Domain returns 502 bad gateway, why can I no longer connect

Posted September 8, 2018
Apache

I was trying to set up a sub domain when suddenly I can no longer connect to my primary domain. I have a server set up with nginx. I am still learning this whole process and would really appreciate some help in what to do to fix this. Let me know what files I should include that would help you to help me fix this issue.

jchud13

jchud13 • September 11, 2018

I don’t really have a back end. The server is being run with nginx and I am coding the website myself. I am not using wordpress or any other kind of external program I am trying to build this all on my own.

Jason Peters • September 10, 2018

/etc/nginx/sites-available/defaut

First to help make the configuration less confusing we can change the default file to whats desplayed below.

server {
  listen 80 default_server;
  listen 443 default_server;
  
  server_name _;
  
  return 444;
}

This returns a 444 on both ports 80 and 443 with a no respnse and closes the connection. This happens for any traffic hitting the server that is not jchud.ninja - essentially a black hole.

From what I can see the issue is you have incomplete server blocks. As I do not know what you file name is I am just going to assume it is the following…

/etc/nginx/sites-available/jchud.ninja and we will work with the blog.* domain.

we first change

server_name _ blog.jchud.ninja;

server_name blog.jchud.ninja;

we romove…

root /var/www/blog.jchud.ninja/html;

index index.php index.html index.htm index.nginx-debian.html;

location ~ \.php$ {
    include snippets/fastcgi-php.conf;

    # With php7.0-cgi alon
    # With php7.0-fpm:
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

These directive are conflicting with what I am assuming is the desired destination. The server block should look like this now. \

server {
    listen 80;

    server_name blog.jchud.ninja;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        try_files $uri $uri/ =404;
    }    
}

Note that the blog application present on port 8080 needs to be active - Also noted these settings are non-ssl configurations.

The biggest issue that I see is that your server blocks are incomplete and in some cases conflicting. A couple questions I have are what are your back ends - ie your website (wordpress?) and your blog(ghost?)?

jchud13 • September 9, 2018

@jasonjpeters

# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm index.nginx-debian.html;

	server_name _  jchud.ninja www.jchud.ninja;

	location / {
	proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	
		# With php7.0-cgi alon
		# With php7.0-fpm:
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
		deny all;
	}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm index.nginx-debian.html;
    server_name www.jchud.ninja jchud.ninja; # managed by Certbot


	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	
		# With php7.0-cgi alon
		# With php7.0-fpm:
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
		deny all;
	}


    ssl_certificate /etc/letsencrypt/live/jchud.ninja/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/jchud.ninja/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}
server {
    if ($host = www.jchud.ninja) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = jchud.ninja) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 ;
	listen [::]:80 ;
    server_name www.jchud.ninja jchud.ninja;
    return 404; # managed by Certbot




}

code

That is my default website nginx config, and this next one is my subdomains.

 ##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/blog.jchud.ninja/html;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm index.nginx-debian.html;

	server_name _  blog.jchud.ninja;

	location / {
	proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	
		# With php7.0-cgi alon
		# With php7.0-fpm:
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
		deny all;
	}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm index.nginx-debian.html;
    server_name www.jchud.ninja jchud.ninja; # managed by Certbot


	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	
		# With php7.0-cgi alon
		# With php7.0-fpm:
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
		deny all;
	}


    ssl_certificate /etc/letsencrypt/live/jchud.ninja/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/jchud.ninja/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}
server {
    if ($host = www.jchud.ninja) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = jchud.ninja) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 ;
	listen [::]:80 ;
    server_name www.jchud.ninja jchud.ninja;
    return 404; # managed by Certbot




}

Jason Peters • September 9, 2018

Can you post your NGINX Config for your domain and sub-domain?

Submit an answer

You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev • December 2, 2020

Hello,

In addition to what has already been mentioned, I would recommend following these steps in case that you are having any problems with your nginx server and you are unsure on what the problem is:

Check if nginx is running:

systemctl status nginx

If nginx is running you should see something like this:

● nginx.service - The nginx HTTP Server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-11-19 09:37:46 UTC; 2 days ago
     Docs: https://httpd.nginx.org/docs/2.4/

If nginx is not running then the output would look like this:

● nginx.service - The nginx HTTP Server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Fri 2019-11-22 08:41:01 UTC; 39s ago
     Docs: https://httpd.nginx.org/docs/2.4/

If nginx is not running you could start it with:

systemctl start nginx

Then check the status agian and make sure that nginx remains running.

If nginx did not start after a reboot, you could enable it so that it starts after the next reboot:

systemctl enable nginx

Check your nginx config syntax:

nginx -t

If you get an error, you would need to fix that problem and then you could restart nginx:

systemctl restart nginx

If you get Syntax OK when running nginx -t then your confiruation is correct, so I would recommend checking your error logs:

tail -f /var/log/nginx/error.log

Check the permissions of the files and folders in your document root:

Find the user that your nginx service is running as:

ps auxf | grep nginx

If you are using Ubuntu, the user should be www-data, so you would need to make sure that your files and folders are owned by that user, so nginx could read and write to those files:

chown -R www-data:www-data /var/www/yourdomain.com

Check if nginx is binding to the default ports:

netstat -plant | grep '80\|443'

Check if ufw allows TCP connections on port 80 and 443:

ufw status

If this is the case, you can follow the steps from this article here on how to configure your ufw:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-18-04

That is pretty much it, with all of the above information you should be able to narrow down the problem.

For more information I would suggest checking out this article here:

https://www.digitalocean.com/community/tutorials/how-to-troubleshoot-common-site-issues-on-a-linux-server

And here is also a quick video demo on how to do that as well:

Hope that this helps! Regards, Bobby Source: How to Troubleshoot Common Nginx Issues on Linux Server?

Join the DigitalOcean Community

Join 1M+ other developers and:

Get help and share knowledge in Q&A
Subscribe to topics of interest
Get courses & tools that help you grow as a developer or small business owner

How to set up my cloud/vps server using Ubuntu 12.04 LTS, Apache, MSQL, Phpmyadmin, PHP

Question

Installing PHP-FPM with Apache2 on Ubuntu 12.10

Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Related

Question

Domain returns 502 bad gateway, why can I no longer connect

Related

Try DigitalOcean for free