Hi all,

Followed this tutorial to get Let’s Encrypt working on my Nest.js/Node server.

Everything works - running sudo nginx -t returns:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

However, accessing my domain gives me a 502 Bad Gateway error. Specifically (from /var/log/nginx):

15004#15004: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 77.98.141.183, server: ww2.zone, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8000/", host: "ww2.zone"

Here is my /etc/nginx/sites-available file:

Default server configuration
server {
    listen 80;
    listen 127.0.01;    
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}
server {
    # Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ww2.zone;

    # Use the Let’s Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem;

    # Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:8000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }
}

And my server is within a git Repo within home/username.

The code to listen on the port is:
await app.listen(process.env.PORT || 5000);

This used to be process.env.PORT || 80 but that would throw:

Error: listen EADDRINUSE: address already in use :::80

Any ideas? Pulling my hair out atm.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello,

You can only have 1 service listening on 1 port. So as you have Nginx listening on port 80 at the moment, you can not have your Node on the same port.

Also as you currently have your Nginx set to work as a reverse proxy for port 8000, what you could do is to just set Node to listen on port 8000.

This would fix your 502 error.

Hope that this helps!
Regards,
Bobby

  • Hi Bobby, appreciate the reply. I’ve just updated my Node server to listen on port 8000, however, I still get the same error!

    • Hello,

      What I could suggest is checking the ports that are being used on your server with the netstat command. For example you could use the following:

      netstat -plant
      

      Make sure that Nginx is listening on 80 and 443 and that Node is listening on 8000 (as this is what you currently have in your Nginx config for your reverse proxy setup)

      • Hi Bobby,

        Here’s the output table:

        Active Internet connections (servers and established)
        Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
        tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
        tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
        tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
        tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
        tcp        0    816 167.71.143.98:22        77.98.141.183:50089     ESTABLISHED -
        tcp        0      0 167.71.143.98:22        77.98.141.183:53826     ESTABLISHED -
        tcp        0      0 167.71.143.98:22        77.98.141.183:53788     ESTABLISHED -
        tcp        0      0 167.71.143.98:34772     104.248.175.171:25060   ESTABLISHED -
        tcp        0   1080 167.71.143.98:22        153.36.236.35:41061     ESTABLISHED -
        tcp6       0      0 :::80                   :::*                    LISTEN      -
        tcp6       0      0 :::22                   :::*                    LISTEN      -
        tcp6       0      0 :::443                  :::*                    LISTEN      -
        tcp6       0      0 :::5000                 :::*                    LISTEN      -
        
        

        I’m struggling to determine what is the Nginx stuff vs what is my Node server? (I have the server running using Pm2.)

        • Hello,

          I can see that the service is still listening on port 5000:

          tcp6       0      0 :::5000                 :::*                    LISTEN      -
          

          You need to either adjust that and set it to 8000, or you need to adjust your Nginx config and adjust the reverse proxy rule and change it from:

                  proxy_pass http://localhost:8000/;
          

          To:

                  proxy_pass http://localhost:5000/;
          

          That way Nginx would start proxying the connections from port 80 and port 443 to the service that is running on port 5000.

          Hope that this helps!

  • I have the same problem as @hbendixlewis has.

    Here is my config.

    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      960/mysqld
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      938/redis-server 12
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21863/nginx: master
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      713/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      922/sshd
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      21863/nginx: master
    tcp        0      0 127.0.0.1:3306          127.0.0.1:41634         TIME_WAIT   -
    tcp        0    340 167.172.16.179:22       182.48.90.78:51251      ESTABLISHED 20492/sshd: root@pt
    tcp6       0      0 ::1:6379                :::*                    LISTEN      938/redis-server 12
    tcp6       0      0 :::80                   :::*                    LISTEN      21863/nginx: master
    tcp6       0      0 :::22                   :::*                    LISTEN      922/sshd
    tcp6       0      0 :::443                  :::*                    LISTEN      21863/nginx: master
    
    
    • Hi there @loovum,

      Actually, I can’t see any services running on a specific port.

      Can you share more details of your exact setup? For example:

      • Share your Nginx Server Block config

      • What is the backend service that you are trying to connect to?

