Hardware
- Raspberry Pi 2
Software
- Debian
- YunoHost
- Duniter
- YunoHost
When I try accessing Duniter's web application page https://duniter-folatt.nohost.me/webui, I receive the typical nginx 502 Bad Gateway
error.
I've also tried accessing the webui after starting duniter webstart with the same result.
admin@Xroklaus:~ $ duniter webstart
Starting duniter_default daemon...
duniter_default daemon started. PID: 3453
admin@Xroklaus:~ $ duniter status
Duniter is running using PID 3453.
/etc/hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 Xroklaus
/var/log/nginx/duniter-folatt.nohost.me-access.log
83.163.103.119 - - [24/Oct/2017:21:14:29 +0000] "GET /yunohost/sso/assets/img/logo-ynh-white.svg HTTP/1.1" 200 2722 "https://duniter-folatt.nohost.me/yunohost/sso/?r=aHR0cHM6Ly9kdW5pdGVyLWZvbGF0dC5ub2hvc3QubWUvd2VidWk=" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - folatt [25/Oct/2017:05:43:11 +0000] "GET /webui HTTP/1.1" 502 236 "https://forum.yunohost.org/t/duniter-web-interface-502-bad-gateway/3686" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:05:43:11 +0000] "GET /ynhpanel.js HTTP/1.1" 200 10934 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - folatt [25/Oct/2017:05:43:13 +0000] "GET /ynhpanel.json HTTP/1.1" 200 2156 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:05:43:13 +0000] "GET /ynhpanel.css HTTP/1.1" 200 113127 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:08:51:24 +0000] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - folatt [25/Oct/2017:08:51:25 +0000] "GET /webui HTTP/1.1" 502 236 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:08:51:25 +0000] "GET /ynhpanel.js HTTP/1.1" 200 10934 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:08:51:27 +0000] "GET /ynhpanel.css HTTP/1.1" 200 113127 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - folatt [25/Oct/2017:08:51:27 +0000] "GET /ynhpanel.json HTTP/1.1" 200 2156 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:09:22:33 +0000] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - folatt [25/Oct/2017:09:22:34 +0000] "GET /webui HTTP/1.1" 502 236 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:09:22:34 +0000] "GET /ynhpanel.js HTTP/1.1" 200 10934 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - folatt [25/Oct/2017:09:22:35 +0000] "GET /ynhpanel.json HTTP/1.1" 200 2156 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
83.163.103.119 - - [25/Oct/2017:09:22:35 +0000] "GET /ynhpanel.css HTTP/1.1" 200 113127 "https://duniter-folatt.nohost.me/webui" "Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0"
/var/log/nginx/duniter-folatt.nohost.me-error.log
2017/10/24 21:06:30 [error] 3086#0: *307 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /cesium HTTP/1.1", upstream: "http://127.0.0.1:9220/cesium", host: "duniter-folatt.nohost.me"
2017/10/24 21:06:50 [error] 3086#0: *307 [lua] access.lua:120: Redirection to an external domain aborted, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /yunohost/sso/?r=aHR0cHM6Ly8xOTIuMTY4LjE3OC4xMC95dW5vaG9zdC9zc28v HTTP/1.1", host: "duniter-folatt.nohost.me", referrer: "https://192.168.178.10/yunohost/admin/"
2017/10/24 21:07:01 [error] 3086#0: *307 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://duniter-folatt.nohost.me/yunohost/sso/"
2017/10/24 21:07:50 [error] 3084#0: *308 [lua] access.lua:120: Redirection to an external domain aborted, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /yunohost/sso/?r=aHR0cHM6Ly8xOTIuMTY4LjE3OC4xMC95dW5vaG9zdC9zc28v HTTP/1.1", host: "duniter-folatt.nohost.me"
2017/10/24 21:08:25 [error] 3084#0: *308 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me"
2017/10/24 21:09:50 [error] 3084#0: *308 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://duniter-folatt.nohost.me/yunohost/admin/"
2017/10/24 21:10:28 [error] 3084#0: *308 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://duniter-folatt.nohost.me/yunohost/sso/info.html"
2017/10/24 21:10:33 [error] 3084#0: *308 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me"
