connect() failed (111: Connection refused) while connecting to upstream

Question

Hi all,

Followed this tutorial to get Let’s Encrypt working on my Nest.js/Node server.

Everything works - running sudo nginx -t returns:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

However, accessing my domain gives me a 502 Bad Gateway error. Specifically (from /var/log/nginx):

15004#15004: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 77.98.141.183, server: ww2.zone, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8000/", host: "ww2.zone"

Here is my /etc/nginx/sites-available file:

Default server configuration
server {
    listen 80;
    listen 127.0.01;    
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}
server {
    # Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ww2.zone;

    # Use the Letâ€™s Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem;

    # Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:8000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }
}

And my server is within a git Repo within home/username.

The code to listen on the port is:
await app.listen(process.env.PORT || 5000);

This used to be process.env.PORT || 80 but that would throw:

Error: listen EADDRINUSE: address already in use :::80

Any ideas? Pulling my hair out atm.

Answer 1

bobbyiliev August 14, 2019

Hello,

You can only have 1 service listening on 1 port. So as you have Nginx listening on port 80 at the moment, you can not have your Node on the same port.

Also as you currently have your Nginx set to work as a reverse proxy for port 8000, what you could do is to just set Node to listen on port 8000.

This would fix your 502 error.

Here is a link to an answer on how to troubleshoot common Nginx problems:

https://www.digitalocean.com/community/questions/how-to-troubleshoot-common-nginx-issues-on-linux-server

Here is also a quick video demo on how to do that:

Hope that this helps!
Regards,
Bobby

Reply Report

hbendixlewis August 14, 2019

Hi Bobby, appreciate the reply. I’ve just updated my Node server to listen on port 8000, however, I still get the same error!

Reply Report

bobbyiliev August 14, 2019

Hello,

What I could suggest is checking the ports that are being used on your server with the netstat command. For example you could use the following:

netstat -plant

Make sure that Nginx is listening on 80 and 443 and that Node is listening on 8000 (as this is what you currently have in your Nginx config for your reverse proxy setup)

Reply Report

hbendixlewis August 14, 2019

Hi Bobby,

Here’s the output table:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0    816 167.71.143.98:22        77.98.141.183:50089     ESTABLISHED -
tcp        0      0 167.71.143.98:22        77.98.141.183:53826     ESTABLISHED -
tcp        0      0 167.71.143.98:22        77.98.141.183:53788     ESTABLISHED -
tcp        0      0 167.71.143.98:34772     104.248.175.171:25060   ESTABLISHED -
tcp        0   1080 167.71.143.98:22        153.36.236.35:41061     ESTABLISHED -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::5000                 :::*                    LISTEN      -

I’m struggling to determine what is the Nginx stuff vs what is my Node server? (I have the server running using Pm2.)

Reply Report

bobbyiliev August 14, 2019
Hello,

I can see that the service is still listening on port 5000:

tcp6 0 0 :::5000 :::* LISTEN -

You need to either adjust that and set it to 8000, or you need to adjust your Nginx config and adjust the reverse proxy rule and change it from:

proxy_pass http://localhost:8000/;

To:

proxy_pass http://localhost:5000/;

That way Nginx would start proxying the connections from port 80 and port 443 to the service that is running on port 5000.

Hope that this helps!
Reply Report
- hbendixlewis August 14, 2019
  
  It worked, thank you Bobby! One day I’ll understand all this stuff a lot better :D
  
  Reply Report
- bobbyiliev August 14, 2019
  
  No problem at all! I’m happy to hear that it’s all working now!
  
  Reply Report

savjisuyash December 28, 2020

Hi Bobby,
I have tried everything you answered here but it’s not working for me.

This is my nginx.conf file

events{ }

 http {
    #  sendfile on;

    # upstream app_servers {
    #     server 127.0.0.1:8543;

    # }

    server {
        listen 80;

        location / {
            # proxy_connect_timeout 500s;
            # proxy_send_timeout 500s;
            # proxy_read_timeout 500s;
            # send_timeout 500s;

            #large_client_header_buffers 4 16k;
            proxy_pass http://localhost:8000;

            # proxy_redirect off;
            # proxy_set_header Host $host;
            # proxy_set_header X-Real-IP $remote_addr;
            # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # proxy_set_header X-Forwarded-Host $server_name;
        }
    }
 }

My backend is a node app running in docker container on port 8000

This is my docker-compose file

version: '3'

services:

  mymongo:
    image: mongo

  app:
    build:
      context: ./app
      dockerfile: Dockerfile
    ports: 
      - "8000:8000"
  proxy:
    build:
      context: ./nginx
      dockerfile: Dockerfile
    volumes: 
        - ./nginx:/usr/local/etc/nginx
    ports: 
      - "80:80"

Running ports:
docker containers are running fine on 80 and 8000

Reply Report

bobbyiliev December 30, 2020

Hi there @savjisuyash,

I believe that the problem is that you are using localhost in your Nginx config and as the Nginx is running inside a Docker container, using localhost is like referencing to the container itself.

You would need to either use the server IP address rather than localhost or try using the name of your container which is hosting the backend service.

Let me know how it goes!
Regards,
Bobby
Reply Report

loovum March 19, 2020

I have the same problem as @hbendixlewis has.

Here is my config.

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      960/mysqld
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      938/redis-server 12
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21863/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      713/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      922/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      21863/nginx: master
tcp        0      0 127.0.0.1:3306          127.0.0.1:41634         TIME_WAIT   -
tcp        0    340 167.172.16.179:22       182.48.90.78:51251      ESTABLISHED 20492/sshd: root@pt
tcp6       0      0 ::1:6379                :::*                    LISTEN      938/redis-server 12
tcp6       0      0 :::80                   :::*                    LISTEN      21863/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      922/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      21863/nginx: master

Reply Report

bobbyiliev March 26, 2020
Hi there @loovum,

Actually, I can’t see any services running on a specific port.

Can you share more details of your exact setup? For example:

Share your Nginx Server Block config

What is the backend service that you are trying to connect to?

Make sure that your backend service is actually running

Regards,
Bobby
Reply Report
- loovum March 26, 2020
  
  Thanks for the reply. It has been fixed. I don’t remember how exactly I did it.
  
  Reply Report
  
  bobbyiliev March 26, 2020
  
  Hi @loovum,
  
  No problem at all. I’m happy to hear that you’ve got this fixed!
  
  Regards,
  Bobby
  
  Reply Report
jaidenshahi4 June 8, 2021

h
Reply Report

chiuyau May 14, 2020

Hi bobby, I have the same error but not sure if it is the same issue.
I have the 502 page error on my site just after I installed php7.0 on my server. Before that, I am using Ghost theme and it’s application, I installed php7.0 for using php in the default page of nginx.
Here’s the error log

connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xx.xx, server: example.com, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:2370/", host: "example.com"

And the netstat -plant output table:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:2368          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:2369          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:35602         127.0.0.1:3306          ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35460         ESTABLISHED -
tcp        0      0 192.168.8.7:22          203.218.57.87:55401     ESTABLISHED -
tcp        0      0 127.0.0.1:35460         127.0.0.1:3306          ESTABLISHED -
tcp        0      0 127.0.0.1:35470         127.0.0.1:3306          ESTABLISHED -
tcp        0    376 192.168.8.7:22          203.218.57.87:55492     ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35470         ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35128         ESTABLISHED -
tcp        0      0 127.0.0.1:35128         127.0.0.1:3306          ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35602         ESTABLISHED -
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::9000                 :::*                    LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::21                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -

I am bad at troubleshooting, I am looking forward to your reply and I would be grateful. Thx!

