nginx 502 bad gateway

Question

I get a 502 Bad Gateway with nginx when using spawn fcgi to spawn php5-cgi.

I use this to span an instance on server start using the following line in rc.local

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid

presumably I'm getting the error because the spawn-fcgi / php5-cgi dies and there is nothing listening there anymore to parse php.

I get nothing in the logs that I can see anywhere, I'm out of ideas (and new to this setup with nginx)

First, don't give up! nginx is a wonderful piece of software. Try with php-fpm. Don't miss the `/etc/php5/fpm` dir with settings inside and note the copy of php.ini that may override your own php.ini config... Configure the logs so you can have a look if it fails. — Déjà vu, Nov 23 '10 at 03:08
Try logging into the server as root and type `/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid` into the command prompt. (That's the same line that's in your rc.local.) Do you get any error messages? — kijin, Nov 23 '10 at 03:59
I believe this question would be more appropriate (and get more answers) on [serverfault.com](http://serverfault.com). — netcoder, Nov 23 '10 at 05:04
Does this give you any clues? `tail /var/log/nginx/error.log` — e.thompsy, Jul 16 '14 at 18:11

score 62 · Answer 1 · edited Apr 07 '18 at 03:59

62

I executed my localhost and the page displayed the 502 bad gateway message. This helped me:

Edit /etc/php5/fpm/pool.d/www.conf
Change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000
Ensure the location is set properly in nginx.conf.
Run sudo service php5-fpm restart

Maybe it will help you.

Source from: http://wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm

edited Apr 07 '18 at 03:59

Dave Jarvis

30,436
41
178
315

answered May 11 '13 at 14:11

fadil

621
5
3

1

As the article says, run `sudo service php5-fpm restart` afterwards. – mgold Feb 10 '15 at 00:04
It's funny in how really different situations [exactly](http://stackoverflow.com/a/10470827/961092) same the same actions might help. – Dmitry Verhoturov Mar 31 '15 at 17:55
1

For anyone trying to get phabricator setup using nginx, this does the trick! – almel Aug 24 '15 at 05:52
sudo service php5-fpm restart ------ THANKS – Andy May 07 '19 at 05:02
point 1, helped me to find the correct fpm version, i was trying with `php7.0-fpm.sock ` but it was actually `php7.2-fpm.sock ` in my case as the version was 7.2 not 7.0, i was ignoring this as the nginx default installation had this version listed in comment and i thought nginx must had configured that from my installed php version, sigh! – Rakibul Haq Dec 02 '19 at 09:38

score 9 · Answer 2 · answered Apr 15 '11 at 11:32

9

The 502 error appears because nginx cannot hand off to php5-cgi. You can try reconfiguring php5-cgi to use unix sockets as opposed to tcp .. then adjust the server config to point to the socket instead of the tcp ...

ps auxww | grep php5-cgi #-- is the process running?  
netstat -an | grep 9000 # is the port open?

answered Apr 15 '11 at 11:32

sdolgy

6,963
3
41
61

7

What is the process if the port is not open? – Adrian Garner Oct 30 '12 at 04:39
2

In my case, service is started but there is nothing in the result of `netstat -an | grep 9000`???? – shgnInc Mar 05 '14 at 05:25
What port do you have it configured to run on? 9000 was based on the command line argument above (-p 9000) – sdolgy Mar 06 '14 at 15:09
I have the same problem as @shgnInc, I've got 4 sites, the first 3 run on 9000 - 9002, but the 4th site is configured in the **nginx** and **php-fpm** conf files to use port 9003, and I've restarted both services but I see nothing for `netstat -an | grep 9003` – Pete Jun 20 '14 at 11:26
1

how do you switch between socket or tcp configuration ? – Hayden Thring Jan 20 '15 at 01:20
I had the same issue i try to switch PHP version to other and switch back to my old. It works.. – Moxet Khan Aug 08 '17 at 07:38

score 8 · Answer 3 · answered Jun 30 '14 at 07:13

Go to /etc/php5/fpm/pool.d/www.conf and if you are using sockets or this line is uncommented

listen = /var/run/php5-fpm.sock

Set couple of other values too:-

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Don't forget to restart php-fpm and nginx. Make sure you are using the same nginx owner and group name.

score 8 · Answer 4 · edited Feb 27 '15 at 01:18

8

You have to match the settings for PHP-FPM and Nginx to communicate over sockets or TCP.

So go to /etc/php5/fpm/pool.d/www.conf and look for this line:

listen = /var/run/php5-fpm.sock

Then go to /etc/nginx/nginx.conf

Look for this:

upstream php {
    server unix:/var/run/php5-fpm.socket;
}

Match those values and you should be all set.

edited Feb 27 '15 at 01:18

islandlinux

19
5

answered Jun 30 '14 at 14:33

Ken Prince

1,437
1
20
26

1

Yes, I had the similar problem when trying to launch the Silex application. Documentation suggests to configure vhost with path "/var/run/php-fpm/www.sock", but in my php-fpm configuration it was set to listen "/var/run/php5-fpm.sock", so I had to also put the same value for the vhost configuration. – AbstractVoid Apr 05 '15 at 21:55

score 5 · Answer 5 · edited Apr 22 '12 at 15:37

If running a linux server, make sure that your IPTABLES configuration is correct.

