Facebook
Twitter
Pascal_Netenvie
Regular Pleskian
Ok the 4 commandes lines (said in last post) seems to work if you do an apache restart first.
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Resolved 502 bad gateway error on all domains
Pascal_Netenvie
Regular Pleskian
Try this :
I didn't add sudo at start of commands as you're supposed to be root when doing that.
Command with --status option is just here to check if NGINX is well started.
If it don't work reboot server with command "reboot -n" then do it again.
If it still don't work check your NGINX error log and report here please.
Code:
/etc/init.d/apache2 restart
/usr/local/psa/admin/bin/nginxmng --disable
/usr/local/psa/admin/bin/nginxmng --enable
/usr/local/psa/admin/bin/nginxmng --status
/usr/local/psa/admin/sbin/httpdmng --reconfigure-allI didn't add sudo at start of commands as you're supposed to be root when doing that.
Command with --status option is just here to check if NGINX is well started.
If it don't work reboot server with command "reboot -n" then do it again.
If it still don't work check your NGINX error log and report here please.
Kingsley
Silver Pleskian
The 504 error still returns, i have moved 4 of the sites to shared hosting on namecheap leaving just 3 or 4 on my server
Kingsley
Silver Pleskian
@Pascal_Netenvie what fail2ban rule are you talking about
Pascal_Netenvie
Regular Pleskian
Fail2ban is for another problem : Hack attempt and IP banning.
In your case 504 mean time-out ...
It seems NGINX can't contact Apache or can't contact fast enough.
You have to look at your log.
Log location depend on your server OS but usually it is /var/log/nginx
In your case 504 mean time-out ...
It seems NGINX can't contact Apache or can't contact fast enough.
You have to look at your log.
Log location depend on your server OS but usually it is /var/log/nginx
Kingsley
Silver Pleskian
if it starts again in this new server
getting same error gateway timeout. End up the server own public IP added to fail2ban. jail 'plesk-apache-badbot' caused this. Unban and problem fixed!
Kingsley
Silver Pleskian
How many sites was on the server?
Kingsley
Silver Pleskian
did all i found from the sites log is upstream error, connection error
George Politis
New Pleskian
same problem all domains error 502
U
UFHH01
Guest
Please keep in mind, that the cause of an issue/problem/error will vary, because of individual ( domain/subdomain ) configuration(s) and modification(s) on your server. There is no "general fix" for 502 errors ( Bad gateway )!!!
To help you to investigate your issue(s)/problem(s)/error(s), please INCLUDE depending entries from your log - files ( these locations and log-names can vary on your system, but they will all exist, if the corresponding service(s) is(are) installed! ):
If you are interested in all Plesk - related services, corresponding log - files and general commands for these services, please visit and bookmark:
To help you to investigate your issue(s)/problem(s)/error(s), please INCLUDE depending entries from your log - files ( these locations and log-names can vary on your system, but they will all exist, if the corresponding service(s) is(are) installed! ):
- General webserver - error - logs:
/var/log/apache2/error.log or /var/log/httpd/error.log
/var/log/nginx/error.log
/var/log/nginx/error.log
- General PHP - version error - logs:
/var/log/php_errors.log
/var/log/plesk-php54-fpm/error.log
/var/log/plesk-php55-fpm/error.log
/var/log/plesk-php56-fpm/error.log
/var/log/plesk-php70-fpm/error.log
/var/log/plesk-php54-fpm/error.log
/var/log/plesk-php55-fpm/error.log
/var/log/plesk-php56-fpm/error.log
/var/log/plesk-php70-fpm/error.log
- Domain - specific logs:
/var/www/vhosts/system/(SUB.)DOMAIN.COM/logs/
error_log ( apache2 )
proxy_error_log ( nginx )
proxy_error_log ( nginx )
The more information(s) you provide ( operating system, webserver - configuration ( incl. modules ), domain-specific PHP - handler in use, log - entries, etc. ), the better will be any help and/or suggestion to solve your issue(s).