Reply Report

bobbyiliev May 16, 2020

Hi there @chiuyau,

It looks like that your backend service which is supposed to listen on port 2370 is not running.

What are you using exactly for your backend services? It could be Docker or Node.js or something different, what you need to do is make sure that this service is up and running.

I can see that you have some other services listening on ports 2368 and 2369 so my guess would be that the service which was listening on port 2370 had crashed or has been stopped for some other reasons and needs to be started again.

Hope that this information gives you some ideas on where to start.

Let me know how it goes!
Regards,
Bobby
Reply Report
- chiuyau May 16, 2020
  
  Thanks Bobby, I had solved the problem!
  For you reference, I’m using VMware and hosting the services local at my home, nodejs + ubuntu 18.04, though I’m not sure which service is listening 2368/2369, but I solve it by rewriting the nginx config to use ip, not dns. For instance, 127.0.0.1 instead of localhost, or remove the ipv6 alias from /etc/hosts.
  Thanks anyway!
  
  Reply Report
  
  bobbyiliev May 16, 2020
  
  Hi there @chiuyau,
  
  I am happy to hear that you’ve got this all working! And thank you for sharing the solution here!
  
  Regards,
  Bobby
  
  Reply Report

lamnxhe130369 March 22, 2021

Hi Bobby,
I have an issues but I can’t find a way to resolve it, hope you can help me.

I have setup Nginx:

location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}
location ~ ^/colibri-ws/jvb2/(.*) {
   proxy_pass http://127.0.0.1:9091/colibri-ws/jvb2/$1$is_args$args;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   tcp_nodelay on;
}

And this is the netstat -plant output:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      22278/nginx: master
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      528/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1767/sshd: /usr/sbi
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      22278/nginx: master
tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 10.104.0.2:5349         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5349    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.104.0.2:5349         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5349    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.104.0.2:5350         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5350    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.104.0.2:5350         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5350    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 127.0.0.1:5347          127.0.0.1:60556         ESTABLISHED 19831/lua5.2
tcp        0      0 127.0.0.1:5222          127.0.0.1:55330         ESTABLISHED 19831/lua5.2
tcp        0      0 178.128.124.127:5222    178.128.124.157:37578   ESTABLISHED 19831/lua5.2
tcp        0   1920 178.128.124.127:22      42.115.132.147:64608    ESTABLISHED 26550/sshd: root@pt
tcp        0      0 178.128.124.127:22      49.88.112.67:42336      SYN_RECV    -
tcp6       0      0 :::80                   :::*                    LISTEN      22278/nginx: master
tcp6       0      0 :::5269                 :::*                    LISTEN      19831/lua5.2
tcp6       0      0 :::22                   :::*                    LISTEN      1767/sshd: /usr/sbi
tcp6       0      0 :::8888                 :::*                    LISTEN      17968/java
tcp6       0      0 :::443                  :::*                    LISTEN      22278/nginx: master
tcp6       0      0 :::5280                 :::*                    LISTEN      19831/lua5.2
tcp6       0      0 ::1:5347                :::*                    LISTEN      19831/lua5.2
tcp6       0      0 ::1:5349                :::*                    LISTEN      21993/turnserver
tcp6       0      0 ::1:5349                :::*                    LISTEN      21993/turnserver
tcp6       0      0 :::5222                 :::*                    LISTEN      19831/lua5.2
tcp6       0      0 ::1:5350                :::*                    LISTEN      21993/turnserver
tcp6       0      0 ::1:5350                :::*                    LISTEN      21993/turnserver
tcp6       0      0 127.0.0.1:60556         127.0.0.1:5347          ESTABLISHED 17968/java
tcp6       0      0 127.0.0.1:55330         127.0.0.1:5222          ESTABLISHED 17968/java

I can’t find port 9090 or 9091 open

And this is my Nginx error log:

 2021/03/22 09:43:55 [error] 22280#22280: *1942 connect() failed (111: Connection refused) while connecting to upstream, client: 118.70.211.227, server: dystansee.ddns.net, request: "GET /colibri-ws/jvb2/41e1758e1c730611/3a869f46?pwd=1na4c80qp10nd57l6ji381n1m3 HTTP/1.1", upstream: "http://127.0.0.1:9091/colibri-ws/jvb2/41e1758e1c730611/3a869f46?pwd=1na4c80qp10nd57l6ji381n1m3", host: "dystansee.ddns.net"

I think port 9090 and 9091 don’t open, so it cause “connection refused error”, please help me fix this issue. Thank you.

Reply Report

bobbyiliev March 23, 2021

Hi there @lamnxhe130369,

It looks like that the services are supposed to be listening on ports 9090 and 9091 are not running.

You need to make sure that those 2 services are runing.

Basically, the problem is that Nginx is trying to proxy the traffic to services that are not available.

To fix that you need to start the services or check why they are not running.

Regards,
Bobby
Reply Report

pavishhexalab June 11, 2021

Hi Bobby,

I’m getting this error in NGINX. We are using 2 back end ports 3001 and 3003 in NGINX config file but it’s not showing on the running port number list when I’m running the netstat command (netstat -plant). I’m facing a problem to enable the 2 port numbers (3001 and 3003). Please help me to enable the back end port.

[error] 2517#2517: *988 connect() failed (111: Connection refused) while connecting to upstream, client: 203.159.80.75, server: ourmart.in, request: “GET / HTTP/1.1”, upstream: “http://127.0.0.1:3003/”, host: “3.134.220.238:80”

PID/Program name
tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 816 172.31.16.124:22 49.37.183.23:54196 ESTABLISHED -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN
Reply Report
- cdara7 June 14, 2021
  
  Hello, have you got it through with this problem? I also got the same problem as you described.
  
  Reply Report
- bobbyiliev June 14, 2021
  
  Hi there,
  
  It looks like that the services that should be listening on ports 3001 and 3003 are not running.
  
  All that the Nginx proxy does is to forward the traffic from port 80 to the backend services. If there are no services listening on those ports, the Nginx proxy will fail.
  
  To fix this, you need to start the services first. This would depend on your specific backend services, for example, they could be running in Docker containers, if so you would need to start the containers.
  
  Let me know if you have any questions!
  Regards,
  Bobby
  
  Reply Report
bobbyiliev September 24, 2021

Hi @axiom88guru,

I noticed that you’ve posted a separate question for your specific problem. I’ve just posted an answer to that new question. Let me know how it goes!

Best,
Bobby
Reply Report

Answer 2

hbendixlewis August 14, 2019

Hi Bobby, appreciate the reply. I’ve just updated my Node server to listen on port 8000, however, I still get the same error!

