun configuration.

  • The railgun.conf file.
  • If internal addressing is in use for the host environment, then the railgun-nat.conf file should be submitted in the ticket.
  • Any Railgun log files that detail the errors being seen from the Listener.
Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk