Error 502 and 504 every x hours after droplet resize and apt upgrade

I’ve resized the droplet from $10 to $20 and right after made an apt update and upgrade. Now I’m getting about every 6 hours an error 502 or 504 and the site stops.

tail /var/log/nginx/error.log

2017/08/29 15:13:42 [error] 11052#0: *87644 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 162.158.79.237, server: www.moneytimes.com.br, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.moneytimes.com.br"
2017/08/29 15:13:43 [error] 11052#0: *87636 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 172.68.26.249, server: www.moneytimes.com.br, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.moneytimes.com.br", referrer: "https://www.moneytimes.com.br/"
2017/08/29 15:13:44 [error] 11052#0: *87646 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 162.158.90.46, server: www.moneytimes.com.br, request: "GET /rss.xml HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.moneytimes.com.br", referrer: "https://www.moneytimes.com.br/"
2017/08/29 15:13:45 [error] 11052#0: *87648 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 172.68.25.14, server: www.moneytimes.com.br, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.moneytimes.com.br", referrer: "https://www.moneytimes.com.br/"

I have clouflare configured and these client ip’s are from them. Also have a letsencrypt.

With a restart php5-fpm all goes back to normal, but I have to be awake to reboot at any time. Tried to put it on cron, but didn’t solve.

It’s a droplet created with the “Ubuntu Drupal 8.1.3 on 14.04” one-click app.

Probably was some package update and now it’s missing some configuration, but I can’t find what. What can I do to discover what is the problem?