Reply Report

bobbyiliev August 14, 2019

Hello,

What I could suggest is checking the ports that are being used on your server with the netstat command. For example you could use the following:

netstat -plant

Make sure that Nginx is listening on 80 and 443 and that Node is listening on 8000 (as this is what you currently have in your Nginx config for your reverse proxy setup)

Reply Report

hbendixlewis August 14, 2019

Hi Bobby,

Here’s the output table:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0    816 167.71.143.98:22        77.98.141.183:50089     ESTABLISHED -
tcp        0      0 167.71.143.98:22        77.98.141.183:53826     ESTABLISHED -
tcp        0      0 167.71.143.98:22        77.98.141.183:53788     ESTABLISHED -
tcp        0      0 167.71.143.98:34772     104.248.175.171:25060   ESTABLISHED -
tcp        0   1080 167.71.143.98:22        153.36.236.35:41061     ESTABLISHED -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::5000                 :::*                    LISTEN      -

I’m struggling to determine what is the Nginx stuff vs what is my Node server? (I have the server running using Pm2.)

Reply Report

bobbyiliev August 14, 2019
Hello,

I can see that the service is still listening on port 5000:

tcp6 0 0 :::5000 :::* LISTEN -

You need to either adjust that and set it to 8000, or you need to adjust your Nginx config and adjust the reverse proxy rule and change it from:

proxy_pass http://localhost:8000/;

To:

proxy_pass http://localhost:5000/;

That way Nginx would start proxying the connections from port 80 and port 443 to the service that is running on port 5000.

Hope that this helps!
Reply Report
- hbendixlewis August 14, 2019
  
  It worked, thank you Bobby! One day I’ll understand all this stuff a lot better :D
  
  Reply Report
- bobbyiliev August 14, 2019
  
  No problem at all! I’m happy to hear that it’s all working now!
  
  Reply Report

savjisuyash December 28, 2020

Hi Bobby,
I have tried everything you answered here but it’s not working for me.

This is my nginx.conf file

events{ }

 http {
    #  sendfile on;

    # upstream app_servers {
    #     server 127.0.0.1:8543;

    # }

    server {
        listen 80;

        location / {
            # proxy_connect_timeout 500s;
            # proxy_send_timeout 500s;
            # proxy_read_timeout 500s;
            # send_timeout 500s;

            #large_client_header_buffers 4 16k;
            proxy_pass http://localhost:8000;

            # proxy_redirect off;
            # proxy_set_header Host $host;
            # proxy_set_header X-Real-IP $remote_addr;
            # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # proxy_set_header X-Forwarded-Host $server_name;
        }
    }
 }

My backend is a node app running in docker container on port 8000

This is my docker-compose file

version: '3'

services:

  mymongo:
    image: mongo

  app:
    build:
      context: ./app
      dockerfile: Dockerfile
    ports: 
      - "8000:8000"
  proxy:
    build:
      context: ./nginx
      dockerfile: Dockerfile
    volumes: 
        - ./nginx:/usr/local/etc/nginx
    ports: 
      - "80:80"

Running ports:
docker containers are running fine on 80 and 8000

Reply Report

bobbyiliev December 30, 2020

Hi there @savjisuyash,

I believe that the problem is that you are using localhost in your Nginx config and as the Nginx is running inside a Docker container, using localhost is like referencing to the container itself.

You would need to either use the server IP address rather than localhost or try using the name of your container which is hosting the backend service.

Let me know how it goes!
Regards,
Bobby
Reply Report

loovum March 19, 2020

I have the same problem as @hbendixlewis has.

Here is my config.

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      960/mysqld
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      938/redis-server 12
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21863/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      713/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      922/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      21863/nginx: master
tcp        0      0 127.0.0.1:3306          127.0.0.1:41634         TIME_WAIT   -
tcp        0    340 167.172.16.179:22       182.48.90.78:51251      ESTABLISHED 20492/sshd: root@pt
tcp6       0      0 ::1:6379                :::*                    LISTEN      938/redis-server 12
tcp6       0      0 :::80                   :::*                    LISTEN      21863/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      922/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      21863/nginx: master

Reply Report

bobbyiliev March 26, 2020
Hi there @loovum,

Actually, I can’t see any services running on a specific port.

Can you share more details of your exact setup? For example:

Share your Nginx Server Block config

What is the backend service that you are trying to connect to?

Make sure that your backend service is actually running

Regards,
Bobby
Reply Report
- loovum March 26, 2020
  
  Thanks for the reply. It has been fixed. I don’t remember how exactly I did it.
  
  Reply Report
  
  bobbyiliev March 26, 2020
  
  Hi @loovum,
  
  No problem at all. I’m happy to hear that you’ve got this fixed!
  
  Regards,
  Bobby
  
  Reply Report
jaidenshahi4 June 8, 2021

h
Reply Report

chiuyau May 14, 2020

Hi bobby, I have the same error but not sure if it is the same issue.
I have the 502 page error on my site just after I installed php7.0 on my server. Before that, I am using Ghost theme and it’s application, I installed php7.0 for using php in the default page of nginx.
Here’s the error log

connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xx.xx, server: example.com, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:2370/", host: "example.com"

And the netstat -plant output table:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:2368          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:2369          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:35602         127.0.0.1:3306          ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35460         ESTABLISHED -
tcp        0      0 192.168.8.7:22          203.218.57.87:55401     ESTABLISHED -
tcp        0      0 127.0.0.1:35460         127.0.0.1:3306          ESTABLISHED -
tcp        0      0 127.0.0.1:35470         127.0.0.1:3306          ESTABLISHED -
tcp        0    376 192.168.8.7:22          203.218.57.87:55492     ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35470         ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35128         ESTABLISHED -
tcp        0      0 127.0.0.1:35128         127.0.0.1:3306          ESTABLISHED -
tcp        0      0 127.0.0.1:3306          127.0.0.1:35602         ESTABLISHED -
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::9000                 :::*                    LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::21                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -

I am bad at troubleshooting, I am looking forward to your reply and I would be grateful. Thx!

Reply Report

bobbyiliev May 16, 2020

Hi there @chiuyau,

It looks like that your backend service which is supposed to listen on port 2370 is not running.

What are you using exactly for your backend services? It could be Docker or Node.js or something different, what you need to do is make sure that this service is up and running.

I can see that you have some other services listening on ports 2368 and 2369 so my guess would be that the service which was listening on port 2370 had crashed or has been stopped for some other reasons and needs to be started again.

Hope that this information gives you some ideas on where to start.

Let me know how it goes!
Regards,
Bobby
Reply Report
- chiuyau May 16, 2020
  
  Thanks Bobby, I had solved the problem!
  For you reference, I’m using VMware and hosting the services local at my home, nodejs + ubuntu 18.04, though I’m not sure which service is listening 2368/2369, but I solve it by rewriting the nginx config to use ip, not dns. For instance, 127.0.0.1 instead of localhost, or remove the ipv6 alias from /etc/hosts.
  Thanks anyway!
  
  Reply Report
  
  bobbyiliev May 16, 2020
  
  Hi there @chiuyau,
  
  I am happy to hear that you’ve got this all working! And thank you for sharing the solution here!
  
  Regards,
  Bobby
  
  Reply Report

lamnxhe130369 March 22, 2021

Hi Bobby,
I have an issues but I can’t find a way to resolve it, hope you can help me.

