Nginx 502 bad gateway

Question

Nginx 502 bad gateway

I get 502 Bad Gateway with nginx when using spwn fcgi to create php5-cgi.

I use this to span an instance at server startup using the following line in rc.local

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid

Presumably, I am getting an error because spawn-fcgi / php5-cgi is dying and there is nothing that would listen there to parse php.

I get nothing in the logs that I see anywhere, I have no ideas (and new for this installation with nginx)

+47

php nginx fastcgi

Joel Wickard Nov 23 '10 at 3:01

source share

13 answers

fadil · Answer 1 · 2013-05-11 14:11

I have the same problem. I executed my localhost and the message 502 bad gateway appeared on the page. It helped me:

Go to /etc/php5/fpm/pool.d/www.conf and edit the line listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000

Perhaps this will help you.

Source from: http://wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm

sdolgy · Answer 2 · 2011-04-15 11:32

Error 502 appears because nginx cannot pass php5-cgi. You can try reconfiguring php5-cgi to use unix sockets as opposed to tcp .. then configure your server to point to a socket instead of tcp ...

 ps auxww | grep php5-cgi #-- is the process running? netstat -an | grep 9000 # is the port open?

techvineet · Answer 3 · 2014-06-30 07:13

Go to /etc/php5/fpm/pool.d/www.conf and if you use sockets or this line is uncommented

 listen = /var/run/php5-fpm.sock

Set a couple more values: -

 listen.owner = www-data listen.group = www-data listen.mode = 0660

Remember to restart php-fpm and nginx. Make sure you are using the same owner and nginx group name.

KJ Prince · Answer 4 · 2014-06-30 14:33

You must comply with the PHP-FPM and Nginx settings for communication over sockets or TCP.

So go to /etc/php5/fpm/pool.d/www.conf and find this line:

 listen = /var/run/php5-fpm.sock

Then go to /etc/nginx/nginx.conf

Look for this:

 upstream php { server unix:/var/run/php5-fpm.socket; }

Combine these values and you should be tuned.

tjb · Answer 5 · 2012-03-08 09:32

If you are using a Linux server, make sure your IPTABLES configuration is correct.

Run sudo iptables -L -n , you will get a list of open ports. If the Iptables rule does not exist, to open the port serving the fcgi script, you will receive error 502. The Iptables rule that opens the correct port must be specified before any rule that categorically rejects all packets (i.e., the "REJECT ALL -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable form rule "REJECT ALL -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable or similar)

In my configuration, in order to open the port correctly, I had to run this command (suppose my fcgi server is running on port 4567):

 sudo iptables -I INPUT 1 -p tcp --dport 4567 -j ACCEPT

WARNING: This will open port 4567 to the world.

So it’s better to do something like this:

  sudo iptables-save >> backup.iptables sudo iptables -D INPUT 1 #Delete the previously entered rule sudo iptables -I INPUT 1 -p tcp --dport 8080 -s localhost -j ACCEPT # Add new rule

Having done this, delete error 502 for me.

user2816137 · Answer 6 · 2013-10-10 14:19

change

 fastcgi_pass unix:/var/run/php-fpm.sock;

to

 fastcgi_pass unix:/var/run/php5-fpm.sock;

neubert · Answer 7 · 2013-03-28 16:25

When I did sudo /etc/init.d/php-fpm start , I got the following error:

 Starting php-fpm: [28-Mar-2013 16:18:16] ERROR: [pool www] cannot get uid for user 'apache'

I think /etc/php-fpm.d/www.conf should know the user that the web server works as its apache assumes, when for nginx it is actually nginx and needs to be changed.

Meekohi · Answer 8 · 2013-05-27 12:56

You can make nginx ignore client interrupts using:

 location / { proxy_ignore_client_abort on; }

h0tw1r3 · Answer 9 · 2014-08-26 17:10

Try disabling xcache or apc modules. It seems that the problem with some versions is to save objects in a session variable.

Rav · Answer 10 · 2015-02-12 15:40

Hope this tip saves someone else's life. In my case, the problem was that I did not have enough memory, but only a little, it was difficult to think about it. Spent 3 hours on it. I recommend running:

 sudo htop

or

 sudo free -m

... along with running problematic queries on the server to see if your memory is running out. And if this is the case, as in my case, you need to create a swap file (if you don't already have one).

I followed this tutorial to create a page file on Ubuntu Server 14.04, and it worked fine: http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/

Ali Haris · Answer 11 · 2016-08-24 07:31

I had the same issue when setting up an Ubuntu server. It turns out I was having a problem due to incorrect permissions on the socket file.

If you have a problem due to a resolution problem, you can uncomment the following lines: /etc/php5/fpm/pool.d/www.conf

 listen.owner = www-data listen.group = www-data listen.mode = 0660

Alternatively, although I would not recommend, you can grant read and write permissions to all groups using the following command.

 sudo chmod go+rw /var/run/php5-fpm.sock

dagelf · Answer 12 · 2017-01-11 09:00

If you are on Ubuntu, and all of the above you have failed, AppArmor is most likely to blame.

Here is a good guide on how to fix it: https://www.digitalocean.com/community/tutorials/how-to-create-an-apparmor-profile-for-nginx-on-ubuntu-14-04

In short:

 vi /etc/apparmor.d/nginx

Or

 sudo aa-complain nginx sudo service nginx restart

See everything that works well ... then

 sudo aa-logprof

I still had problems with Nginx being unable to read error.log, although it had all permissions, including in Apparomor. I guess this has something to do with the order of entries or some kind of interaction with Passenger or PHP-Fpm ... I did not have enough time to fix this problem and return to Apache. (Apache works much better than FYI.)

AppArmor simply allows Nginx to do whatever it wants if you simply delete the profile:

  rm /etc/apparmor.d/nginx service apparmor reload

Surprisingly, it is not surprising that many Nginx error correction messages resort to completely disabling SELinux or uninstalling AppArmor. This is a bad idea because you are losing protection from a lot of software. Just deleting a Nginx profile is the best way to troubleshoot your configuration files. Once you find out that the problem is not with your Nginx configuration files, you can take the time to create the proper AppArmor profile.

Without an AppArmor profile, especially if you run something like Passenger, I give your server about a month to get backdoored.

PJ Brunet · Answer 13 · 2012-02-10 20:13

A similar setup here looks like it's just a mistake in my code. At the beginning of my application, I looked for the intruder URL and it worked: echo '<html>test</html>'; exit(); echo '<html>test</html>'; exit();

In my case, it turns out that the problem was an uninitialized variable that failed under special circumstances.

Nginx 502 bad gateway

More articles: