Error 525?

Here is my website: bakaxtex.tk
server.xtexx.ml(101.33.232.80) is its origin site.( https://101.33.232.80/gotify/ is accessible)

I could not access my website through CF and I got Error 525.

I have to enable SSL for the origin site for some reasons. The cert for the origin is the origin cert from CF.

These are my nginx configuration:

        listen       80 http2 default_server;
        listen       [::]:80 http2 default_server;
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _ *.bakaxtex.tk bakaxtex.tk all server.xtexx.ml xtexserver;
        ssl_certificate "/etc/nginx/cf_origin.pem";
        ssl_certificate_key "/etc/nginx/cf_origin.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_buffer_size 4k;
        ssl_client_certificate '/etc/nginx/cf_authenticated_origin_pull_ca.pem';
        #ssl_verify_client on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

I tried “Full” and “Full(strict)”, but neither of them works.

Here are some pieces of error.log from nginx:

2022/03/27 15:21:35 [debug] 49488#0: epoll: fd:10 ev:0001 d:00007FCC261D61E0
2022/03/27 15:21:35 [debug] 49488#0: accept on 0.0.0.0:443, ready: 0
2022/03/27 15:21:35 [debug] 49488#0: posix_memalign: 000055E522ACDE60:512 @16
2022/03/27 15:21:35 [debug] 49488#0: *3 accept: 172.68.254.20:27056 fd:3
2022/03/27 15:21:35 [debug] 49488#0: *3 event timer add: 3: 60000:8538700
2022/03/27 15:21:35 [debug] 49488#0: *3 reusable connection: 1
2022/03/27 15:21:35 [debug] 49488#0: *3 epoll add event: fd:3 op:1 ev:80002001
2022/03/27 15:21:35 [debug] 49488#0: timer delta: 106
2022/03/27 15:21:35 [debug] 49488#0: worker cycle
2022/03/27 15:21:35 [debug] 49488#0: epoll timer: 60000
2022/03/27 15:21:35 [debug] 49488#0: epoll: fd:3 ev:2019 d:00007FCC261D6580
2022/03/27 15:21:35 [debug] 49488#0: epoll_wait() error on fd:3 ev:2019
2022/03/27 15:21:35 [debug] 49488#0: *3 http check ssl handshake
2022/03/27 15:21:35 [debug] 49488#0: *3 http recv(): 1
2022/03/27 15:21:35 [debug] 49488#0: *3 https ssl handshake: 0x16
2022/03/27 15:21:35 [debug] 49488#0: *3 tcp_nodelay
2022/03/27 15:21:35 [debug] 49488#0: *3 ssl get session: B9169EA7:32
2022/03/27 15:21:35 [debug] 49488#0: shmtx lock
2022/03/27 15:21:35 [debug] 49488#0: shmtx unlock
2022/03/27 15:21:35 [debug] 49488#0: *3 SSL server name: "bakaxtex.tk"
2022/03/27 15:21:35 [debug] 49488#0: *3 SSL ALPN supported by client: h2
2022/03/27 15:21:35 [debug] 49488#0: *3 SSL ALPN supported by client: http/1.1
2022/03/27 15:21:35 [debug] 49488#0: *3 SSL ALPN selected: h2
2022/03/27 15:21:35 [debug] 49488#0: *3 SSL_do_handshake: -1
2022/03/27 15:21:35 [debug] 49488#0: *3 SSL_get_error: 5
2022/03/27 15:21:35 [info] 49488#0: *3 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 172.68.254.20, server: 0.0.0.0:443
2022/03/27 15:21:35 [debug] 49488#0: *3 close http connection: 3
2022/03/27 15:21:35 [debug] 49488#0: *3 event timer del: 3: 8538700
2022/03/27 15:21:35 [debug] 49488#0: *3 reusable connection: 0
2022/03/27 15:21:35 [debug] 49488#0: *3 free: 000055E522ACDE60, unused: 149
2022/03/27 15:21:35 [debug] 49488#0: timer delta: 0
2022/03/27 15:21:35 [debug] 49488#0: worker cycle
2022/03/27 15:21:35 [debug] 49488#0: epoll timer: -1

It always shows peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 172.68.254.20, server: 0.0.0.0:443 for each connection but I do not know how to solve it.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.