I have setup Nginx:

location = /xmpp-websocket {
    proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    tcp_nodelay on;
}

# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
    proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    tcp_nodelay on;
}
location ~ ^/colibri-ws/jvb2/(.*) {
   proxy_pass http://127.0.0.1:9091/colibri-ws/jvb2/$1$is_args$args;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   tcp_nodelay on;
}

And this is the netstat -plant output:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      22278/nginx: master
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      528/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1767/sshd: /usr/sbi
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      22278/nginx: master
tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 10.104.0.2:5349         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5349    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.104.0.2:5349         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5349    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.104.0.2:5350         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5350    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.104.0.2:5350         0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 10.15.0.5:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 178.128.124.127:5350    0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      21993/turnserver
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      19831/lua5.2
tcp        0      0 127.0.0.1:5347          127.0.0.1:60556         ESTABLISHED 19831/lua5.2
tcp        0      0 127.0.0.1:5222          127.0.0.1:55330         ESTABLISHED 19831/lua5.2
tcp        0      0 178.128.124.127:5222    178.128.124.157:37578   ESTABLISHED 19831/lua5.2
tcp        0   1920 178.128.124.127:22      42.115.132.147:64608    ESTABLISHED 26550/sshd: root@pt
tcp        0      0 178.128.124.127:22      49.88.112.67:42336      SYN_RECV    -
tcp6       0      0 :::80                   :::*                    LISTEN      22278/nginx: master
tcp6       0      0 :::5269                 :::*                    LISTEN      19831/lua5.2
tcp6       0      0 :::22                   :::*                    LISTEN      1767/sshd: /usr/sbi
tcp6       0      0 :::8888                 :::*                    LISTEN      17968/java
tcp6       0      0 :::443                  :::*                    LISTEN      22278/nginx: master
tcp6       0      0 :::5280                 :::*                    LISTEN      19831/lua5.2
tcp6       0      0 ::1:5347                :::*                    LISTEN      19831/lua5.2
tcp6       0      0 ::1:5349                :::*                    LISTEN      21993/turnserver
tcp6       0      0 ::1:5349                :::*                    LISTEN      21993/turnserver
tcp6       0      0 :::5222                 :::*                    LISTEN      19831/lua5.2
tcp6       0      0 ::1:5350                :::*                    LISTEN      21993/turnserver
tcp6       0      0 ::1:5350                :::*                    LISTEN      21993/turnserver
tcp6       0      0 127.0.0.1:60556         127.0.0.1:5347          ESTABLISHED 17968/java
tcp6       0      0 127.0.0.1:55330         127.0.0.1:5222          ESTABLISHED 17968/java

I can’t find port 9090 or 9091 open

And this is my Nginx error log:

 2021/03/22 09:43:55 [error] 22280#22280: *1942 connect() failed (111: Connection refused) while connecting to upstream, client: 118.70.211.227, server: dystansee.ddns.net, request: "GET /colibri-ws/jvb2/41e1758e1c730611/3a869f46?pwd=1na4c80qp10nd57l6ji381n1m3 HTTP/1.1", upstream: "http://127.0.0.1:9091/colibri-ws/jvb2/41e1758e1c730611/3a869f46?pwd=1na4c80qp10nd57l6ji381n1m3", host: "dystansee.ddns.net"

I think port 9090 and 9091 don’t open, so it cause “connection refused error”, please help me fix this issue. Thank you.

Reply Report

bobbyiliev March 23, 2021

Hi there @lamnxhe130369,

It looks like that the services are supposed to be listening on ports 9090 and 9091 are not running.

You need to make sure that those 2 services are runing.

Basically, the problem is that Nginx is trying to proxy the traffic to services that are not available.

To fix that you need to start the services or check why they are not running.

Regards,
Bobby
Reply Report

pavishhexalab June 11, 2021

Hi Bobby,

I’m getting this error in NGINX. We are using 2 back end ports 3001 and 3003 in NGINX config file but it’s not showing on the running port number list when I’m running the netstat command (netstat -plant). I’m facing a problem to enable the 2 port numbers (3001 and 3003). Please help me to enable the back end port.

[error] 2517#2517: *988 connect() failed (111: Connection refused) while connecting to upstream, client: 203.159.80.75, server: ourmart.in, request: “GET / HTTP/1.1”, upstream: “http://127.0.0.1:3003/”, host: “3.134.220.238:80”

PID/Program name
tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 816 172.31.16.124:22 49.37.183.23:54196 ESTABLISHED -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN
Reply Report
- cdara7 June 14, 2021
  
  Hello, have you got it through with this problem? I also got the same problem as you described.
  
  Reply Report
- bobbyiliev June 14, 2021
  
  Hi there,
  
  It looks like that the services that should be listening on ports 3001 and 3003 are not running.
  
  All that the Nginx proxy does is to forward the traffic from port 80 to the backend services. If there are no services listening on those ports, the Nginx proxy will fail.
  
  To fix this, you need to start the services first. This would depend on your specific backend services, for example, they could be running in Docker containers, if so you would need to start the containers.
  
  Let me know if you have any questions!
  Regards,
  Bobby
  
  Reply Report
bobbyiliev September 24, 2021

Hi @axiom88guru,

I noticed that you’ve posted a separate question for your specific problem. I’ve just posted an answer to that new question. Let me know how it goes!

Best,
Bobby
Reply Report

Answer 3

andersonfrfilho May 23, 2020

I have the same problem, when trying to access the nginx test page

2020/05/23 17:03:43 [error] 9037#9037: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 179.126.139.213, server: hellonode, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:3000/favicon.ico", host: "165.22.43.156", referrer: "http://165.22.43.156/"
2020/05/23 17:03:43 [error] 9037#9037: *27 connect() failed (111: Connection refused) while connecting to upstream, client: 179.126.139.213, server: hellonode, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "165.22.43.156"

run the comand netstat -plant

root@know-how-cloud:/# netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 165.22.43.156:3333      0.0.0.0:*               LISTEN      6385/node /home/dep
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      9029/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      722/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      926/sshd
tcp        0      0 165.22.43.156:22        179.126.139.213:5270    ESTABLISHED 8011/sshd: root@not
tcp        0      0 165.22.43.156:37592     161.35.127.202:25060    ESTABLISHED 6385/node /home/dep
tcp        0    340 165.22.43.156:22        179.126.139.213:1979    ESTABLISHED 5495/sshd: deploy [
tcp        0   1081 165.22.43.156:22        112.85.42.195:41424     FIN_WAIT1   -
tcp        0      0 165.22.43.156:22        222.186.42.7:61212      ESTABLISHED 9455/sshd: [accepte
tcp        0      0 165.22.43.156:80        179.126.139.213:65126   ESTABLISHED 9037/nginx: worker
tcp        0      0 165.22.43.156:80        179.126.139.213:6467    ESTABLISHED 9037/nginx: worker
tcp6       0      0 :::80                   :::*                    LISTEN      9029/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      926/sshd

Do you know how I can fix it?

Reply Report

bobbyiliev August 26, 2020

Hi there,

It looks like that you’ve specified port 3000 for your proxy pass. However, there is no service that is listening on that port.

You either need to start your backend service on port 3000 or change the port in your Nginx config to match the port of your backend service.

Regards,
Bobby
Reply Report

Answer 4

bobbyiliev August 26, 2020

Hi there,

It looks like that you’ve specified port 3000 for your proxy pass. However, there is no service that is listening on that port.

