Question

connect() failed (111: Connection refused) while connecting to upstream

Posted August 14, 2019 163.4k views
NginxDigitalOceanAPILet's EncryptUbuntu 18.04

Hi all,

Followed this tutorial to get Let’s Encrypt working on my Nest.js/Node server.

Everything works - running sudo nginx -t returns:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

However, accessing my domain gives me a 502 Bad Gateway error. Specifically (from /var/log/nginx):

15004#15004: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 77.98.141.183, server: ww2.zone, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8000/", host: "ww2.zone"

Here is my /etc/nginx/sites-available file:

Default server configuration
server {
    listen 80;
    listen 127.0.01;    
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}
server {
    # Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ww2.zone;

    # Use the Let’s Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem;

    # Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:8000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }
}

And my server is within a git Repo within home/username.

The code to listen on the port is:
await app.listen(process.env.PORT || 5000);

This used to be process.env.PORT || 80 but that would throw:

Error: listen EADDRINUSE: address already in use :::80

Any ideas? Pulling my hair out atm.

1 comment
  • Show comment This comment has been marked as resolved by bobbyiliev.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
10 answers

Hello,

You can only have 1 service listening on 1 port. So as you have Nginx listening on port 80 at the moment, you can not have your Node on the same port.

Also as you currently have your Nginx set to work as a reverse proxy for port 8000, what you could do is to just set Node to listen on port 8000.

This would fix your 502 error.

Here is a link to an answer on how to troubleshoot common Nginx problems:

https://www.digitalocean.com/community/questions/how-to-troubleshoot-common-nginx-issues-on-linux-server

Here is also a quick video demo on how to do that:

Hope that this helps!
Regards,
Bobby

  • Hi Bobby, appreciate the reply. I’ve just updated my Node server to listen on port 8000, however, I still get the same error!

    • Hello,

      What I could suggest is checking the ports that are being used on your server with the netstat command. For example you could use the following:

      netstat -plant
      

      Make sure that Nginx is listening on 80 and 443 and that Node is listening on 8000 (as this is what you currently have in your Nginx config for your reverse proxy setup)

      • Hi Bobby,

        Here’s the output table:

        Active Internet connections (servers and established)
        Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
        tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
        tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
        tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
        tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
        tcp        0    816 167.71.143.98:22        77.98.141.183:50089     ESTABLISHED -
        tcp        0      0 167.71.143.98:22        77.98.141.183:53826     ESTABLISHED -
        tcp        0      0 167.71.143.98:22        77.98.141.183:53788     ESTABLISHED -
        tcp        0      0 167.71.143.98:34772     104.248.175.171:25060   ESTABLISHED -
        tcp        0   1080 167.71.143.98:22        153.36.236.35:41061     ESTABLISHED -
        tcp6       0      0 :::80                   :::*                    LISTEN      -
        tcp6       0      0 :::22                   :::*                    LISTEN      -
        tcp6       0      0 :::443                  :::*                    LISTEN      -
        tcp6       0      0 :::5000                 :::*                    LISTEN      -
        
        

        I’m struggling to determine what is the Nginx stuff vs what is my Node server? (I have the server running using Pm2.)

        • Hello,

          I can see that the service is still listening on port 5000:

          tcp6       0      0 :::5000                 :::*                    LISTEN      -
          

          You need to either adjust that and set it to 8000, or you need to adjust your Nginx config and adjust the reverse proxy rule and change it from:

                  proxy_pass http://localhost:8000/;
          

          To:

                  proxy_pass http://localhost:5000/;
          

          That way Nginx would start proxying the connections from port 80 and port 443 to the service that is running on port 5000.

          Hope that this helps!

      • Hi Bobby,
        I have tried everything you answered here but it’s not working for me.