2017/10/24 21:10:39 [error] 3084#0: *308 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://duniter-folatt.nohost.me/yunohost/sso/info.html"
2017/10/24 21:10:43 [error] 3084#0: *308 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://duniter-folatt.nohost.me/webui"
2017/10/25 05:43:11 [error] 3087#0: *1772 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://forum.yunohost.org/t/duniter-web-interface-502-bad-gateway/3686"
2017/10/25 08:51:25 [error] 3087#0: *2138 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me"
2017/10/25 09:22:34 [error] 3084#0: *2208 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me"
/var/log/nginx/error.log
2017/10/24 19:20:39 [notice] 10189#0: signal process started
2017/10/24 19:23:00 [notice] 10378#0: signal process started
2017/10/24 19:35:43 [info] 735#0: Using 32768KiB of shared memory for push module in /etc/nginx/nginx.conf:63
2017/10/24 19:35:43 [info] 735#0: [lua] init.lua:57: SSOwat ready
2017/10/24 20:30:39 [notice] 3081#0: signal process started
/etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
/etc/nginx/conf.d/duniter-folatt.nohost.me.conf
server {
listen 80;
listen [::]:80;
server_name duniter-folatt.nohost.me;
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/duniter-folatt.nohost.me.d/*.conf;
location /yunohost/admin {
return 301 https://$http_host$request_uri;
}
access_log /var/log/nginx/duniter-folatt.nohost.me-access.log;
error_log /var/log/nginx/duniter-folatt.nohost.me-error.log;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name duniter-folatt.nohost.me;
ssl_certificate /etc/yunohost/certs/duniter-folatt.nohost.me/crt.pem;
ssl_certificate_key /etc/yunohost/certs/duniter-folatt.nohost.me/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
# Ciphers with intermediate compatibility
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=intermediate
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# Ciphers with modern compatibility
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
# Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
#ssl_protocols TLSv1.2;
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Uncomment the following directive after DH generation
# > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
#ssl_dhparam /etc/ssl/private/dh2048.pem;
add_header Strict-Transport-Security "max-age=31536000;";
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/duniter-folatt.nohost.me.d/*.conf;
include conf.d/yunohost_admin.conf.inc;
include conf.d/yunohost_api.conf.inc;
access_log /var/log/nginx/duniter-folatt.nohost.me-access.log;
error_log /var/log/nginx/duniter-folatt.nohost.me-error.log;
}
/etc/nginx/conf.d/duniter-folatt.nohost.me.d/yunohost_local.conf
server_name $server_name yunohost.local;
/etc/nginx/conf.d/duniter-folatt.nohost.me.d/duniter.conf
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:10901;
proxy_redirect off;
# Socket.io support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
location ~ \.(js|css|woff|woff2|ttf|png) {
proxy_pass http://127.0.0.1:9220;
access_by_lua_file /usr/share/ssowat/access.lua;
}
location /cesium {
proxy_pass http://127.0.0.1:9220;
access_by_lua_file /usr/share/ssowat/access.lua;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location /webui {
proxy_pass http://127.0.0.1:9220/;
access_by_lua_file /usr/share/ssowat/access.lua;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location ~ /webmin {
proxy_pass http://127.0.0.1:9220$uri;
access_by_lua_file /usr/share/ssowat/access.lua;
}
location ~ /modules {
proxy_pass http://127.0.0.1:9220;
access_by_lua_file /usr/share/ssowat/access.lua;
}
}
Port listening check
admin@Xroklaus:~ $ sudo netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1185/nginx -g daemo
tcp6 0 0 :::80 :::* LISTEN 1185/nginx -g daemo
admin@Xroklaus:~ $ sudo netstat -tnlp | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1185/nginx -g daemo
tcp6 0 0 :::443 :::* LISTEN 1185/nginx -g daemo
