Nginx Error 111: Connection refused

June 8, 2016 114.1k views
Nginx WordPress
WASTECH
By:
WASTECH

I recently switched from Apache2 to Nginx for my web server because Apache was giving me some very weird issues that no one could seem to solve. I used this guide here to make the switch. Now, I see in my Nginx error log (located /var/log/nginx/error.log)

2016/06/07 18:41:50 [error] 3221#0: *53 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: websitename.net, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "xxx.xxx.xxx.xxx"

The site was working fine up until a few days ago. I did not change any settings during that time. Here is my full Nginx config.

Log In to Comment
5 Answers
jtittle1 June 9, 2016

@WASTECH

A few quick things to check. Login to the CLI and:

Open /etc/php5/fpm/pool.d/www.conf

  • Search for listen -- are you using /var/run/php5-fpm.sock? If so, comment the line by adding a ; before it and then add listen = 127.0.0.1:9000 below it.

  • Search for listen.allowed_clients -- is it commented or uncommented? If uncommented, comment it out by adding a ; before it.

  • Save /etc/php5/fpm/pool.d/www.conf.

Open /etc/nginx/sites-available/default or the name of the file you created for your server block:

  • Search for fastcgi_pass and change /var/run/php5-fpm.sock to 127.0.0.1:9000.

  • Save /etc/nginx/sites-available/default.

Now restart php-fpm and then nginx by running:

  • service php-fpm restart && service nginx restart

Let me know if that fixes the connection issue. If it does, the issue is because of the lack of read/write permissions on the /var/run/php5-fpm.sock file. If you're running from the default php-fpm configuration, the user would be www-data and since this user is not a privileged user, it's unable to read/write to files that are owned by root. Since the sock file has to be executable by the www-data user, and it's owned by another, you won't be able to connect.

You can undo the changes above and revert back to using the sock file, though using TCP (which is what the above details swap you over to) works just as well. Latency is negligible unless we're dealing with a high-traffic scenario and even then, we'd still use TCP to connect to a secondary server.

Reply
  • WASTECH June 10, 2016

    This solved it! I had changed the line from /var/run/php5-fpm.sock to 127.0.0.1:9000 in /etc/nginx/sites-available/default but not /etc/php5/fpm/pool.d/www.conf

  • xNararia13 October 29, 2016

    save my life ^_^

  • lumberjackchest April 28, 2018

    I upgraded ubuntu from 14 to 16 and my php pages stopped working. I've tried changing the above settings, but I'm still getting the 502 bad gateway:

    *1 connect() failed (111: Connection refused) while connecting to upstream, GET /php/info.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000"

    /etc/php5/fpm/pool.d/www.conf:

    ; Note: This value is mandatory.
    listen = 127.0.0.1:9000
    ;/var/run/php5-fpm.sock

    /etc/nginx/sites-available/somedomain.com:

    location ~ .php$ {
    tryfiles $uri =404;
    fastcgi    splitpathinfo ^(.+.php)(/.+)$;
    fastcgipass 127.0.0.1:9000;
    # unix:/var/run/php5-fpm.sock;
    fastcgi    index index.php;
    fastcgiparam SCRIPTFILENAME $documentroot$fastcgiscript_name;

    Any other ideas?

  • kratosvn January 23, 2019

    Thank @jtittle1 !, It works for me.

  • ceesar90 May 25, 2019

    Hi, just wanted to thank you in 2019.
    I was having the same problems and had to make some changes to your answer.
    They were: /etc/php7.2/fpm/pool.d/www.conf
    and the service php-fpm7.2 restart

    You just saved me a lot of trouble with cloudflare and digital ocean.

gndo June 8, 2016

Looks like a xmlrpc attack. Look for the method in that linked document that best suites your need to mitigate the attack.

How To Protect WordPress from XML-RPC Attacks on Ubuntu 14.04
by Jon Schwenn
WordPress is a popular and powerful CMS (content management system) platform. Its popularity can bring unwanted attention in the form of malicious traffic specially targeted at a WordPress site. There are many instances where a server that has not been protected or optimized could experience issues or errors after receiving a small amount of malicious traffic. This guide will show you how to protect WordPress from XML-RPC attacks on an Ubuntu 14.04 system.
Reply
  • WASTECH June 9, 2016

    I followed those steps to deny xmlrpc, but the site is still down. Now I have this error:

    2016/06/08 20:21:17 [error] 11447#0: *5 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: websitename.net, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "websitename.net", referrer: "http://websitename.net/"
jtittle1 June 8, 2016

@WASTECH

Is SELinux, by chance, enabled on your Droplet? If so, this could be the cause and you'd need to run either:

/usr/sbin/setsebool httpd_can_network_connect 1

or

/usr/sbin/setsebool httpd_can_network_connect true

... from the CLI. Once you have, restart NGINX using:

service nginx restart

or

/usr/sbin/nginx -s restart

If that doesn't work, please post the output of your log after the commands have been executed as well as the configuration located in /etc/nginx/nginx.conf and your primary server block configured for the domain.

Reply
aabf29253d376b9 October 24, 2016
[deleted]
Reply
pegasusanalytics March 2, 2018

Hi,

Im getting a similar error, but I have:

    # With php7.0-cgi alone:
    #       fastcgi_pass 127.0.0.1:9000;
    #       # With php7.0-fpm:
    #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;

do I need to change unix:/run/php/php7.0-fpm.sock to 127.0.0.1:9000?

Also, /etc/php7/fpm/pool.d/www.conf is not found

Reply
Have another answer? Share your knowledge.

Related Questions