Menu
I setup nginx as a reverse proxy for my apache tomcat. It works normally as I expected. However, I got confused when NGINX is always returning a 502 Bad Gateway when the Apache Tomcat server is down. Instead of returning a 504 Bad Gateway timeout?
502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server.
504 Gateway Timeout The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
keepalive_timeout 65;
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen *:80;
return 301 https://$host:443$request_uri;
}
server{
listen *:443; #Ip of client
# Specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.
client_max_body_size 1024M;
# ssl config
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
# for proxy timeout
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# not cache authorization
proxy_no_cache $http_pragma $http_authorization;
location /wss {
rewrite ^.*\/wss\/(?<api>.*) /$api break;
proxy_pass http://127.0.0.1:8071;
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 1d;
proxy_send_timeout 1d;
}
location / {
proxy_buffering off;
proxy_pass http://127.0.0.1:8071;
}
}
}
Error log when accessing:
2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
Can anyone explain why the NGINX returns a 502 HTTP error instead of a 504? Or, are there problems with my configuration?
I think, I missed. 504 only happen when NGINX can't forward request to proxied server but the proxied server doesn't response in time as NGINX expected. In my case:
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
So in case of Proxied Server is down, NGINX will respond with the HTTP error code 502, 503?
266
To check the status of Nginx, run systemctl status nginx . This command generates some useful information. As this screenshot shows, Nginx is in active (running) status, and the process ID of the Nginx instance is 8539.
The HTTP 502 - bad gateway error occurs when either: The timeout of the proxy was reached prior to the request completion. If the connection proxy > server drops. When the response from the server is invalid.
Today, we will discuss 502 Bad Gateway error on Nginx web server. The error should look like the below image. A 502 Bad Gateway error indicates that the edge server (server acting as a proxy) was not able to get a valid or any response from the origin server (also called upstream server).
Which 502 error are you getting? Is it one thrown by Cloudflare (see below), or NGINX (also see below)? The first one. Using your public IP (you don’t have to post it here), make sure you can reach NGINX from the outside internet. It doesn’t have to be the web application you want, but just verify that you can see an NGINX 404 error.
But firewalls by default block uncommon ports such as 7080, and it will result in Nginx unable to connect to Apache. Result? 502 Bad Gatewayerror.
One is running at 8080 port and the other is running at 7070 port. 8080 nginx is for web servers and 7070 nginx is for proxy purposes. The log does not appear in 7070 nginx and the log appears in 8080 nginx.
By default, the SELinux configuration does not allow NGINX to connect to a remote web, fastCGI, or other server. You can set permissive mode with setenforce 0 to check whether SELinux is to blame. If it is, All you have to do is use audit2allow to generate a set of policy rules that would allow the required actions:
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
After that, remember to enable SELinux again with setenforce 1.
For more about that, you can see this acticle.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