        This is my nginx.conf file

        events{ }
        
         http {
            #  sendfile on;
        
            # upstream app_servers {
            #     server 127.0.0.1:8543;
        
            # }
        
            server {
                listen 80;
        
                location / {
                    # proxy_connect_timeout 500s;
                    # proxy_send_timeout 500s;
                    # proxy_read_timeout 500s;
                    # send_timeout 500s;
        
                    #large_client_header_buffers 4 16k;
                    proxy_pass http://localhost:8000;
        
                    # proxy_redirect off;
                    # proxy_set_header Host $host;
                    # proxy_set_header X-Real-IP $remote_addr;
                    # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    # proxy_set_header X-Forwarded-Host $server_name;
                }
            }
         }
        
        

        My backend is a node app running in docker container on port 8000

        This is my docker-compose file

        version: '3'
        
        services:
        
          mymongo:
            image: mongo
        
          app:
            build:
              context: ./app
              dockerfile: Dockerfile
            ports: 
              - "8000:8000"
          proxy:
            build:
              context: ./nginx
              dockerfile: Dockerfile
            volumes: 
                - ./nginx:/usr/local/etc/nginx
            ports: 
              - "80:80"
        

        Running ports:
        docker containers are running fine on 80 and 8000

        • Hi there @savjisuyash,

          I believe that the problem is that you are using localhost in your Nginx config and as the Nginx is running inside a Docker container, using localhost is like referencing to the container itself.

          You would need to either use the server IP address rather than localhost or try using the name of your container which is hosting the backend service.

          Let me know how it goes!
          Regards,
          Bobby

  • I have the same problem as @hbendixlewis has.

    Here is my config.

    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      960/mysqld
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      938/redis-server 12
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21863/nginx: master
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      713/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      922/sshd
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      21863/nginx: master
    tcp        0      0 127.0.0.1:3306          127.0.0.1:41634         TIME_WAIT   -
    tcp        0    340 167.172.16.179:22       182.48.90.78:51251      ESTABLISHED 20492/sshd: root@pt
    tcp6       0      0 ::1:6379                :::*                    LISTEN      938/redis-server 12
    tcp6       0      0 :::80                   :::*                    LISTEN      21863/nginx: master
    tcp6       0      0 :::22                   :::*                    LISTEN      922/sshd
    tcp6       0      0 :::443                  :::*                    LISTEN      21863/nginx: master
    
    
  • Hi bobby, I have the same error but not sure if it is the same issue.
    I have the 502 page error on my site just after I installed php7.0 on my server. Before that, I am using Ghost theme and it’s application, I installed php7.0 for using php in the default page of nginx.
    Here’s the error log

    connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xx.xx, server: example.com, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:2370/", host: "example.com"
    

    And the netstat -plant output table:

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:2368          0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:2369          0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:35602         127.0.0.1:3306          ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35460         ESTABLISHED -
    tcp        0      0 192.168.8.7:22          203.218.57.87:55401     ESTABLISHED -
    tcp        0      0 127.0.0.1:35460         127.0.0.1:3306          ESTABLISHED -
    tcp        0      0 127.0.0.1:35470         127.0.0.1:3306          ESTABLISHED -
    tcp        0    376 192.168.8.7:22          203.218.57.87:55492     ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35470         ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35128         ESTABLISHED -
    tcp        0      0 127.0.0.1:35128         127.0.0.1:3306          ESTABLISHED -
    tcp        0      0 127.0.0.1:3306          127.0.0.1:35602         ESTABLISHED -
    tcp6       0      0 :::443                  :::*                    LISTEN      -
    tcp6       0      0 :::9000                 :::*                    LISTEN      -
    tcp6       0      0 :::80                   :::*                    LISTEN      -
    tcp6       0      0 :::21                   :::*                    LISTEN      -
    tcp6       0      0 :::22                   :::*                    LISTEN      -
    
    

    I am bad at troubleshooting, I am looking forward to your reply and I would be grateful. Thx!

    • Hi there @chiuyau,

      It looks like that your backend service which is supposed to listen on port 2370 is not running.

      What are you using exactly for your backend services? It could be Docker or Node.js or something different, what you need to do is make sure that this service is up and running.

      I can see that you have some other services listening on ports 2368 and 2369 so my guess would be that the service which was listening on port 2370 had crashed or has been stopped for some other reasons and needs to be started again.

      Hope that this information gives you some ideas on where to start.

      Let me know how it goes!
      Regards,
      Bobby

      • Thanks Bobby, I had solved the problem!
        For you reference, I’m using VMware and hosting the services local at my home, nodejs + ubuntu 18.04, though I’m not sure which service is listening 2368/2369, but I solve it by rewriting the nginx config to use ip, not dns. For instance, 127.0.0.1 instead of localhost, or remove the ipv6 alias from /etc/hosts.
        Thanks anyway!

