502 Bad Gateway in nginx/1.4.6 (Ubuntu14 Digital Ocean) - nginx

I'm install PHP7.0, Nginx1.4.6 and configured as below but I got many errors.
sudo nano /etc/php/7.0/fpm/pool.d/www.conf
#listen = /run/php/php7.0-fpm.sock
#listen = /var/run/php/php7.0-fpm.sock
listen = 127.0.0.1:9000
user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
server {
# listen 80 default_server;
listen 80;
listen [::]:80 default_server ipv6only=on;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Let see the Log:
2017/01/26 03:33:54 [error] 2976#0: *8 connect() failed (111: Connection refused) while connecting to upstream, client: 96.9.77.42, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "128.199.133.1$
2017/01/26 03:33:55 [error] 2976#0: *8 connect() failed (111: Connection refused) while connecting to upstream, client: 96.9.77.42, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "128.199.133.1$
2017/01/26 03:33:55 [error] 2976#0: *8 connect() failed (111: Connection refused) while connecting to upstream, client: 96.9.77.42, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "128.199.133.1$

you may need to set listen.allowed_clients to 127.0.0.1 & comment group & user sections
# only localhost can connect to PHP-FPM
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
# listen.owner = www-data
# listen.group = www-data
then restart php-fpm service, check if it is running on port 9000

Related

Facing issue with nginx proxy_pass

I want to do proxy_pass for
https://atmvpn.appdomain.cloud/sft-ui/sft/api/orgs/v1/org in such a way that should be
https://dev.apnat.net/sft/api/orgs/v1/orgso while proxy_pass we need to remove sft-ui so I add below location in nginx.conf file
`location /sft-ui/sft/api {
access_log off;
rewrite ^/sft-ui/(.*) /$1 break;
proxy_pass <%= ENV["AMS_DOMAIN"] %>;
}`
I have set AMS_DOMAIN as environment variable. But when I hit https://atmvpn.appdomain.cloud/sft-ui/sft/api/orgs/v1/org in browser I get error "502 Bad Gateway".
in Logs of openshift pod I can see:
2020/06/05 07:06:46 [error] 11#11: *1 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 172.30.96.141, server: , request: "GET /sft-ui/sft/api/orgs/v1/org HTTP/1.1", upstream: "https://104.18.12.180:443/sft/api/orgs/v1/org", host: "atmvpn.appdomain.cloud"
2020/06/05 07:06:46 [warn] 11#11: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 172.30.96.141, server: , request: "GET /sft-ui/sft/api/orgs/v1/org HTTP/1.1", upstream: "https://104.18.12.180:443/sft/api/orgs/v1/org", host: "atmvpn.appdomain.cloud"
Just adding proxy_ssl_server_name on; its resolved
location /sft-ui/sft/api {
access_log off;
rewrite ^/sft-ui/(.*) /$1 break;
proxy_pass <%= ENV["AMS_DOMAIN"] %>;
#By setting to "on" can proxy to upstream hosts using SNI
proxy_ssl_server_name on;
}

nginx location proxy shows not found

I have a VPS and NGINX on it and I am trying run a flask app and I want address of flask app be something like site.com/flask but location doesnt work for that, it only runs main Address site.com
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/bot.itarashe.zone/cert.pem ;
ssl_certificate_key /etc/letsencrypt/live/bot.itarashe.zone/privkey.pem ;
ssl_trusted_certificate /etc/letsencrypt/live/bot.itarashe.zone/chain.pem ;
server_name bot.itarashe.zone www.bot.itarashe.zone ;
location = ~^/flask/ {
include proxy_params;
proxy_pass http://unix:/home/saeb/py/flask/myproject/myproject.sock;
}
location / {}
}
but if I remove ~^/flask
it works in main address
ssl_certificate /etc/letsencrypt/live/bot.itarashe.zone/cert.pem ;
ssl_certificate_key /etc/letsencrypt/live/bot.itarashe.zone/privkey.pem ;
ssl_trusted_certificate /etc/letsencrypt/live/bot.itarashe.zone/chain.pem ;
server_name bot.itarashe.zone www.bot.itarashe.zone ;
location / {
include proxy_params;
proxy_pass http://unix:/home/saeb/py/flask/myproject/myproject.sock;
}
}
I tried
location /flask {}
location /flask/ {}
location ~^/flask {}
location = ...
none of them didnt work,
access log is:
104.244.78.207 - - [27/Sep/2018:01:50:13 -0400] "GET /flask/ HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
and error log shows no error:
sudo tail -f /var/log/nginx/error.log
[sudo] password for saeb:
2018/09/27 00:15:50 [error] 2650#2650: *13 open() "/usr/share/nginx/html/robots.txt" failed (2: No such file or directory), client: 54.175.74.27, server: bot.itarashe.zone, request: "GET /robots.txt HTTP/1.1", host: "bot.itarashe.zone"
2018/09/27 00:27:23 [error] 2650#2650: *16 open() "/usr/share/nginx/html/robots.txt" failed (2: No such file or directory), client: 66.249.66.76, server: bot.itarashe.zone, request: "GET /robots.txt HTTP/1.1", host: "oldflight.ir"
2018/09/27 00:27:23 [error] 2650#2650: *17 open() "/usr/share/nginx/html/assets/font/IranSans/IRANSans-Medium-web.woff2" failed (2: No such file or directory), client: 66.249.66.75, server: bot.itarashe.zone, request: "GET /assets/font/IranSans/IRANSans-Medium-web.woff2 HTTP/1.1", host: "oldflight.ir"
2018/09/27 01:09:02 [notice] 2811#2811: signal process started
2018/09/27 01:27:45 [notice] 2831#2831: signal process started
2018/09/27 01:42:01 [notice] 2876#2876: signal process started
2018/09/27 01:42:41 [notice] 2889#2889: signal process started
2018/09/27 01:43:54 [notice] 2902#2902: signal process started
2018/09/27 01:44:38 [notice] 2915#2915: signal process started
2018/09/27 01:50:06 [notice] 2936#2936: signal process started
Ok my problem solved, Nginx did what it needs to do, it calls socket but with /flask
and I didnt define #app.route('/flask')

