502 Bad Gateway on ngnix with ssl, proxy config and php7.1
Question
I have a Debian 9 server with some virtual hosts on my nginx. I use letsencrypt wildcard and have configured some tools like webmin, monitorix and a webinterface for a bot for teamspeak.
I created a .conf file for every subdomain.
On the page home.website.net are no problems. It´s just html with pictures and text without php or something else.
Webmin works also fine, sinusbot and monitorix not.
Here are my configs:
root@host:~# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Next is the default host, that works fine:
root@host:~# cat /etc/nginx/sites-available/default
# Default server configuration
#
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php ;
server_name home.website.net 192.168.1.16 XXX.XXX.XXX.XXX;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
# fastcgi_pass unix:/run/php/php7.1-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/website.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/website.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name home.website.net 192.168.1.16 XXX.XXX.XXX.XXX;
# enforce https
return 301 https://$host$request_uri;
}
Here ist the first subdomain, sinusbot, that not work:
root@host:~# cat /etc/nginx/sites-available/sinusbot.conf
server {
listen 80;
listen [::]:80;
server_name sinusbot.website.net;
access_log /var/log/nginx/sinusbot.access.log;
error_log /var/log/nginx/sinusbot.error.log;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
access_log /var/log/nginx/sinusbot.access.log;
error_log /var/log/nginx/sinusbot.error.log;
server_name sinusbot.website.net;
ssl on;
ssl_certificate /etc/letsencrypt/live/website.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.net/privkey.pem;
client_max_body_size 100M;
location ~ \.php$ {
# fastcgi_pass unix:/run/php/php7.1-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass https://127.0.0.1:8087;
proxy_redirect off;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
}
The second one (monitorix) has the same configuration but with another port and subdomain. On both i get a 502 Bad Gateway and in the logfiles are following error:
access.log:
192.168.1.1 - - [10/Jun/2018:20:22:01 +0200] "GET / HTTP/2.0" 502 638 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
192.168.1.1 - - [10/Jun/2018:20:22:01 +0200] "GET /favicon.ico HTTP/2.0" 502 638 "https://sinusbot.website.net/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
error.log:
2018/06/10 20:22:22 [error] 18522#18522: *51 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: sinusbot.website.net, request: "GET / HTTP/2.0", upstream: "https://127.0.0.1:8087/", host: "sinusbot.website.net"
2018/06/10 20:22:22 [error] 18522#18522: *51 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: sinusbot.website.net, request: "GET /favicon.ico HTTP/2.0", upstream: "https://127.0.0.1:8087/favicon.ico", host: "sinusbot.website.net", referrer: "https://sinusbot.website.net/"
At last, the Webmin ngnix config, that works without problems:
root@host:~# cat /etc/nginx/sites-available/webmin.conf
server {
listen 80;
listen [::]:80;
server_name webmin.website.net;
access_log /var/log/nginx/webmin.access.log;
error_log /var/log/nginx/webmin.error.log;
return 301 https://$host$request_uri;
}
server {
server_name webmin.website.net;
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/website.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.net/privkey.pem;
access_log off;
error_log off;
location /RequestDenied {
return 418;
}
location / {
proxy_pass https://127.0.0.1:10000;
proxy_redirect off;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
}
Any ideas?
1 answers
solution1
0 2018-06-11 09:40:09
So, solved by a colleague and myself:
location ~ \.php$ {
# fastcgi_pass unix:/run/php/php7.1-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
This block tell, you should show a php file with this configuration and the part after this, in which is defined, where is the website, would be ignored.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
CentOs 6, Php7.1, libevent, nginx returns 502
PHP7 + curl (SSL/TLS) gives 502 Bad Gateway
php loop 502 Bad Gateway
502 bad gateway: php://input
PHP7.1 mcrypt alternative
OSx php7.1 problems
502 Bad Gateway using PHP 5.5
Any php request return 502 Bad Gateway
nginx php-fpm 502 Bad Gateway
502 Bad Gateway with PHP7 and Nginx 1.9.9
Related Tags