  • Hi Bobby,
    I have an issues but I can’t find a way to resolve it, hope you can help me.

    I have setup Nginx:

    location = /xmpp-websocket {
        proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }
    
    # colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;
    }
    location ~ ^/colibri-ws/jvb2/(.*) {
       proxy_pass http://127.0.0.1:9091/colibri-ws/jvb2/$1$is_args$args;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       tcp_nodelay on;
    }
    

    And this is the netstat -plant output:

    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      22278/nginx: master
    tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      19831/lua5.2
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      528/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1767/sshd: /usr/sbi
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      22278/nginx: master
    tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      19831/lua5.2
    tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      19831/lua5.2
    tcp        0      0 10.104.0.2:5349         0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.15.0.5:5349          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 178.128.124.127:5349    0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.104.0.2:5349         0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.15.0.5:5349          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 178.128.124.127:5349    0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.104.0.2:5350         0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.15.0.5:5350          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 178.128.124.127:5350    0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.104.0.2:5350         0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 10.15.0.5:5350          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 178.128.124.127:5350    0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      21993/turnserver
    tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      19831/lua5.2
    tcp        0      0 127.0.0.1:5347          127.0.0.1:60556         ESTABLISHED 19831/lua5.2
    tcp        0      0 127.0.0.1:5222          127.0.0.1:55330         ESTABLISHED 19831/lua5.2
    tcp        0      0 178.128.124.127:5222    178.128.124.157:37578   ESTABLISHED 19831/lua5.2
    tcp        0   1920 178.128.124.127:22      42.115.132.147:64608    ESTABLISHED 26550/sshd: root@pt
    tcp        0      0 178.128.124.127:22      49.88.112.67:42336      SYN_RECV    -
    tcp6       0      0 :::80                   :::*                    LISTEN      22278/nginx: master
    tcp6       0      0 :::5269                 :::*                    LISTEN      19831/lua5.2
    tcp6       0      0 :::22                   :::*                    LISTEN      1767/sshd: /usr/sbi
    tcp6       0      0 :::8888                 :::*                    LISTEN      17968/java
    tcp6       0      0 :::443                  :::*                    LISTEN      22278/nginx: master
    tcp6       0      0 :::5280                 :::*                    LISTEN      19831/lua5.2
    tcp6       0      0 ::1:5347                :::*                    LISTEN      19831/lua5.2
    tcp6       0      0 ::1:5349                :::*                    LISTEN      21993/turnserver
    tcp6       0      0 ::1:5349                :::*                    LISTEN      21993/turnserver
    tcp6       0      0 :::5222                 :::*                    LISTEN      19831/lua5.2
    tcp6       0      0 ::1:5350                :::*                    LISTEN      21993/turnserver
    tcp6       0      0 ::1:5350                :::*                    LISTEN      21993/turnserver
    tcp6       0      0 127.0.0.1:60556         127.0.0.1:5347          ESTABLISHED 17968/java
    tcp6       0      0 127.0.0.1:55330         127.0.0.1:5222          ESTABLISHED 17968/java
    

    I can’t find port 9090 or 9091 open

    And this is my Nginx error log:

     2021/03/22 09:43:55 [error] 22280#22280: *1942 connect() failed (111: Connection refused) while connecting to upstream, client: 118.70.211.227, server: dystansee.ddns.net, request: "GET /colibri-ws/jvb2/41e1758e1c730611/3a869f46?pwd=1na4c80qp10nd57l6ji381n1m3 HTTP/1.1", upstream: "http://127.0.0.1:9091/colibri-ws/jvb2/41e1758e1c730611/3a869f46?pwd=1na4c80qp10nd57l6ji381n1m3", host: "dystansee.ddns.net"
    

    I think port 9090 and 9091 don’t open, so it cause “connection refused error”, please help me fix this issue. Thank you.

    • Hi there @lamnxhe130369,

      It looks like that the services are supposed to be listening on ports 9090 and 9091 are not running.

      You need to make sure that those 2 services are runing.