You either need to start your backend service on port 3000 or change the port in your Nginx config to match the port of your backend service.

Regards,
Bobby
Reply Report

Answer 5

ihemantkumar June 10, 2020

I am having same issue however on browser, i am having this issue and logs doesn’t have such issues. I ran the command “netstat -plant”. Here’s the result.

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0    612 <IP>:22        106.204.206.144:3884    ESTABLISHED -                   
tcp        0      1 <IP>:42432     <IP>:3306       SYN_SENT    -                   
tcp        0      1 <IP>:42434     <IP>:3306       SYN_SENT    -                   
tcp6       0      0 :::21                   :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -

Reply Report

bobbyiliev August 26, 2020
Hi there,

What is the exact error that you see in your Nginx error log:

sudo tail -100 /var/log/nginx/error.log

Regards,
Bobby
Reply Report

Answer 6

bobbyiliev August 26, 2020
Hi there,

What is the exact error that you see in your Nginx error log:

sudo tail -100 /var/log/nginx/error.log

Regards,
Bobby
Reply Report

Answer 7

mukeshcoder1 August 26, 2020

**Error:**  connect() failed (111: Connection refused) while connecting to upstream, 
client: 157.32.151.133, server: _, request: "GET /api/jinping/getdetails HTTP/1.1", 
upstream: "http://127.0.0.1:5000/api/jinping/getdetails", host: "104.248.238.219"


**NgInx Config File(/etc/nginx/sites-available): **

    upstream backend {
       server 127.0.0.1:5000
       keepalive 32;
    }


server {

server_name _;
listen 80;
location / {

proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;

proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

}
#listen [::]:443; # managed by Certbot
#listen 443 ssl; # managed by Certbot
#ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Service (.Net Core web API):

[Unit]
Description=HealthCare .NET Web API App running on Ubuntu

[Service]
WorkingDirectory=/var/www/healthcare/
ExecStart=/usr/bin/dotnet /var/www/healthcare/bin/Debug/netcoreapp2.0/publish/Session1.dll --urls="http://104.248.238.219:5000;https://104.248.238.219:5001"
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
SyslogIdentifier=Health
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

[Install]
WantedBy=multi-user.target

Please help me to solve this issue.

edited by bobbyiliev

Reply Report

bobbyiliev August 26, 2020

Hi there,

Can you run netstat -plant and check if your backend service is actually listening on port 5000?

Regards,
Bobby

Reply Report

mukeshcoder1 August 26, 2020

[deleted]
Reply Report
mukeshcoder1 August 26, 2020

[deleted]
Reply Report

jaidenshahi4 June 8, 2021

Hi there,

I am having a similar issue where I receive a 502 bad gateway page…

I am not sure what is wrong with my configuration.

events {

}
http {
server {
  listen 8081 ssl;
  listen [::]:8081 ssl;
    ssl_certificate     /var/cpanel/ssl/apache_tls/liemcomputing.ca/combined;
    ssl_certificate_key /var/cpanel/ssl/apache_tls/liemcomputing.ca/combined;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;


  server_name liemcomputing.ca;
  location / {
     proxy_pass http://127.0.0.1:8080/;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection upgrade;
     proxy_set_header Accept-Encoding gzip;
  }
}
}

and here is netstat -plant

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      493/spamd-dormant:
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      882/httpd
tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      20181/nginx: master
tcp        0      0 67.43.224.118:53        0.0.0.0:*               LISTEN      536/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      536/named
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      450/pure-ftpd (SERV
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      536/named
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      882/httpd
tcp        0      0 0.0.0.0:2077            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2078            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2079            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2080            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2243            0.0.0.0:*               LISTEN      449/sshd
tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2090            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2091            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        1      0 127.0.0.1:47262         127.0.0.1:2086          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:55038         127.0.0.1:2095          CLOSE_WAIT  1271/httpd
tcp        0      0 67.43.224.118:443       64.114.199.74:3524      TIME_WAIT   -
tcp        1      0 127.0.0.1:47270         127.0.0.1:2086          CLOSE_WAIT  1360/httpd
tcp        1      0 127.0.0.1:41534         127.0.0.1:2095          CLOSE_WAIT  1140/httpd
tcp        1      0 127.0.0.1:60904         127.0.0.1:2095          CLOSE_WAIT  1271/httpd
tcp        1      0 127.0.0.1:41210         127.0.0.1:2095          CLOSE_WAIT  1366/httpd
tcp        1      0 127.0.0.1:36294         127.0.0.1:2086          CLOSE_WAIT  1366/httpd
tcp        1      0 127.0.0.1:48402         127.0.0.1:2082          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:47278         127.0.0.1:2086          CLOSE_WAIT  912/httpd
tcp        1      0 127.0.0.1:47248         127.0.0.1:2086          CLOSE_WAIT  1271/httpd
tcp        0      0 67.43.224.118:443       96.55.132.195:49735     TIME_WAIT   -
tcp        1      0 127.0.0.1:60874         127.0.0.1:2095          CLOSE_WAIT  1360/httpd
tcp        1      0 127.0.0.1:56174         127.0.0.1:2095          CLOSE_WAIT  1360/httpd
tcp        1      0 127.0.0.1:44824         127.0.0.1:2095          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:43072         127.0.0.1:2082          CLOSE_WAIT  1366/httpd
tcp        1      0 127.0.0.1:60918         127.0.0.1:2095          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:46410         127.0.0.1:2086          CLOSE_WAIT  1140/httpd
tcp        1      0 127.0.0.1:47254         127.0.0.1:2086          CLOSE_WAIT  913/httpd
tcp        1      0 127.0.0.1:48372         127.0.0.1:2082          CLOSE_WAIT  1366/httpd
tcp        0    611 67.43.224.118:2087      64.114.199.74:5030      ESTABLISHED 18952/cpsrvd websoc
tcp6       0      0 :::110                  :::*                    LISTEN      797/dovecot
tcp6       0      0 :::111                  :::*                    LISTEN      1918/rpcbind
tcp6       0      0 :::143                  :::*                    LISTEN      797/dovecot
tcp6       0      0 127.0.0.1:7984          :::*                    LISTEN      16896/java
tcp6       0      0 :::80                   :::*                    LISTEN      882/httpd
tcp6       0      0 :::8081                 :::*                    LISTEN      20181/nginx: master
tcp6       0      0 :::53                   :::*                    LISTEN      536/named
tcp6       0      0 :::21                   :::*                    LISTEN      450/pure-ftpd (SERV
tcp6       0      0 127.0.0.1:8984          :::*                    LISTEN      16896/java
tcp6       0      0 :::443                  :::*                    LISTEN      882/httpd
tcp6       0      0 :::993                  :::*                    LISTEN      797/dovecot
tcp6       0      0 :::995                  :::*                    LISTEN      797/dovecot
tcp6       0      0 :::2243                 :::*                    LISTEN      449/sshd
tcp6       0      0 :::3306                 :::*                    LISTEN      1709/mysqld

Any help would be greatly appreciated.

Thanks.

Reply Report

bobbyiliev June 10, 2021

Hi there,

As far as I can see your Nginx service is trying to proxy the traffic to a backend service that should be listening on port 8080.

