How to resolve Nginx "proxy_pass 502 Bad Gateway" error

Question

I have trying to add proxy_set_header in my nginx.conf file. When I try to add proxy_pass and invoke the URL it throws 502 Bad Gateway nginx/1.11.1 error.

Not sure how to resolve this error:

upstream app-server {
    # connect to this socket
    server unix:///tmp/alpasso-wsgi.sock;    # for a file socket
}

server {
    server_name <name>;

    listen 80 default_server;

    # Redirect http to https
    rewrite ^(.*) https://$host$1 permanent;
}

server {
    server_name <name>;

    listen 443 ssl default_server;

    recursive_error_pages on;

    location /azure{
        proxy_pass http://app-server;
    }

    ssl on;
    ssl_certificate      /etc/nginx/server.crt;
    ssl_certificate_key  /etc/nginx/server.key;
    ssl_client_certificate /etc/nginx/server.crt;
    ssl_verify_client optional;
}

What do the nginx error logs say? – Nehal J Wani Aug 27 '16 at 16:37 — Nehal J Wani, Aug 27 '16 at 16:37
For this No error message is shown in error log file. – user601367 Aug 29 '16 at 01:45 — user601367, Aug 29 '16 at 01:45

score 14 · Answer 1 · edited Apr 28 '20 at 00:06

14

Had similar problem with proxy_pass, if your Linux server is using SELINUX then you may want to try this.

$ setsebool -P httpd_can_network_connect true

Refer to Warren's answer: https://unix.stackexchange.com/questions/196907/proxy-nginx-shows-a-bad-gateway-error

edited Apr 28 '20 at 00:06

Seph Reed

8,797
11
60
125

answered Apr 05 '17 at 16:27

onionring

421
5
7

score 2 · Answer 2 · answered Aug 27 '16 at 16:54

502 is sent when your upstream is not reachable.

Try to switch on error log and you might see failed to connect to upstream, for this you need to check whether your upstream server is running or not, sudo service upstream status, and try to switch that on.

Ramil Yabbarov · Answer 3 · 2021-05-24T10:45:10.660

Nginx proxy with unix socket troubleshooting:

Check nginx conf:

nginx -t

Check socket:

netstat --protocol=unix -nlp | grep alpasso-wsgi.socket

Check is app working:

curl --unix-socket /tmp/alpasso-wsgi.sock http:/your-path-on-app

(Must be html code on screen output)

If not, check your app. If yes:
Check nginx error log

sudo tail -f /var/log/nginx/error.log

In case you get a nginx permissions error, check nginx user rights for socket:

Determine which username nginx use:

ps aux | grep nginx

And, for example, if nginx user is www-data, give to www-data user required rights. Add www-data user to required group:

sudo usermod -a -G your-socket-file-group www-data

and check permissions of a socket file, or use ACL:

sudo setfacl -R -m u:www-data:rwX /path-to-your-unix-socket
sudo setfacl -Rd -m u:www-data:rwX /path-to-your-unix-socket

Im my opinion, ACL is better for security. Because you give rights to nginx only to one file, not for all files which belongs to group.

How to resolve Nginx "proxy_pass 502 Bad Gateway" error

3 Answers3

Linked