      Basically, the problem is that Nginx is trying to proxy the traffic to services that are not available.

      To fix that you need to start the services or check why they are not running.

      Regards,
      Bobby

  • Hi Bobby,

    I’m getting this error in NGINX. We are using 2 back end ports 3001 and 3003 in NGINX config file but it’s not showing on the running port number list when I’m running the netstat command (netstat -plant). I’m facing a problem to enable the 2 port numbers (3001 and 3003). Please help me to enable the back end port.

    [error] 2517#2517: *988 connect() failed (111: Connection refused) while connecting to upstream, client: 203.159.80.75, server: ourmart.in, request: “GET / HTTP/1.1”, upstream: “http://127.0.0.1:3003/”, host: “3.134.220.238:80”

    PID/Program name
    tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN -
    tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
    tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
    tcp 0 816 172.31.16.124:22 49.37.183.23:54196 ESTABLISHED -
    tcp6 0 0 :::80 :::* LISTEN -
    tcp6 0 0 :::22 :::* LISTEN

    • Hello, have you got it through with this problem? I also got the same problem as you described.

    • Hi there,

      It looks like that the services that should be listening on ports 3001 and 3003 are not running.

      All that the Nginx proxy does is to forward the traffic from port 80 to the backend services. If there are no services listening on those ports, the Nginx proxy will fail.

      To fix this, you need to start the services first. This would depend on your specific backend services, for example, they could be running in Docker containers, if so you would need to start the containers.

      Let me know if you have any questions!
      Regards,
      Bobby

I have the same problem, when trying to access the nginx test page

2020/05/23 17:03:43 [error] 9037#9037: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 179.126.139.213, server: hellonode, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:3000/favicon.ico", host: "165.22.43.156", referrer: "http://165.22.43.156/"
2020/05/23 17:03:43 [error] 9037#9037: *27 connect() failed (111: Connection refused) while connecting to upstream, client: 179.126.139.213, server: hellonode, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "165.22.43.156"

run the comand netstat -plant

root@know-how-cloud:/# netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 165.22.43.156:3333      0.0.0.0:*               LISTEN      6385/node /home/dep
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      9029/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      722/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      926/sshd
tcp        0      0 165.22.43.156:22        179.126.139.213:5270    ESTABLISHED 8011/sshd: root@not
tcp        0      0 165.22.43.156:37592     161.35.127.202:25060    ESTABLISHED 6385/node /home/dep
tcp        0    340 165.22.43.156:22        179.126.139.213:1979    ESTABLISHED 5495/sshd: deploy [
tcp        0   1081 165.22.43.156:22        112.85.42.195:41424     FIN_WAIT1   -
tcp        0      0 165.22.43.156:22        222.186.42.7:61212      ESTABLISHED 9455/sshd: [accepte
tcp        0      0 165.22.43.156:80        179.126.139.213:65126   ESTABLISHED 9037/nginx: worker
tcp        0      0 165.22.43.156:80        179.126.139.213:6467    ESTABLISHED 9037/nginx: worker
tcp6       0      0 :::80                   :::*                    LISTEN      9029/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      926/sshd

Do you know how I can fix it?

  • Hi there,

    It looks like that you’ve specified port 3000 for your proxy pass. However, there is no service that is listening on that port.

    You either need to start your backend service on port 3000 or change the port in your Nginx config to match the port of your backend service.

    Regards,
    Bobby

I am having same issue however on browser, i am having this issue and logs doesn’t have such issues. I ran the command “netstat -plant”. Here’s the result.

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0    612 <IP>:22        106.204.206.144:3884    ESTABLISHED -                   
tcp        0      1 <IP>:42432     <IP>:3306       SYN_SENT    -                   
tcp        0      1 <IP>:42434     <IP>:3306       SYN_SENT    -                   
tcp6       0      0 :::21                   :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -  
**Error:**  connect() failed (111: Connection refused) while connecting to upstream, 
client: 157.32.151.133, server: _, request: "GET /api/jinping/getdetails HTTP/1.1", 
upstream: "http://127.0.0.1:5000/api/jinping/getdetails", host: "104.248.238.219"


