502 Bad Gateway when redirecting on nginx

Question

I have a problem with nginx redirection. I work on nginx 1.4.4 and i have two seperate redirects. It should work two ways: First redirect: Address address1.com redirects to address address2.com -> Address address2.com redirects to addres2.com:1234 where the application resides.

Second redirect is directly from ddress2.com: - address2.com redirects to address2.com:1234

Now the problem: - Redirect from address1.com to address2.com works, but address2.com to address2.com:port doesn't. It ends with 502 Bad Gateway error. Configs and

errors from log are presented below: Information from error.log:

[error] : *386 connect() failed (111: Connection refused) while connecting to upstream, client: {client ip addr}, server:{server name}, request: 

"GET / HTTP/1.1", upstream: "https://127.0.0.1:{port}", host: "{server name}"

Nginx uses many .conf files stored in conf.d location.

address1.conf (This works):

server {
    ### server port and name ###
    listen          {ip_addr}:443;
    ssl             on;
    server_name     address1.com;

    access_log      /var/log/nginx/address1.log;
    error_log       /var/log/nginx/address1-error.log;

   ssl_certificate      /etc/httpd/ssl/servercert.crt;
   ssl_certificate_key  /etc/httpd/ssl/private/serverkey.key;

    location / {
    rewrite ^ $scheme://address2.com redirect;
}}

address2.com conf file (This doesn't):

server {
    ### server port and name ###
    listen          {ip_addr}:443;
    ssl             on;
    server_name     address2.com;

    access_log      /var/log/nginx/address2.log;
    error_log       /var/log/nginx/address2-error.log;

    ssl_certificate      /etc/httpd/ssl/servercert.crt;
    ssl_certificate_key  /etc/httpd/ssl/private/serverkey.key;

    proxy_read_timeout   180;

    location / {

            proxy_pass https://127.0.0.1:{port};
            proxy_redirect off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Ssl  on;
            proxy_set_header   X-Forwarded-Protocol $scheme;
            proxy_set_header   X-Forwarded-HTTPS on;
  }}

Funny thing is that I have another application working on the scheme addr3.com -> addr3.com:port and redirection works just perfect. The only

difference between address2.conf and address3.conf is port on which applications work. Each address uses https, Port 443 is open on the firewall.

Hope my description is detailed enough, if not just let me know. I've been struggling with this problem for couple of days and haven't found any tips or solutions suitable for me.

I'd appreciate any help.

Answer 1

The problem might be with SELinux. Check to see if it running with sestatus. Since some forwarding is working for you, this command might be redundant, but others might require it:

sudo setsebool -P httpd_can_network_connect 1

To enable forwaring for specific ports, which might be your problem, run this command:

sudo semanage port -a -t http_port_t -p tcp 8088

Replace 8088 with the port in question.

The command semanage might not be found. How you install it is distro dependent, but you can most likely google for a solution to that.