Getting ConnectionResetError when Cloudflare is on

Website, Application, Performance Security
1

Hi! For the past 2 days I’ve been constantly getting ConnectionResetError when trying to reach my site from curl/7.81.0 and python-requests-2.28.1. I’ve been running this sever for almost a year now and never encountered something like this.

I use https://github.com/linuxserver/docker-swag, which comes with nginx 1.17.7 and OpenSSL 1.1.1k.
My ssl.conf https://github.com/linuxserver/docker-baseimage-alpine-nginx/blob/master/root/defaults/nginx/ssl.conf.sample

What I tried and failed:

  • Changing my DNS servers.
  • Recreated SSL certificates twice using certbot’s cloudlfare plugin https://github.com/certbot/certbot/tree/master/certbot-dns-cloudflare. One with Zone API key and other with Global Key.
  • Changed SSL encryption mode to all the levels.
  • Changed TLS versions.
  • Turning off TLS v1.3.

Is there something else I can try to fix this?

The only thing that works is pausing Cloudflare. I have not set any rate limiting. I have a firewall rule to allow everything coming from my IP. Are there any other limits that I am probably hitting?

python-requests traceback:
Python version: 3.11.1
Windows 10 21H2 Build 19044.2364

Traceback (most recent call last):
  File "site-packages\urllib3\connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "site-packages\urllib3\connection.py", line 414, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\util\ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\util\ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python311\Lib\ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python311\Lib\ssl.py", line 1075, in _create
    self.do_handshake()
  File "C:\Program Files\Python311\Lib\ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "site-packages\requests\adapters.py", line 489, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "site-packages\urllib3\connectionpool.py", line 787, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\util\retry.py", line 550, in increment
    raise six.reraise(type(error), error, _stacktrace)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\packages\six.py", line 769, in reraise
    raise value.with_traceback(tb)
  File "site-packages\urllib3\connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "site-packages\urllib3\connection.py", line 414, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\util\ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\urllib3\util\ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python311\Lib\ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python311\Lib\ssl.py", line 1075, in _create
    self.do_handshake()
  File "C:\Program Files\Python311\Lib\ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "test.py", line 4, in <module>
    sender = requests.get("https://my_site")
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\requests_debugger\requests_debugger.py", line 126, in logger
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\requests\api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\requests\api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\requests\sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\requests\sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages\requests\adapters.py", line 547, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None))

Process finished with exit code 1

curl error:

$ uname -a 

Linux odin 5.15.0-1021-raspi #23-Ubuntu SMP PREEMPT Fri Nov 25 15:27:43 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

* Connected to my_site (104.21.41.83) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: Connection reset by peer in connection to my_site:443
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
* TLSv1.0 (OUT), TLS header, Unknown (21):
} [5 bytes data]
* TLSv1.3 (OUT), TLS alert, decode error (562):
} [2 bytes data]
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to my_site:443

I hve been trying to fix this since it started happening but got no where. I desperately need some help.

4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.