**NgInx Config File(/etc/nginx/sites-available): **

    upstream backend {
       server 127.0.0.1:5000
       keepalive 32;
    }


server {

server_name _;
listen 80;
location / {

proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;

proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

}
#listen [::]:443; # managed by Certbot
#listen 443 ssl; # managed by Certbot
#ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Service (.Net Core web API):

[Unit]
Description=HealthCare .NET Web API App running on Ubuntu

[Service]
WorkingDirectory=/var/www/healthcare/
ExecStart=/usr/bin/dotnet /var/www/healthcare/bin/Debug/netcoreapp2.0/publish/Session1.dll --urls="http://104.248.238.219:5000;https://104.248.238.219:5001"
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
SyslogIdentifier=Health
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

[Install]
WantedBy=multi-user.target

Please help me to solve this issue.

edited by bobbyiliev
  • Hi there,

    Can you run netstat -plant and check if your backend service is actually listening on port 5000?

    Regards,
    Bobby

    • Hi there,

      I am having a similar issue where I receive a 502 bad gateway page…

      I am not sure what is wrong with my configuration.

      events {

      }
      http {
      server {
        listen 8081 ssl;
        listen [::]:8081 ssl;
          ssl_certificate     /var/cpanel/ssl/apache_tls/liemcomputing.ca/combined;
          ssl_certificate_key /var/cpanel/ssl/apache_tls/liemcomputing.ca/combined;
          ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers         HIGH:!aNULL:!MD5;
      
      
        server_name liemcomputing.ca;
        location / {
           proxy_pass http://127.0.0.1:8080/;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection upgrade;
           proxy_set_header Accept-Encoding gzip;
        }
      }
      }
      
      

      and here is netstat -plant

      Active Internet connections (servers and established)
      Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
      tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      797/dovecot
      tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      797/dovecot
      tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
      tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      493/spamd-dormant:
      tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
      tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      882/httpd
      tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
      tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      20181/nginx: master
      tcp        0      0 67.43.224.118:53        0.0.0.0:*               LISTEN      536/named
      tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      536/named
      tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      450/pure-ftpd (SERV
      tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      536/named
      tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      882/httpd
      tcp        0      0 0.0.0.0:2077            0.0.0.0:*               LISTEN      563/cpdavd - accept
      tcp        0      0 0.0.0.0:2078            0.0.0.0:*               LISTEN      563/cpdavd - accept
      tcp        0      0 0.0.0.0:2079            0.0.0.0:*               LISTEN      563/cpdavd - accept
      tcp        0      0 0.0.0.0:2080            0.0.0.0:*               LISTEN      563/cpdavd - accept
      tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      797/dovecot
      tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
      tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      797/dovecot
      tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
      tcp        0      0 0.0.0.0:2243            0.0.0.0:*               LISTEN      449/sshd
      tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
      tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      461/cpsrvd (SSL) -
      tcp        0      0 0.0.0.0:2090            0.0.0.0:*               LISTEN      563/cpdavd - accept
      tcp        0      0 0.0.0.0:2091            0.0.0.0:*               LISTEN      563/cpdavd - accept
      tcp        1      0 127.0.0.1:47262         127.0.0.1:2086          CLOSE_WAIT  1431/httpd
      tcp        1      0 127.0.0.1:55038         127.0.0.1:2095          CLOSE_WAIT  1271/httpd
      tcp        0      0 67.43.224.118:443       64.114.199.74:3524      TIME_WAIT   -
      tcp        1      0 127.0.0.1:47270         127.0.0.1:2086          CLOSE_WAIT  1360/httpd
      tcp        1      0 127.0.0.1:41534         127.0.0.1:2095          CLOSE_WAIT  1140/httpd
      tcp        1      0 127.0.0.1:60904         127.0.0.1:2095          CLOSE_WAIT  1271/httpd
      tcp        1      0 127.0.0.1:41210         127.0.0.1:2095          CLOSE_WAIT  1366/httpd
      tcp        1      0 127.0.0.1:36294         127.0.0.1:2086          CLOSE_WAIT  1366/httpd
      tcp        1      0 127.0.0.1:48402         127.0.0.1:2082          CLOSE_WAIT  1431/httpd
      tcp        1      0 127.0.0.1:47278         127.0.0.1:2086          CLOSE_WAIT  912/httpd
      tcp        1      0 127.0.0.1:47248         127.0.0.1:2086          CLOSE_WAIT  1271/httpd
      tcp        0      0 67.43.224.118:443       96.55.132.195:49735     TIME_WAIT   -
      tcp        1      0 127.0.0.1:60874         127.0.0.1:2095          CLOSE_WAIT  1360/httpd
      tcp        1      0 127.0.0.1:56174         127.0.0.1:2095          CLOSE_WAIT  1360/httpd
      tcp        1      0 127.0.0.1:44824         127.0.0.1:2095          CLOSE_WAIT  1431/httpd
      tcp        1      0 127.0.0.1:43072         127.0.0.1:2082          CLOSE_WAIT  1366/httpd
      tcp        1      0 127.0.0.1:60918         127.0.0.1:2095          CLOSE_WAIT  1431/httpd
      tcp        1      0 127.0.0.1:46410         127.0.0.1:2086          CLOSE_WAIT  1140/httpd
      tcp        1      0 127.0.0.1:47254         127.0.0.1:2086          CLOSE_WAIT  913/httpd
      tcp        1      0 127.0.0.1:48372         127.0.0.1:2082          CLOSE_WAIT  1366/httpd
      tcp        0    611 67.43.224.118:2087      64.114.199.74:5030      ESTABLISHED 18952/cpsrvd websoc
      tcp6       0      0 :::110                  :::*                    LISTEN      797/dovecot
      tcp6       0      0 :::111                  :::*                    LISTEN      1918/rpcbind
      tcp6       0      0 :::143                  :::*                    LISTEN      797/dovecot
      tcp6       0      0 127.0.0.1:7984          :::*                    LISTEN      16896/java
      tcp6       0      0 :::80                   :::*                    LISTEN      882/httpd
      tcp6       0      0 :::8081                 :::*                    LISTEN      20181/nginx: master
      tcp6       0      0 :::53                   :::*                    LISTEN      536/named
      tcp6       0      0 :::21                   :::*                    LISTEN      450/pure-ftpd (SERV
      tcp6       0      0 127.0.0.1:8984          :::*                    LISTEN      16896/java
      tcp6       0      0 :::443                  :::*                    LISTEN      882/httpd
      tcp6       0      0 :::993                  :::*                    LISTEN      797/dovecot
      tcp6       0      0 :::995                  :::*                    LISTEN      797/dovecot
      tcp6       0      0 :::2243                 :::*                    LISTEN      449/sshd
      tcp6       0      0 :::3306                 :::*                    LISTEN      1709/mysqld
      