      • Make sure that your backend service is actually running

      Regards,
      Bobby

  • Hi bobby, I have the same error but not sure if it is the same issue.
    I have the 502 page error on my site just after I installed php7.0 on my server. Before that, I am using Ghost theme and it’s application, I installed php7.0 for using php in the default page of nginx.
    Here’s the error log

    connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xx.xx, server: example.com, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:2370/", host: "example.com"
    

    And the netstat -plant output table:

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:2368          0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:2369          0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:35602         127.0.0.1:3306          ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35460         ESTABLISHED -
    tcp        0      0 192.168.8.7:22          203.218.57.87:55401     ESTABLISHED -
    tcp        0      0 127.0.0.1:35460         127.0.0.1:3306          ESTABLISHED -
    tcp        0      0 127.0.0.1:35470         127.0.0.1:3306          ESTABLISHED -
    tcp        0    376 192.168.8.7:22          203.218.57.87:55492     ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35470         ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35128         ESTABLISHED -
    tcp        0      0 127.0.0.1:35128         127.0.0.1:3306          ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35602         ESTABLISHED -
    tcp6       0      0 :::443                  :::*                    LISTEN      -
    tcp6       0      0 :::9000                 :::*                    LISTEN      -
    tcp6       0      0 :::80                   :::*                    LISTEN      -
    tcp6       0      0 :::21                   :::*                    LISTEN      -
    tcp6       0      0 :::22                   :::*                    LISTEN      -
    
    

    I am bad at troubleshooting, I am looking forward to your reply and I would be grateful. Thx!

    • Hi there @chiuyau,

      It looks like that your backend service which is supposed to listen on port 2370 is not running.

      What are you using exactly for your backend services? It could be Docker or Node.js or something different, what you need to do is make sure that this service is up and running.

      I can see that you have some other services listening on ports 2368 and 2369 so my guess would be that the service which was listening on port 2370 had crashed or has been stopped for some other reasons and needs to be started again.

      Hope that this information gives you some ideas on where to start.

      Let me know how it goes!
      Regards,
      Bobby

      • Thanks Bobby, I had solved the problem!
        For you reference, I’m using VMware and hosting the services local at my home, nodejs + ubuntu 18.04, though I’m not sure which service is listening 2368/2369, but I solve it by rewriting the nginx config to use ip, not dns. For instance, 127.0.0.1 instead of localhost, or remove the ipv6 alias from /etc/hosts.
        Thanks anyway!

I have the same problem, when trying to access the nginx test page

2020/05/23 17:03:43 [error] 9037#9037: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 179.126.139.213, server: hellonode, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:3000/favicon.ico", host: "165.22.43.156", referrer: "http://165.22.43.156/"
2020/05/23 17:03:43 [error] 9037#9037: *27 connect() failed (111: Connection refused) while connecting to upstream, client: 179.126.139.213, server: hellonode, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "165.22.43.156"

run the comand netstat -plant

root@know-how-cloud:/# netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 165.22.43.156:3333      0.0.0.0:*               LISTEN      6385/node /home/dep
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      9029/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      722/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      926/sshd
tcp        0      0 165.22.43.156:22        179.126.139.213:5270    ESTABLISHED 8011/sshd: root@not
tcp        0      0 165.22.43.156:37592     161.35.127.202:25060    ESTABLISHED 6385/node /home/dep
tcp        0    340 165.22.43.156:22        179.126.139.213:1979    ESTABLISHED 5495/sshd: deploy [
tcp        0   1081 165.22.43.156:22        112.85.42.195:41424     FIN_WAIT1   -
tcp        0      0 165.22.43.156:22        222.186.42.7:61212      ESTABLISHED 9455/sshd: [accepte
tcp        0      0 165.22.43.156:80        179.126.139.213:65126   ESTABLISHED 9037/nginx: worker
tcp        0      0 165.22.43.156:80        179.126.139.213:6467    ESTABLISHED 9037/nginx: worker
tcp6       0      0 :::80                   :::*                    LISTEN      9029/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      926/sshd

Do you know how I can fix it?

Submit an Answer