Nginx Error 111: Connection refused

June 8, 2016 1.2k views
Nginx WordPress

I recently switched from Apache2 to Nginx for my web server because Apache was giving me some very weird issues that no one could seem to solve. I used this guide here to make the switch. Now, I see in my Nginx error log (located /var/log/nginx/error.log)

2016/06/07 18:41:50 [error] 3221#0: *53 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: websitename.net, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://", host: "xxx.xxx.xxx.xxx"

The site was working fine up until a few days ago. I did not change any settings during that time. Here is my full Nginx config.

3 Answers


A few quick things to check. Login to the CLI and:

Open /etc/php5/fpm/pool.d/www.conf

  • Search for listen -- are you using /var/run/php5-fpm.sock? If so, comment the line by adding a ; before it and then add listen = below it.

  • Search for listen.allowed_clients -- is it commented or uncommented? If uncommented, comment it out by adding a ; before it.

  • Save /etc/php5/fpm/pool.d/www.conf.

Open /etc/nginx/sites-available/default or the name of the file you created for your server block:

  • Search for fastcgi_pass and change /var/run/php5-fpm.sock to

  • Save /etc/nginx/sites-available/default.

Now restart php-fpm and then nginx by running:

  • service php-fpm restart && service nginx restart

Let me know if that fixes the connection issue. If it does, the issue is because of the lack of read/write permissions on the /var/run/php5-fpm.sock file. If you're running from the default php-fpm configuration, the user would be www-data and since this user is not a privileged user, it's unable to read/write to files that are owned by root. Since the sock file has to be executable by the www-data user, and it's owned by another, you won't be able to connect.

You can undo the changes above and revert back to using the sock file, though using TCP (which is what the above details swap you over to) works just as well. Latency is negligible unless we're dealing with a high-traffic scenario and even then, we'd still use TCP to connect to a secondary server.

  • This solved it! I had changed the line from /var/run/php5-fpm.sock to in /etc/nginx/sites-available/default but not /etc/php5/fpm/pool.d/www.conf

Looks like a xmlrpc attack. Look for the method in that linked document that best suites your need to mitigate the attack.

WordPress is a popular and powerful CMS (content management system) platform. Its popularity can bring unwanted attention in the form of malicious traffic specially targeted at a WordPress site. There are many instances where a server that has not been protected or optimized could experience issues or errors after receiving a small amount of malicious traffic. This guide will show you how to protect WordPress from XML-RPC attacks on an Ubuntu 14.04 system.
  • I followed those steps to deny xmlrpc, but the site is still down. Now I have this error:

    2016/06/08 20:21:17 [error] 11447#0: *5 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: websitename.net, request: "GET / HTTP/1.1", upstream: "fastcgi://", host: "websitename.net", referrer: "http://websitename.net/"


Is SELinux, by chance, enabled on your Droplet? If so, this could be the cause and you'd need to run either:

/usr/sbin/setsebool httpd_can_network_connect 1


/usr/sbin/setsebool httpd_can_network_connect true

... from the CLI. Once you have, restart NGINX using:

service nginx restart


/usr/sbin/nginx -s restart

If that doesn't work, please post the output of your log after the commands have been executed as well as the configuration located in /etc/nginx/nginx.conf and your primary server block configured for the domain.

Have another answer? Share your knowledge.