      Any help would be greatly appreciated.

      Thanks.

      • Hi there,

        As far as I can see your Nginx service is trying to proxy the traffic to a backend service that should be listening on port 8080.

        However there is no such service at the moment.

        It looks like that it might have crashed or been stopped.

        To fix the problem, you would need to start the service that is supposed to be listening on port 8080.

        This would really depend on your specific configuration.

        Let me know if you have any questions!
        Regards,
        Bobby

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      19783/dotnet
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      26606/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14585/nginx: master
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      614/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      736/sshd
tcp        0      0 104.248.238.219:22      3.131.7.66:53227        ESTABLISHED 19114/sshd: root@no
tcp        0   1081 104.248.238.219:22      222.186.180.142:37107   FIN_WAIT1   -
tcp        0   1081 104.248.238.219:22      222.186.180.142:44469   FIN_WAIT1   -
tcp        0      1 104.248.238.219:22      222.186.169.192:47172   FIN_WAIT1   -
tcp        0      0 104.248.238.219:80      98.209.15.49:64734      SYN_RECV    -
tcp        0      0 104.248.238.219:22      113.57.170.50:18180     ESTABLISHED 19826/sshd: unknown
tcp        0      0 104.248.238.219:22      188.165.169.238:59054   ESTABLISHED 19829/sshd: unknown
tcp        0    464 104.248.238.219:22      3.131.7.66:53230        ESTABLISHED 19224/sshd: root@pt
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      23842/java
tcp6       0      0 ::1:5000                :::*                    LISTEN      19783/dotnet
tcp6       0      0 :::8080                 :::*                    LISTEN      23842/java
tcp6       0      0 :::22                   :::*                    LISTEN      736/sshd

