I have trying to add proxy_set_header in my nginx.conf file. When I try to add proxy_pass and invoke the URL it throws 502 Bad Gateway nginx/1.11.1 error. Not sure how to resolve this error: <pre class="prettyprint"><code>upstream app-server { # connect to this socket server unix:///tmp/alpasso-wsgi.sock; # for a file socket } server { server_name <name>; listen 80 default_server; # Redirect http to https rewrite ^(.*) https://$host$1 permanent; } server { server_name <name>; listen 443 ssl default_server; recursive_error_pages on; location /azure{ proxy_pass http://app-server; } ssl on; ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; ssl_client_certificate /etc/nginx/server.crt; ssl_verify_client optional; } </code></pre>

Had similar problem with proxy_pass, if your Linux server is using SELINUX then you may want to try this. <pre class="prettyprint"><code>$ setsebool -P httpd_can_network_connect true </code></pre> Refer to Warren's answer: https://unix.stackexchange.com/questions/196907/proxy-nginx-shows-a-bad-gateway-error

<code>502</code> is sent when your upstream is not reachable. Try to switch on <code>error log</code> and you might see <code>failed to connect to upstream</code>, for this you need to check whether your <code>upstream</code> server is running or not, <code>sudo service upstream status</code>, and try to switch that on.

Nginx proxy with unix socket troubleshooting: <ol> <li>Check nginx conf:</li> </ol> <pre class="prettyprint"><code>nginx -t </code></pre> <ol start="2"> <li>Check socket:</li> </ol> <pre class="prettyprint"><code>netstat --protocol=unix -nlp | grep alpasso-wsgi.socket </code></pre> <ol start="3"> <li>Check is app working:</li> </ol> <pre class="prettyprint"><code>curl --unix-socket /tmp/alpasso-wsgi.sock http:/your-path-on-app </code></pre> (Must be html code on screen output) <ol start="4"> <li> If not, check your app. If yes: </li> <li> Check nginx error log </li> </ol> <pre class="prettyprint"><code>sudo tail -f /var/log/nginx/error.log </code></pre> <ol start="6"> <li>In case you get a nginx permissions error, check nginx user rights for socket:</li> </ol> Determine which username nginx use: <pre class="prettyprint"><code>ps aux | grep nginx </code></pre> And, for example, if nginx user is www-data, give to www-data user required rights. Add www-data user to required group: <pre class="prettyprint"><code>sudo usermod -a -G your-socket-file-group www-data </code></pre> and check permissions of a socket file, or use ACL: <pre class="prettyprint"><code>sudo setfacl -R -m u:www-data:rwX /path-to-your-unix-socket sudo setfacl -Rd -m u:www-data:rwX /path-to-your-unix-socket </code></pre> <ol start="7"> <li>Im my opinion, ACL is better for security. Because you give rights to nginx only to one file, not for all files which belongs to group.</li> </ol>

How to resolve Nginx "proxy_pass 502 Bad Gateway" error

Tags:

nginx

x509certificatevalidator

I have trying to add proxy_set_header in my nginx.conf file. When I try to add proxy_pass and invoke the URL it throws 502 Bad Gateway nginx/1.11.1 error.

Not sure how to resolve this error:

upstream app-server {
    # connect to this socket
    server unix:///tmp/alpasso-wsgi.sock;    # for a file socket
}

server {
    server_name <name>;

    listen 80 default_server;

    # Redirect http to https
    rewrite ^(.*) https://$host$1 permanent;
}

server {
    server_name <name>;

    listen 443 ssl default_server;

    recursive_error_pages on;

    location /azure{
        proxy_pass http://app-server;
    }

    ssl on;
    ssl_certificate      /etc/nginx/server.crt;
    ssl_certificate_key  /etc/nginx/server.key;
    ssl_client_certificate /etc/nginx/server.crt;
    ssl_verify_client optional;
}

794

asked Aug 27 '16 16:08

user601367

3 Answers

Had similar problem with proxy_pass, if your Linux server is using SELINUX then you may want to try this.

$ setsebool -P httpd_can_network_connect true

Refer to Warren's answer: https://unix.stackexchange.com/questions/196907/proxy-nginx-shows-a-bad-gateway-error

answered Sep 20 '22 19:09

onionring

502 is sent when your upstream is not reachable.

Try to switch on error log and you might see failed to connect to upstream, for this you need to check whether your upstream server is running or not, sudo service upstream status, and try to switch that on.

answered Sep 21 '22 19:09

Satys

Nginx proxy with unix socket troubleshooting:

Check nginx conf:

nginx -t

Check socket:

netstat --protocol=unix -nlp | grep alpasso-wsgi.socket

Check is app working:

curl --unix-socket /tmp/alpasso-wsgi.sock http:/your-path-on-app

(Must be html code on screen output)

If not, check your app. If yes:
Check nginx error log

sudo tail -f /var/log/nginx/error.log

In case you get a nginx permissions error, check nginx user rights for socket:

Determine which username nginx use:

ps aux | grep nginx

And, for example, if nginx user is www-data, give to www-data user required rights. Add www-data user to required group:

sudo usermod -a -G your-socket-file-group www-data

and check permissions of a socket file, or use ACL:

sudo setfacl -R -m u:www-data:rwX /path-to-your-unix-socket
sudo setfacl -Rd -m u:www-data:rwX /path-to-your-unix-socket

Im my opinion, ACL is better for security. Because you give rights to nginx only to one file, not for all files which belongs to group.

answered Sep 21 '22 19:09

Ramil Yabbarov

Related questions
                            
                                Nginx won't start, says "could not build test test_types_hash"
                            
                                No environment variables are available via PHP-fpm+nginx
                            
                                Homestead 502 Bad Gateway instead of Whoops for PHP errors
                            
                                Issue with docker compose: container command not found
                            
                                How can I set a range of remote IP addresses without passing a list?
                            
                                How to serve static content with Nginx and Django Gunicorn when using Traefik
                            
                                Laravel Valet logs
                            
                                Basic authentication via nginx ingress controller
                            
                                Error: getaddrinfo ENOTFOUND ingress-nginx.ingress-nginx-controller.svc.cluster.local
                            
                                Should I user Apache or Nginx & Passenger or Mongrel for my Rails application
                            
                                uwsgi + python + nginx + willy nilly file execution
                            
                                Nginx services fails for cross-domain requests if the service returns error
                            
                                nginx+uWSGI: dynamic vs emperor mode
                            
                                200 response on Nginx 404 error page
                            
                                nginx + nodejs configuration
                            
                                Nginx and Flask-socketio Websockets: Alive but not Messaging?
                            
                                Share Nginx server configuration
                            
                                Nginx does not serve image ( 403 - forbidden error )
                            
                                Empty logging with Django, Nginx, Gunicorn and supervisor
                            
                                Gitlab behind Nginx and HTTPS -> insecure or bad gateway

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With