500 internal server error Akka Nginx

I am trying to run Akka service using nginx. Here is my default.conf:
upstream hello-akka{
server localhost:9000;
}
server {
listen 9000;
location /* {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /akka {
proxy_pass http://hello-akka;
}
location /assets {
root /var/www;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Default nginx page works just fine but when I redirect to /akka I get 500 internal server error. Here is my nginx log file:
2017/12/05 10:58:17 [crit] 11077#11077: *1014 open() "/usr/share/nginx/html/50x.html" failed (24: Too many open files), client: 127.0.0.1, server: , request: "GET /akka HTTP/1.0", upstream: "http://127.0.0.1:9000/akka", host: "hello-akka"
I have changed /etc/security/limits.con file to increase the number of connections from 1024 to 16384. However, after that I keep getting another error:
host: "hello-akka"
2017/12/05 11:40:42 [error] 15916#15916: *37494 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: , request: "GET /akka HTTP/1.0", upstream: "http://127.0.0.1:9000/akka"
So what is wrong with my configurations and how should I change them to run /akka page normally?
UPDATE: I have changed server localhost:9000 to server localhost:8080 in upstream hello-akka. However, when I redirect to localhost:9000/akka I get An error occurred page.
Error logs shows this error:
*1 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /akka HTTP/1.1", upstream: "http://127.0.0.1:8080/akka", host: "localhost:9000"

nginx 403 Forbidden error with root user

Nginx 403 error,so how can i fix this problem?
When i access the main.css from chrome browser,it response me 403 error.
➜ ~ tail -fn4 /var/log/nginx/error.log
2016/04/23 08:16:51 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:16:53 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:21:48 [error] 10488#0: *4 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:24:49 [error] 10488#0: *5 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
namei tool,all parent directory have 755,and the main.css have 644.
➜ ~ namei -l /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
f: /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
drwxr-xr-x root root /
drwxr-xr-x root root data
drwxr-xr-x root root apache-tomcat-8.0.33
drwxr-xr-x root root webapps
drwxr-xr-x root root ROOT
drwxr-xr-x root root static
drwxr-xr-x root root css
-rw-r--r-- root root main.css
start nginx's user is root:
➜ ~ ps aux | grep "nginx: worker process" | awk '{print $1}'
root
nginx conf:
upstream tomcat {
server 127.0.0.1:8887;
}
server {
listen 80;
server_name www.xx.com xx.com;
charset utf-8;
access_log /var/log/nginx/tomcat.access.log main;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
client_max_body_size 500M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
root /data/apache-tomcat-8.0.33/webapps/ROOT;
expires 7d;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
It's quite possible that you are hosting on a machine that has selinux enforced.
what does sestatus give you?

Flask app : error while reading response header from upstream

The site runs with nginx and an uwsgi (flask app) and shellinabox terminal.
After every 20 or 30 minutes, the shellinabox terminal is not getting loaded and the nginx log shows this -
2012/05/26 14:20:27 [error] 4547#0: *117 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.122.128, server: _, request: "POST /login/ HTTP/1.1", upstream: "uwsgi://127.0.0.1:1973", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/login/"
2012/05/26 14:20:31 [crit] 4547#0: *105 mkdir() "/var/lib/nginx/tmp/proxy/3/00" failed (13: Permission denied) while reading upstream, client: 192.168.122.128, server: _, request: "GET /terminal/proxy/ShellInABox.js HTTP/1.1", upstream: "http://127.0.0.1:4200/ShellInABox.js", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:21:06 [error] 4547#0: *103 upstream timed out (110: Connection timed out) while reading response header from upstream
, client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:21:06 [error] 4547#0: *103 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:22:31 [error] 4547#0: *136 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"
2012/05/26 14:22:31 [error] 4547#0: *136 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"
I tried to put sometime-out values ... nothing helped so far.
As I'm pretty much new to nginx/uwsgi/shellinabox, I'm currently stuck with this.
Here is my nginx.conf file -
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/MYwebapp_access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#
# The default server
#
server {
listen 80;
server_name _;
#charset koi8-r;
#access_log logs/host.access.log main;
location /terminal/proxy {
rewrite ^/terminal/proxy/(.*)$ /$1 break;
proxy_pass http://localhost:4200/index;
proxy_set_header X-Real-IP $remote_addr;
#proxy_read_timeout 3000;
uwsgi_connect_timeout 6000;
uwsgi_read_timeout 6000;
uwsgi_send_timeout 6000;
}
location / { try_files $uri #MYwebapp; }
location #MYwebapp {
include uwsgi_params;
uwsgi_pass localhost:1973;
uwsgi_connect_timeout 6000;
uwsgi_read_timeout 6000;
uwsgi_send_timeout 6000;
}
error_page 404 /404.html;
location = /404.html {
root /var/www/MYwebapp/templates;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/MYwebapp/templates;
}
}
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
2012/05/26 14:21:06 [error] 4547#0: *103 upstream timed out (110: Connection timed out) while reading response header from upstream
, client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:21:06 [error] 4547#0: *103 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:22:31 [error] 4547#0: *136 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"
2012/05/26 14:22:31 [error] 4547#0: *136 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"

Resources