See this is my result after hit that command. I think service is starting there.

edited by bobbyiliev

hello, got same problem. But mine is very simple. My Webserver runs on my laptop, which is my editor for the www files. But i cannot visit my website from another Device in same network. it change the the local ip to localhost on my other device (?) or it gives me a 502 site

Since 4 hours i have been looking on the internet, did a lot of changes but nothing helped. Have you guys any tips for me ?

thanks and sorry for my bad english

have the same problem since a few days…

nginx conf

server {
  listen   80;
  root /var/www;
  index index.php index.html index.htm;
  server_name_in_redirect off;
  server_name localhost;
   proxy_redirect off;
  proxy_set_header Host $http_host; 

 location / {
      proxy_pass http://127.0.0.1:4001;
    proxy_set_header Host $server_name;
    try_files $uri $uri/ /index.php;
  }


#  error_page 404 /404.html;
#  error_page 500 502 503 504 /50x.html;
#  location = /50x.html {
#    root /var/www;
#  }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  location ~ \.php$ {
    try_files $uri =404;
    #fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

ufw

--                         ------      ---
80                         ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
80 (v6)                    ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)             


netstat -plant

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      783/systemd-resolve 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      901/cupsd           
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      77280/php-fpm: mast 
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      68490/mysqld        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      78190/nginx: master 

tcp6       0      0 ::1:631                 :::*                    LISTEN      901/cupsd           
tcp6       0      0 :::33060                :::*                    LISTEN      68490/mysqld        


php www.conf

;listen = /var/run/php/php7.4-fpm.sock
listen = 127.0.0.1:9000

i dont know, even the people from stackoverflow (dont get me wrong)

hope you guys got the solution, thanks

edited by bobbyiliev
  • Hello,

    It looks like that you’ve setup a reverse proxy to proxy your traffic to port 4001 but at the moment nothing is running on that port.

    You need to make sure that your backend service is actually listening on port 4001.

    It would really depend on what exactly you are using for backend, for example, it might be a Docker container that has crashed on a Node.js service. But in any case you would need to get your backend service up and running.

    Let me know if you have any questions.
    Regards,
    Bobby

hello bobbyiliev thank you for your reply.

i dont know what you mean with proxy 4001 and backend service, i have never heard of them. I got never issues like this, how i can i install and set up this kind of proxy? btw i run a shop system with admin interface.

these lines are only to stop nginx redirecting my other network devices to localhost

  proxy_pass http://127.0.0.1:4001;
    proxy_set_header Host $server_name;

hope you can help
regards
amino

  • Hi there @amino123,

    Yes so your current configuration is telling Nginx to proxy the traffic to http://127.0.0.1:4001, and in order for this to work, you need to have another service listening on that port.

    That service would really depend on your setup. For example, you might have a Node JS application running on that port or a Docker container and etc.

    From the netstat output that you’ve shared, I can see that there is no service listening on that port.

    In this case, you need to either remove the proxy_proxy pass rules completely or make sure that your service is started. But this would again really depend on your application and its architecture.

    Hope that this helps!
    Regards,
    Bobby

Hi there @moisesalejandro,

What I could suggest in your case is to check your Docker container’s logs for more information on why the connections might be failing.

To do that, you can run the following:

  • First get your Docker container ID:
  • docker ps -a
  • Then check the logs with:
  • docker logs your_container_id

Feel free to share the logs here!
Regards,
Bobby

Hello, looks like I am also facing the same issue. And this has suddenly come up. Haven’t done any changes to server unless DO has done at their end.

