nginx 502 bad gateway

64
votes

I get a 502 Bad Gateway with nginx when using spawn fcgi to spawn php5-cgi.

I use this to span an instance on server start using the following line in rc.local

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid

presumably I'm getting the error because the spawn-fcgi / php5-cgi dies and there is nothing listening there anymore to parse php.

I get nothing in the logs that I can see anywhere, I'm out of ideas (and new to this setup with nginx)

14
phpnginxfastcgi
First, don't give up! nginx is a wonderful piece of software. Try with php-fpm. Don't miss the /etc/php5/fpm dir with settings inside and note the copy of php.ini that may override your own php.ini config... Configure the logs so you can have a look if it fails.Breaking not so bad
Try logging into the server as root and type /usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid into the command prompt. (That's the same line that's in your rc.local.) Do you get any error messages?kijin
I believe this question would be more appropriate (and get more answers) on serverfault.com.netcoder
Thanks netcoder, that's a good idea. I'll move it there.Joel Wickard
Does this give you any clues? tail /var/log/nginx/error.loge.thompsy

14 Answers

61
votes

I executed my localhost and the page displayed the 502 bad gateway message. This helped me:

  1. Edit /etc/php5/fpm/pool.d/www.conf
  2. Change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000
  3. Ensure the location is set properly in nginx.conf.
  4. Run sudo service php5-fpm restart

Maybe it will help you.

Source from: http://wildlyinaccurate.com/solving-502-bad-gateway-with-nginx-php-fpm

9
votes

The 502 error appears because nginx cannot hand off to php5-cgi. You can try reconfiguring php5-cgi to use unix sockets as opposed to tcp .. then adjust the server config to point to the socket instead of the tcp ... 

ps auxww | grep php5-cgi #-- is the process running?  
netstat -an | grep 9000 # is the port open?
8
votes

Go to /etc/php5/fpm/pool.d/www.conf and if you are using sockets or this line is uncommented 

listen = /var/run/php5-fpm.sock

Set couple of other values too:-

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Don't forget to restart php-fpm and nginx. Make sure you are using the same nginx owner and group name.

8
votes

You have to match the settings for PHP-FPM and Nginx to communicate over sockets or TCP.

So go to /etc/php5/fpm/pool.d/www.conf and look for this line:

listen = /var/run/php5-fpm.sock

Then go to /etc/nginx/nginx.conf

Look for this: 

upstream php {
    server unix:/var/run/php5-fpm.socket;
}

Match those values and you should be all set.

5
votes

If running a linux server, make sure that your IPTABLES configuration is correct.

Execute sudo iptables -L -n , you will recieve a listing of your open ports. If there is not an Iptables Rule to open the port serving the fcgi script you will receive a 502 error. The Iptables Rule which opens the correct port must be listed before any rule which categorically rejects all packets (i.e. a rule of the form "REJECT ALL -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable or similar)

On my configuration, to properly open the port, I had to execute this command (assume my fcgi server is running at port 4567):

sudo iptables -I INPUT 1 -p tcp --dport 4567 -j ACCEPT

WARNING: This will open port 4567 to the whole world.

So it might be better to do something like this:

   sudo iptables-save >> backup.iptables
   sudo iptables -D INPUT 1 #Delete the previously entered rule
   sudo iptables -I INPUT 1 -p tcp --dport 8080 -s localhost -j ACCEPT # Add new rule

Doing this removed the 502 error for me.

4
votes

change

fastcgi_pass    unix:/var/run/php-fpm.sock;

to

fastcgi_pass    unix:/var/run/php5-fpm.sock;
2
votes

When I did sudo /etc/init.d/php-fpm start I got the following error:

Starting php-fpm: [28-Mar-2013 16:18:16] ERROR: [pool www] cannot get uid for user 'apache'

I guess /etc/php-fpm.d/www.conf needs to know the user that the webserver is running as and assumes it's apache when, for nginx, it's actually nginx, and needs to be changed.

2
votes

You can make nginx ignore client aborts using:

location / {
  proxy_ignore_client_abort on;
}
2
votes

I had the same problem while setting up an Ubuntu server. Turns out I was having the problem due to incorrect permissions on socket file.

If you are having the problem due to a permission problem, you can uncomment the following lines from: /etc/php5/fpm/pool.d/www.conf

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Alternatively, although I wouldn't recommend, you can give read and write permissions to all groups by using the following command.

sudo chmod go+rw /var/run/php5-fpm.sock
1
votes

Try disabling the xcache or apc modules. Seems to cause a problem with some versions are saving objects to a session variable.

1
votes

Hope this tip will save someone else's life. In my case the problem was that I ran out of memory, but only slightly, was hard to think about it. Wasted 3hrs on that. I recommend running:

sudo htop

or

sudo free -m

...along with running problematic requests on the server to see if your memory doesn't run out. And if it does like in my case, you need to create a swap file (unless you already have one).

I have followed this tutorial to create swap file on Ubuntu Server 14.04 and it worked just fine: http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/

1
votes

If you're on Ubuntu, and all of the above has failed you, AppArmor is most likely to blame.

Here is a good guide how to fix it: https://www.digitalocean.com/community/tutorials/how-to-create-an-apparmor-profile-for-nginx-on-ubuntu-14-04

Long story short: 

vi /etc/apparmor.d/nginx

Or 

sudo aa-complain nginx
sudo service nginx restart

See everything working nicely... then

sudo aa-logprof

I still had problems with Nginx not being able to read error.log, even though it had all the permissions possible, including in Apparomor. I'm guessing it's got something to do with the order of the entries, or some interaction with Passenger or PHP-Fpm... I've run out of time to troubleshoot this and have gone back to Apache for now. (Apache performs much better too FYI.)

AppArmor just lets Nginx do whatever it wants if you just remove the profile:

 rm /etc/apparmor.d/nginx
 service apparmor reload

Shockingly, but hardly surprising, a lot of posts on fixing Nginx errors resorts to completely disabling SELinux or removing AppArmor. That's a bad idea because you lose protection from a whole lot of software. Just removing the Nginx profile is a better way to troubleshoot your config files. Once you know that the problem isn't in your Nginx config files, you can take the time to create a proper AppArmor profile.

Without an AppArmor profile, especially if you run something like Passenger too, I give your server about a month to get backdoored.

1
votes

For me the error was in default file of Nginx located at /etc/nginx/sites-available/default

I noticed the version of php-fpm used was 7.0 and the php version i downloaded was 7.2 I simply changed the version to 7.2 and it worked.

fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

0
votes

Similar setup here and looks like it was just a bug in my code. At the start of my app I looked for the offending URL and this worked: echo '<html>test</html>'; exit();

In my case, turns out the problem was an uninitialized variable that only failed under peculiar circumstances.