However there is no such service at the moment.

It looks like that it might have crashed or been stopped.

To fix the problem, you would need to start the service that is supposed to be listening on port 8080.

This would really depend on your specific configuration.

Let me know if you have any questions!
Regards,
Bobby
Reply Report

Answer 8

bobbyiliev August 26, 2020

Hi there,

Can you run netstat -plant and check if your backend service is actually listening on port 5000?

Regards,
Bobby

Reply Report

mukeshcoder1 August 26, 2020

[deleted]
Reply Report
mukeshcoder1 August 26, 2020

[deleted]
Reply Report

jaidenshahi4 June 8, 2021

Hi there,

I am having a similar issue where I receive a 502 bad gateway page…

I am not sure what is wrong with my configuration.

events {

}
http {
server {
  listen 8081 ssl;
  listen [::]:8081 ssl;
    ssl_certificate     /var/cpanel/ssl/apache_tls/liemcomputing.ca/combined;
    ssl_certificate_key /var/cpanel/ssl/apache_tls/liemcomputing.ca/combined;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;


  server_name liemcomputing.ca;
  location / {
     proxy_pass http://127.0.0.1:8080/;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection upgrade;
     proxy_set_header Accept-Encoding gzip;
  }
}
}

and here is netstat -plant

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      493/spamd-dormant:
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      882/httpd
tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      20181/nginx: master
tcp        0      0 67.43.224.118:53        0.0.0.0:*               LISTEN      536/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      536/named
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      450/pure-ftpd (SERV
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      536/named
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      882/httpd
tcp        0      0 0.0.0.0:2077            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2078            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2079            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2080            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      797/dovecot
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2243            0.0.0.0:*               LISTEN      449/sshd
tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2090            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        0      0 0.0.0.0:2091            0.0.0.0:*               LISTEN      563/cpdavd - accept
tcp        1      0 127.0.0.1:47262         127.0.0.1:2086          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:55038         127.0.0.1:2095          CLOSE_WAIT  1271/httpd
tcp        0      0 67.43.224.118:443       64.114.199.74:3524      TIME_WAIT   -
tcp        1      0 127.0.0.1:47270         127.0.0.1:2086          CLOSE_WAIT  1360/httpd
tcp        1      0 127.0.0.1:41534         127.0.0.1:2095          CLOSE_WAIT  1140/httpd
tcp        1      0 127.0.0.1:60904         127.0.0.1:2095          CLOSE_WAIT  1271/httpd
tcp        1      0 127.0.0.1:41210         127.0.0.1:2095          CLOSE_WAIT  1366/httpd
tcp        1      0 127.0.0.1:36294         127.0.0.1:2086          CLOSE_WAIT  1366/httpd
tcp        1      0 127.0.0.1:48402         127.0.0.1:2082          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:47278         127.0.0.1:2086          CLOSE_WAIT  912/httpd
tcp        1      0 127.0.0.1:47248         127.0.0.1:2086          CLOSE_WAIT  1271/httpd
tcp        0      0 67.43.224.118:443       96.55.132.195:49735     TIME_WAIT   -
tcp        1      0 127.0.0.1:60874         127.0.0.1:2095          CLOSE_WAIT  1360/httpd
tcp        1      0 127.0.0.1:56174         127.0.0.1:2095          CLOSE_WAIT  1360/httpd
tcp        1      0 127.0.0.1:44824         127.0.0.1:2095          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:43072         127.0.0.1:2082          CLOSE_WAIT  1366/httpd
tcp        1      0 127.0.0.1:60918         127.0.0.1:2095          CLOSE_WAIT  1431/httpd
tcp        1      0 127.0.0.1:46410         127.0.0.1:2086          CLOSE_WAIT  1140/httpd
tcp        1      0 127.0.0.1:47254         127.0.0.1:2086          CLOSE_WAIT  913/httpd
tcp        1      0 127.0.0.1:48372         127.0.0.1:2082          CLOSE_WAIT  1366/httpd
tcp        0    611 67.43.224.118:2087      64.114.199.74:5030      ESTABLISHED 18952/cpsrvd websoc
tcp6       0      0 :::110                  :::*                    LISTEN      797/dovecot
tcp6       0      0 :::111                  :::*                    LISTEN      1918/rpcbind
tcp6       0      0 :::143                  :::*                    LISTEN      797/dovecot
tcp6       0      0 127.0.0.1:7984          :::*                    LISTEN      16896/java
tcp6       0      0 :::80                   :::*                    LISTEN      882/httpd
tcp6       0      0 :::8081                 :::*                    LISTEN      20181/nginx: master
tcp6       0      0 :::53                   :::*                    LISTEN      536/named
tcp6       0      0 :::21                   :::*                    LISTEN      450/pure-ftpd (SERV
tcp6       0      0 127.0.0.1:8984          :::*                    LISTEN      16896/java
tcp6       0      0 :::443                  :::*                    LISTEN      882/httpd
tcp6       0      0 :::993                  :::*                    LISTEN      797/dovecot
tcp6       0      0 :::995                  :::*                    LISTEN      797/dovecot
tcp6       0      0 :::2243                 :::*                    LISTEN      449/sshd
tcp6       0      0 :::3306                 :::*                    LISTEN      1709/mysqld

Any help would be greatly appreciated.

Thanks.

Reply Report

bobbyiliev June 10, 2021

Hi there,

As far as I can see your Nginx service is trying to proxy the traffic to a backend service that should be listening on port 8080.

However there is no such service at the moment.

It looks like that it might have crashed or been stopped.

To fix the problem, you would need to start the service that is supposed to be listening on port 8080.

This would really depend on your specific configuration.

Let me know if you have any questions!
Regards,
Bobby
Reply Report

Answer 9

mukeshcoder1 August 26, 2020

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      19783/dotnet
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      26606/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14585/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      614/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      736/sshd
tcp        0      0 104.248.238.219:22      3.131.7.66:53227        ESTABLISHED 19114/sshd: root@no
tcp        0   1081 104.248.238.219:22      222.186.180.142:37107   FIN_WAIT1   -
tcp        0   1081 104.248.238.219:22      222.186.180.142:44469   FIN_WAIT1   -
tcp        0      1 104.248.238.219:22      222.186.169.192:47172   FIN_WAIT1   -
tcp        0      0 104.248.238.219:80      98.209.15.49:64734      SYN_RECV    -
tcp        0      0 104.248.238.219:22      113.57.170.50:18180     ESTABLISHED 19826/sshd: unknown
tcp        0      0 104.248.238.219:22      188.165.169.238:59054   ESTABLISHED 19829/sshd: unknown
tcp        0    464 104.248.238.219:22      3.131.7.66:53230        ESTABLISHED 19224/sshd: root@pt
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      23842/java
tcp6       0      0 ::1:5000                :::*                    LISTEN      19783/dotnet
tcp6       0      0 :::8080                 :::*                    LISTEN      23842/java
tcp6       0      0 :::22                   :::*                    LISTEN      736/sshd

See this is my result after hit that command. I think service is starting there.

edited by bobbyiliev

Reply Report

bobbyiliev August 26, 2020

Hello,

Do you get any errors if you run sudo journalctl -u name_of_your_app?