Kindly help.
The error fron nginx/error.log:

2020/10/12 11:05:44 [error] 915#915: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://127.0.0.1:8000/favicon.ico”, host: “test.uxhack.co”, referrer: “https://test.uxhack.co/
2020/10/12 11:08:07 [error] 915#915: *4 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET / HTTP/1.1”, upstream: “http://127.0.0.1:8000/”, host: “test.uxhack.co”
2020/10/12 11:08:07 [error] 915#915: *4 connect() failed (111: Connection refused) while connecting to upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://127.0.0.1:8000/favicon.ico”, host: “test.uxhack.co”, referrer: “https://test.uxhack.co/

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      914/nginx: master p
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      693/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      893/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      914/nginx: master p
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      2165/python3
tcp        0      0 139.59.5.173:80         52.84.150.39:13100      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:16550      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:4970       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:24841      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:40249      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:27163      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:31014      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:40948      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:46110      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:38434      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:17559      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:27500      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:18538      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:51304      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:44313      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:31117      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60028      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:23283      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:39763      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:2837       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:54697      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:28925      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:12038      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:23878      SYN_RECV    -
tcp        0   5140 139.59.5.173:22         122.177.172.254:53190   ESTABLISHED 1132/sshd: root@pts
tcp        0      0 139.59.5.173:80         52.84.150.39:34837      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60232      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:45250      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:24603      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:34587      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:59458      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:160        SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:46887      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:825        SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:7317       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60776      SYN_RECV    -
tcp6       0      0 :::3306                 :::*                    LISTEN      925/mysqld
tcp6       0      0 :::22                   :::*                    LISTEN      893/sshd

Kindly help

  • Hello @bobbyiliev, i am ahving an issue with virtual host and i cannot see the content of /var/www/glpi (im trying to install glpi). Here’s my virtual host content:

    [root@webi-tlbe run]# cat /etc/nginx/sites-available/glpi
    ## Personal note: Muslims are not terrorists and I humbly request my engineering community to help end racism.
    # You should look at the following URL's in order to grasp a solid understanding
    # of Nginx configuration files in order to fully unleash the power of Nginx.
    # http://wiki.nginx.org/Pitfalls
    # http://wiki.nginx.org/QuickStart
    # http://wiki.nginx.org/Configuration
    #
    # Generally, you will want to move this file somewhere, and start with a clean
    # file but keep this around for reference. Or just disable in sites-enabled.
    #
    # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
    ##
    
    # Default server configuration
    #
    server {
            listen 80;
            #listen [::]:80;
    
            # SSL configuration
            #
            # listen 443 ssl default_server;
            # listen [::]:443 ssl default_server;
            #
            # Note: You should disable gzip for SSL traffic.
            # See: https://bugs.debian.org/773332
            #
            # Read up on ssl_ciphers to ensure a secure configuration.
            # See: https://bugs.debian.org/765782
            #
            # Self signed certs generated by the ssl-cert package
            # Don't use them in a production server!
            #
            # include snippets/snakeoil.conf;
    
            root /var/www/glpi;
    
            # Add index.php to the list if you are using PHP
            index index.php index.html index.htm index.nginx-debian.html;
    
            server_name glpi-test.voii.com.ar;
    
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ =404;
                    # proxy_pass http://localhost:8080;
                    # proxy_http_version 1.1;
                    # proxy_set_header Upgrade $http_upgrade;
                    # proxy_set_header Connection 'upgrade';
                    # proxy_set_header Host $host;
                    # proxy_cache_bypass $http_upgrade;
            }
    
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            location ~ \.php$ {
                   include snippets/fastcgi-php.conf;
            #
            #       # With php7.0-cgi alone:
            #       fastcgi_pass 127.0.0.1:9000;
            #       # With php7.0-fpm:
                    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
            }
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /\.ht {
            #       deny all;
            #}
    }
    
    
    # Virtual Host configuration for example.com
    #
    # You can move that to a different file under sites-available/ and symlink that
    # to sites-enabled/ to enable it.
    #
    #server {
    #       listen 80;
    #       listen [::]:80;
    #
    #       server_name example.com;
    #
    #       root /var/www/example.com;
    #       index index.html;
    #
    #       location / {
    #               try_files $uri $uri/ =404;
    #       }
    #}
    

    If i execute http://glpi-test.voii.com.ar/ in my web browser page stays blank. What is the issue here? Thank you

    edited by MattIPv4
    • Hi there,

      In this case I could suggest checking the Nginx error logs first:

      tail -100 /var/log/nginx/error.log
      

      You could also check the access logs to see if the request is reaching the server:

      tail -100 /var/log/nginx/access.log
      

      What type of application do you have? It might also be that you need to update your Nginx server block with some additional rules depending on the CMS/framework.

      Regards,
      Bobby