Firewall check
admin@Xroklaus:~ $ sudo tcpdump -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:41:39.886220 IP 192.168.178.10 > 80.67.169.12: ICMP 192.168.178.10 udp port 28172 unreachable, length 513
17:41:39.887065 IP 192.168.178.10 > 84.200.70.40: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:41:39.888895 IP 192.168.178.10 > 80.67.188.188: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:41:39.889336 IP 192.168.178.10 > 84.200.69.80: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:41:39.889890 IP 192.168.178.10 > 91.239.100.100: ICMP 192.168.178.10 udp port 28172 unreachable, length 378
17:41:39.890214 IP 192.168.178.10 > 80.67.169.40: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:41:39.894840 IP 192.168.178.10 > 141.255.128.100: ICMP 192.168.178.10 udp port 28172 unreachable, length 513
17:41:39.895405 IP 192.168.178.10 > 141.255.128.101: ICMP 192.168.178.10 udp port 28172 unreachable, length 513
17:41:39.895908 IP 192.168.178.10 > 89.233.43.71: ICMP 192.168.178.10 udp port 28172 unreachable, length 529
17:41:39.896370 IP 192.168.178.10 > 89.234.141.66: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:41:39.896843 IP 192.168.178.10 > 213.73.91.35: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:41:39.897407 IP 192.168.178.10 > 89.234.186.18: ICMP 192.168.178.10 udp port 28172 unreachable, length 139
17:42:09.946485 IP 192.168.178.10 > 80.67.169.12: ICMP 192.168.178.10 udp port 58304 unreachable, length 513
17:42:09.948459 IP 192.168.178.10 > 84.200.69.80: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:09.949718 IP 192.168.178.10 > 80.67.169.40: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:09.954162 IP 192.168.178.10 > 213.73.91.35: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:09.954658 IP 192.168.178.10 > 89.233.43.71: ICMP 192.168.178.10 udp port 58304 unreachable, length 529
17:42:09.956123 IP 192.168.178.10 > 80.67.188.188: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:09.970844 IP 192.168.178.10 > 89.234.141.66: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:09.971808 IP 192.168.178.10 > 141.255.128.100: ICMP 192.168.178.10 udp port 58304 unreachable, length 513
17:42:09.972294 IP 192.168.178.10 > 141.255.128.101: ICMP 192.168.178.10 udp port 58304 unreachable, length 513
17:42:09.976717 IP 192.168.178.10 > 91.239.100.100: ICMP 192.168.178.10 udp port 58304 unreachable, length 369
17:42:09.984867 IP 192.168.178.10 > 89.234.186.18: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:10.045260 IP 192.168.178.10 > 84.200.70.40: ICMP 192.168.178.10 udp port 58304 unreachable, length 139
17:42:39.987486 IP 192.168.178.10 > 80.67.169.12: ICMP 192.168.178.10 udp port 39307 unreachable, length 221
17:42:39.987988 IP 192.168.178.10 > 84.200.70.40: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
17:42:39.990722 IP 192.168.178.10 > 80.67.188.188: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
17:42:39.991245 IP 192.168.178.10 > 84.200.69.80: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
17:42:39.991925 IP 192.168.178.10 > 91.239.100.100: ICMP 192.168.178.10 udp port 39307 unreachable, length 133
17:42:39.992926 IP 192.168.178.10 > 80.67.169.40: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
17:42:39.995829 IP 192.168.178.10 > 141.255.128.100: ICMP 192.168.178.10 udp port 39307 unreachable, length 221
17:42:39.996330 IP 192.168.178.10 > 213.73.91.35: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
17:42:39.997135 IP 192.168.178.10 > 141.255.128.101: ICMP 192.168.178.10 udp port 39307 unreachable, length 221
17:42:39.997563 IP 192.168.178.10 > 89.233.43.71: ICMP 192.168.178.10 udp port 39307 unreachable, length 133
17:42:39.998120 IP 192.168.178.10 > 89.234.141.66: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
17:42:39.998721 IP 192.168.178.10 > 89.234.186.18: ICMP 192.168.178.10 udp port 39307 unreachable, length 85
^C
36 packets captured
36 packets received by filter
0 packets dropped by kernel