Regards,
Bobby
Reply Report
- mukeshcoder1 August 26, 2020
  
  I got my DB connection error. I will able to solve that.
  
  Thank You for my help!
  
  Reply Report
  
  bobbyiliev August 26, 2020
  
  Hi there @mukeshcoder1,
  
  No problem at all! Happy to hear that you’ve found the root cause of the issue.
  
  Regards,
  Bobby
  
  Reply Report

Answer 10

bobbyiliev August 26, 2020

Hello,

Do you get any errors if you run sudo journalctl -u name_of_your_app?

Regards,
Bobby
Reply Report
- mukeshcoder1 August 26, 2020
  
  I got my DB connection error. I will able to solve that.
  
  Thank You for my help!
  
  Reply Report
  
  bobbyiliev August 26, 2020
  
  Hi there @mukeshcoder1,
  
  No problem at all! Happy to hear that you’ve found the root cause of the issue.
  
  Regards,
  Bobby
  
  Reply Report

Answer 11

amino123 August 26, 2020

hello, got same problem. But mine is very simple. My Webserver runs on my laptop, which is my editor for the www files. But i cannot visit my website from another Device in same network. it change the the local ip to localhost on my other device (?) or it gives me a 502 site

Since 4 hours i have been looking on the internet, did a lot of changes but nothing helped. Have you guys any tips for me ?

thanks and sorry for my bad english

Reply Report

Answer 12

amino123 August 29, 2020

have the same problem since a few days…

nginx conf

server {
  listen   80;
  root /var/www;
  index index.php index.html index.htm;
  server_name_in_redirect off;
  server_name localhost;
   proxy_redirect off;
  proxy_set_header Host $http_host; 

 location / {
      proxy_pass http://127.0.0.1:4001;
    proxy_set_header Host $server_name;
    try_files $uri $uri/ /index.php;
  }


#  error_page 404 /404.html;
#  error_page 500 502 503 504 /50x.html;
#  location = /50x.html {
#    root /var/www;
#  }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  location ~ \.php$ {
    try_files $uri =404;
    #fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

ufw

--                         ------      ---
80                         ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
80 (v6)                    ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

netstat -plant

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      783/systemd-resolve 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      901/cupsd           
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      77280/php-fpm: mast 
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      68490/mysqld        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      78190/nginx: master 

tcp6       0      0 ::1:631                 :::*                    LISTEN      901/cupsd           
tcp6       0      0 :::33060                :::*                    LISTEN      68490/mysqld

php www.conf

;listen = /var/run/php/php7.4-fpm.sock
listen = 127.0.0.1:9000

i dont know, even the people from stackoverflow (dont get me wrong)

hope you guys got the solution, thanks

edited by bobbyiliev

Reply Report

bobbyiliev August 31, 2020

Hello,

It looks like that you’ve setup a reverse proxy to proxy your traffic to port 4001 but at the moment nothing is running on that port.

You need to make sure that your backend service is actually listening on port 4001.

It would really depend on what exactly you are using for backend, for example, it might be a Docker container that has crashed on a Node.js service. But in any case you would need to get your backend service up and running.

Let me know if you have any questions.
Regards,
Bobby
Reply Report

Answer 13

bobbyiliev August 31, 2020

Hello,

It looks like that you’ve setup a reverse proxy to proxy your traffic to port 4001 but at the moment nothing is running on that port.

You need to make sure that your backend service is actually listening on port 4001.

It would really depend on what exactly you are using for backend, for example, it might be a Docker container that has crashed on a Node.js service. But in any case you would need to get your backend service up and running.

Let me know if you have any questions.
Regards,
Bobby
Reply Report

Answer 14

amino123 August 31, 2020

hello bobbyiliev thank you for your reply.

i dont know what you mean with proxy 4001 and backend service, i have never heard of them. I got never issues like this, how i can i install and set up this kind of proxy? btw i run a shop system with admin interface.

these lines are only to stop nginx redirecting my other network devices to localhost

  proxy_pass http://127.0.0.1:4001;
    proxy_set_header Host $server_name;

hope you can help
regards
amino

Reply Report

bobbyiliev September 26, 2020

Hi there @amino123,

Yes so your current configuration is telling Nginx to proxy the traffic to http://127.0.0.1:4001, and in order for this to work, you need to have another service listening on that port.

That service would really depend on your setup. For example, you might have a Node JS application running on that port or a Docker container and etc.

From the netstat output that you’ve shared, I can see that there is no service listening on that port.

In this case, you need to either remove the proxy_proxy pass rules completely or make sure that your service is started. But this would again really depend on your application and its architecture.

Hope that this helps!
Regards,
Bobby
Reply Report

Answer 15

bobbyiliev September 26, 2020

Hi there @amino123,

Yes so your current configuration is telling Nginx to proxy the traffic to http://127.0.0.1:4001, and in order for this to work, you need to have another service listening on that port.

That service would really depend on your setup. For example, you might have a Node JS application running on that port or a Docker container and etc.

From the netstat output that you’ve shared, I can see that there is no service listening on that port.

In this case, you need to either remove the proxy_proxy pass rules completely or make sure that your service is started. But this would again really depend on your application and its architecture.

Hope that this helps!
Regards,
Bobby
Reply Report

Answer 16

bobbyiliev September 26, 2020

Hi there @moisesalejandro,

What I could suggest in your case is to check your Docker container’s logs for more information on why the connections might be failing.

To do that, you can run the following:

First get your Docker container ID:

docker ps -a

Then check the logs with:

docker logs your_container_id

Feel free to share the logs here!
Regards,
Bobby

Reply Report

Answer 17

nishithgupta October 12, 2020

Hello, looks like I am also facing the same issue. And this has suddenly come up. Haven’t done any changes to server unless DO has done at their end.

Kindly help.
The error fron nginx/error.log:

2020/10/12 11:05:44 [error] 915#915: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://127.0.0.1:8000/favicon.ico”, host: “test.uxhack.co”, referrer: “https://test.uxhack.co/”
2020/10/12 11:08:07 [error] 915#915: *4 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET / HTTP/1.1”, upstream: “http://127.0.0.1:8000/”, host: “test.uxhack.co”
2020/10/12 11:08:07 [error] 915#915: *4 connect() failed (111: Connection refused) while connecting to upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://127.0.0.1:8000/favicon.ico”, host: “test.uxhack.co”, referrer: “https://test.uxhack.co/”

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      914/nginx: master p
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      693/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      893/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      914/nginx: master p
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      2165/python3
tcp        0      0 139.59.5.173:80         52.84.150.39:13100      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:16550      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:4970       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:24841      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:40249      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:27163      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:31014      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:40948      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:46110      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:38434      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:17559      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:27500      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:18538      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:51304      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:44313      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:31117      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60028      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:23283      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:39763      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:2837       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:54697      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:28925      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:12038      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:23878      SYN_RECV    -
tcp        0   5140 139.59.5.173:22         122.177.172.254:53190   ESTABLISHED 1132/sshd: root@pts
tcp        0      0 139.59.5.173:80         52.84.150.39:34837      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60232      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:45250      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:24603      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:34587      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:59458      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:160        SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:46887      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:825        SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:7317       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60776      SYN_RECV    -
tcp6       0      0 :::3306                 :::*                    LISTEN      925/mysqld
tcp6       0      0 :::22                   :::*                    LISTEN      893/sshd