Execute sudo iptables -L -n , you will recieve a listing of your open ports. If there is not an Iptables Rule to open the port serving the fcgi script you will receive a 502 error. The Iptables Rule which opens the correct port must be listed before any rule which categorically rejects all packets (i.e. a rule of the form "REJECT ALL -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable or similar)

On my configuration, to properly open the port, I had to execute this command (assume my fcgi server is running at port 4567):

sudo iptables -I INPUT 1 -p tcp --dport 4567 -j ACCEPT

WARNING: This will open port 4567 to the whole world.

So it might be better to do something like this:

   sudo iptables-save >> backup.iptables
   sudo iptables -D INPUT 1 #Delete the previously entered rule
   sudo iptables -I INPUT 1 -p tcp --dport 8080 -s localhost -j ACCEPT # Add new rule

Doing this removed the 502 error for me.

score 4 · Answer 6 · edited Jan 18 '14 at 06:10

4

change

fastcgi_pass    unix:/var/run/php-fpm.sock;

to

fastcgi_pass    unix:/var/run/php5-fpm.sock;

edited Jan 18 '14 at 06:10

jm.

23,422
22
79
93

answered Oct 10 '13 at 14:19

user2816137

61
1
1
5

score 2 · Answer 7 · answered Mar 28 '13 at 16:25

When I did sudo /etc/init.d/php-fpm start I got the following error:

Starting php-fpm: [28-Mar-2013 16:18:16] ERROR: [pool www] cannot get uid for user 'apache'

I guess /etc/php-fpm.d/www.conf needs to know the user that the webserver is running as and assumes it's apache when, for nginx, it's actually nginx, and needs to be changed.

score 2 · Answer 8 · answered May 27 '13 at 12:56

2

You can make nginx ignore client aborts using:

location / {
  proxy_ignore_client_abort on;
}

answered May 27 '13 at 12:56

Meekohi

10,390
6
49
58

I am curious, to understand you answer as it may be related to an issue I am having ( as per 502 gateway) - What is a "client abort" ? I mean, what is "the client" you are referring to, php? – Stephane Gosselin Sep 03 '18 at 15:51
1

Hey @stefgosselin, my (limited) understanding is that `proxy_ignore_client_abort on` causes nginx to track each connection (anyone connecting to nginx is a "client") and monitor if it is closed without a request being sent. This is "incorrect behavior" on the part of the client, but some do it anyway. – Meekohi Sep 05 '18 at 15:07

score 2 · Answer 9 · answered Aug 24 '16 at 07:31

I had the same problem while setting up an Ubuntu server. Turns out I was having the problem due to incorrect permissions on socket file.

If you are having the problem due to a permission problem, you can uncomment the following lines from: /etc/php5/fpm/pool.d/www.conf

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Alternatively, although I wouldn't recommend, you can give read and write permissions to all groups by using the following command.

sudo chmod go+rw /var/run/php5-fpm.sock

score 1 · Answer 10 · answered Aug 26 '14 at 17:10

1

Try disabling the xcache or apc modules. Seems to cause a problem with some versions are saving objects to a session variable.

answered Aug 26 '14 at 17:10

h0tw1r3

6,618
1
28
34

score 1 · Answer 11 · answered Feb 12 '15 at 15:40

Hope this tip will save someone else's life. In my case the problem was that I ran out of memory, but only slightly, was hard to think about it. Wasted 3hrs on that. I recommend running:

sudo htop

or

sudo free -m

...along with running problematic requests on the server to see if your memory doesn't run out. And if it does like in my case, you need to create a swap file (unless you already have one).

I have followed this tutorial to create swap file on Ubuntu Server 14.04 and it worked just fine: http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/

score 1 · Answer 12 · answered Jan 11 '17 at 09:00

If you're on Ubuntu, and all of the above has failed you, AppArmor is most likely to blame.

Here is a good guide how to fix it: https://www.digitalocean.com/community/tutorials/how-to-create-an-apparmor-profile-for-nginx-on-ubuntu-14-04

Long story short:

vi /etc/apparmor.d/nginx

Or

sudo aa-complain nginx
sudo service nginx restart

See everything working nicely... then

sudo aa-logprof

I still had problems with Nginx not being able to read error.log, even though it had all the permissions possible, including in Apparomor. I'm guessing it's got something to do with the order of the entries, or some interaction with Passenger or PHP-Fpm... I've run out of time to troubleshoot this and have gone back to Apache for now. (Apache performs much better too FYI.)

AppArmor just lets Nginx do whatever it wants if you just remove the profile:

 rm /etc/apparmor.d/nginx
 service apparmor reload

Shockingly, but hardly surprising, a lot of posts on fixing Nginx errors resorts to completely disabling SELinux or removing AppArmor. That's a bad idea because you lose protection from a whole lot of software. Just removing the Nginx profile is a better way to troubleshoot your config files. Once you know that the problem isn't in your Nginx config files, you can take the time to create a proper AppArmor profile.

Without an AppArmor profile, especially if you run something like Passenger too, I give your server about a month to get backdoored.

score 1 · Answer 13 · answered Oct 23 '19 at 09:48

For me the error was in default file of Nginx located at /etc/nginx/sites-available/default

I noticed the version of php-fpm used was 7.0 and the php version i downloaded was 7.2 I simply changed the version to 7.2 and it worked.

fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

PJ Brunet · Answer 14 · 2012-02-10T21:14:04.513

0

Similar setup here and looks like it was just a bug in my code. At the start of my app I looked for the offending URL and this worked: echo '<html>test</html>'; exit();

In my case, turns out the problem was an uninitialized variable that only failed under peculiar circumstances.

edited Feb 10 '12 at 21:14

answered Feb 10 '12 at 20:13

PJ Brunet

3,615
40
37

nginx 502 bad gateway

14 Answers14

Linked