Kindly help

Reply Report

matiasgermanponce March 25, 2021

Hello @bobbyiliev, i am ahving an issue with virtual host and i cannot see the content of /var/www/glpi (im trying to install glpi). Here’s my virtual host content:

[root@webi-tlbe run]# cat /etc/nginx/sites-available/glpi
## Personal note: Muslims are not terrorists and I humbly request my engineering community to help end racism.
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80;
        #listen [::]:80;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/glpi;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name glpi-test.voii.com.ar;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # proxy_pass http://localhost:8080;
                # proxy_http_version 1.1;
                # proxy_set_header Upgrade $http_upgrade;
                # proxy_set_header Connection 'upgrade';
                # proxy_set_header Host $host;
                # proxy_cache_bypass $http_upgrade;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

If i execute http://glpi-test.voii.com.ar/ in my web browser page stays blank. What is the issue here? Thank you

edited by MattIPv4

Reply Report

bobbyiliev March 28, 2021
Hi there,

In this case I could suggest checking the Nginx error logs first:

tail -100 /var/log/nginx/error.log

You could also check the access logs to see if the request is reaching the server:

tail -100 /var/log/nginx/access.log

What type of application do you have? It might also be that you need to update your Nginx server block with some additional rules depending on the CMS/framework.

Regards,
Bobby
Reply Report
- madhavm2002 September 6, 2021
  
  Hi Bobby, I am facing the same error as everyone else, 502 bad gateway, can you help me out
  
  The error :
  
  2021/09/06 21:38:58 [error] 26131#26131: *5 connect() to unix:/home/ec2-user/buisness/buisness.sock failed (111: Connection refused) while connecting to upstream, client: 104.152.52.32, server: www.example.com, request: "GET / HTTP/1.0", upstream: "http://unix:/home/ec2-user/buisness/buisness.sock:/" The nginx.conf file:
  server { listen 80; server_name www.example.com; location = /favicon.ico { access_log off; log_not_found off; } location /static/ { root /home/ec2-user/buisness; } location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock; }
  
  Output of sudo nginx -t :
  
  nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
  
  Output of netstat -an | grep “:80”:
  
  tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN]
  
  Reply Report
  
  bobbyiliev September 8, 2021
  
  Hi there,
  
  It looks like that your Nginx service is up and running and the configuration looks good too.
  
  The problem is with the backend service, as Nginx is complaining that it can not connect to the Unix socket at /home/ec2-user/buisness/buisness.sock. You need to make sure that this service is up and running so that Nginx could proxy the traffic to it.
  
  Let me know how it goes!
  Regards,
  Bobby
  
  Reply Report
  
  madhavm2002 September 9, 2021
  
  Hey bobby,
  
  So I managed to fix it, turns out the group mentioned in gunicorn.service was wrong, thanks for responding
  
  Right now Im working on implementing ssl using letsencrypt
  
  Thanks again,
  Madhav
  
  Reply Report
  
  bobbyiliev September 10, 2021
  
  Hi Madhav,
  
  Happy to hear that you’ve got it all up and running!
  
  Here is a good step by step guide on how to install Let’s Encrypt:
  
  https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
  
  Best,
  Bobby
  
  How To Secure Nginx with Let's Encrypt on Ubuntu 20.04
  by Brian Boucheron
  Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. In this tutorial, you will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu 20.04, and set up your certificate to renew automatically.
  
  Reply Report

Answer 18

matiasgermanponce March 25, 2021

Hello @bobbyiliev, i am ahving an issue with virtual host and i cannot see the content of /var/www/glpi (im trying to install glpi). Here’s my virtual host content:

[root@webi-tlbe run]# cat /etc/nginx/sites-available/glpi
## Personal note: Muslims are not terrorists and I humbly request my engineering community to help end racism.
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80;
        #listen [::]:80;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/glpi;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name glpi-test.voii.com.ar;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # proxy_pass http://localhost:8080;
                # proxy_http_version 1.1;
                # proxy_set_header Upgrade $http_upgrade;
                # proxy_set_header Connection 'upgrade';
                # proxy_set_header Host $host;
                # proxy_cache_bypass $http_upgrade;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

If i execute http://glpi-test.voii.com.ar/ in my web browser page stays blank. What is the issue here? Thank you

edited by MattIPv4

Reply Report

bobbyiliev March 28, 2021
Hi there,

In this case I could suggest checking the Nginx error logs first:

tail -100 /var/log/nginx/error.log

You could also check the access logs to see if the request is reaching the server:

tail -100 /var/log/nginx/access.log

What type of application do you have? It might also be that you need to update your Nginx server block with some additional rules depending on the CMS/framework.

Regards,
Bobby
Reply Report
- madhavm2002 September 6, 2021
  
  Hi Bobby, I am facing the same error as everyone else, 502 bad gateway, can you help me out
  
  The error :
  
  2021/09/06 21:38:58 [error] 26131#26131: *5 connect() to unix:/home/ec2-user/buisness/buisness.sock failed (111: Connection refused) while connecting to upstream, client: 104.152.52.32, server: www.example.com, request: "GET / HTTP/1.0", upstream: "http://unix:/home/ec2-user/buisness/buisness.sock:/" The nginx.conf file:
  server { listen 80; server_name www.example.com; location = /favicon.ico { access_log off; log_not_found off; } location /static/ { root /home/ec2-user/buisness; } location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock; }
  
  Output of sudo nginx -t :
  
  nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
  
  Output of netstat -an | grep “:80”:
  
  tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN]
  
  Reply Report
  
  bobbyiliev September 8, 2021
  
  Hi there,
  
  It looks like that your Nginx service is up and running and the configuration looks good too.
  
  The problem is with the backend service, as Nginx is complaining that it can not connect to the Unix socket at /home/ec2-user/buisness/buisness.sock. You need to make sure that this service is up and running so that Nginx could proxy the traffic to it.
  
  Let me know how it goes!
  Regards,
  Bobby
  
  Reply Report
  
  madhavm2002 September 9, 2021
  
  Hey bobby,
  
  So I managed to fix it, turns out the group mentioned in gunicorn.service was wrong, thanks for responding
  
  Right now Im working on implementing ssl using letsencrypt
  
  Thanks again,
  Madhav
  
  Reply Report
  
  bobbyiliev September 10, 2021
  
  Hi Madhav,
  
  Happy to hear that you’ve got it all up and running!
  
  Here is a good step by step guide on how to install Let’s Encrypt:
  
  https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
  
  Best,
  Bobby
  
  How To Secure Nginx with Let's Encrypt on Ubuntu 20.04
  by Brian Boucheron
  Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. In this tutorial, you will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu 20.04, and set up your certificate to renew automatically.
  
  Reply Report

Related

Question

connect() failed (111: Connection refused) while connecting to upstream

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

connect() failed (111: Connection refused) while connecting to upstream

Related

Leave a comment

Related

question

my site i down please see http://www.cheri3a.com/

question

Tutorial for let's encrypt wildcard?

question

Why the vast differences in upload and download speeds?

question

502 Bad Gateway error after rebooting

Looking for something else?