If you don't provide enough information(s), people willing to help you are not able to investigate your issue(s)/problem(s)/error(s).
If you don't provide enough information(s), people willing to help you are not able to investigate your issue(s)/problem(s)/error(s).
If you are interested in all Plesk - related services, corresponding log - files and general commands for these services, please visit and bookmark:
George Politis
New Pleskian
Fail2ban after Hack attempt and server ip banned
Kingsley
Silver Pleskian
If it starts again, because i have moved 4 sites to Namecheap leaving just 2 wp and one piwik on the server
I just setup a new 12.5 server on CentOS 7 and have been getting some 502 Bad Gateway errors once in a while. Logs show errors like this: connect() failed (111: Connection refused) while connecting to upstream
I found restarting my CSF Firewall fixes the issue. I'm not sure why that is an issue at this point but if it becomes an issue I'll probably end up disabling it.
I found restarting my CSF Firewall fixes the issue. I'm not sure why that is an issue at this point but if it becomes an issue I'll probably end up disabling it.
@jtroher
You stated
and I am a little bit suprised.
In theory, CSF can be used, that should not give a problem.
However, CSF contains a "mechanism" called LFD that performs tasks, similar to the tasks performed by Fail2Ban: just scanning logs and creating firewall rules (with iptables).
For that reason, it can be a bad choice to have Fail2Ban AND CSF activated/installed: two similar tools are doing the same thing, using considerable resources for
a) log scanning (resource usage: memory, disk reads and database/disk writes)
b) creating (iptables based) firewall rules (resource usage: memory primarily. potential problems: double entries in the firewall, making the system inefficient and underperforming)
and I can hence recommend that you choose one of Fail2Ban and CSF (not both).
In general, the combination of Fail2Ban and CSF would not be a major problem, but under
- high traffic volumes
- attacks (of all kinds)
- heavy memory loads (due to other processes, such as Apache, backups and so on)
the combination can break the system, certainly if you are running a relatively small server.
In short, it is better to choose between Fail2Ban or CSF.
Finally, note that your 502 errors are not very likely to be related to (only) CSF: often some additional causes can be identified.
Can you provide some additional information, like some output from the logs?
Also note that you try to deactivate CSF and just have a look at what happens, i.e. whether the 502 errors are returning.
The latter is a good thing to do, since that enables us to have a proper look at the actual root cause of the problem: if CSF deactivated and the 502 errors dissolve, it was CSF.
Otherwise, we have a "clean slate" to investigate the problem, without any interference of CSF.
Anyway, hope the above helps.
Regards.......
You stated
and I am a little bit suprised.
In theory, CSF can be used, that should not give a problem.
However, CSF contains a "mechanism" called LFD that performs tasks, similar to the tasks performed by Fail2Ban: just scanning logs and creating firewall rules (with iptables).
For that reason, it can be a bad choice to have Fail2Ban AND CSF activated/installed: two similar tools are doing the same thing, using considerable resources for
a) log scanning (resource usage: memory, disk reads and database/disk writes)
b) creating (iptables based) firewall rules (resource usage: memory primarily. potential problems: double entries in the firewall, making the system inefficient and underperforming)
and I can hence recommend that you choose one of Fail2Ban and CSF (not both).
In general, the combination of Fail2Ban and CSF would not be a major problem, but under
- high traffic volumes
- attacks (of all kinds)
- heavy memory loads (due to other processes, such as Apache, backups and so on)
the combination can break the system, certainly if you are running a relatively small server.
In short, it is better to choose between Fail2Ban or CSF.
Finally, note that your 502 errors are not very likely to be related to (only) CSF: often some additional causes can be identified.
Can you provide some additional information, like some output from the logs?
Also note that you try to deactivate CSF and just have a look at what happens, i.e. whether the 502 errors are returning.
The latter is a good thing to do, since that enables us to have a proper look at the actual root cause of the problem: if CSF deactivated and the 502 errors dissolve, it was CSF.
Otherwise, we have a "clean slate" to investigate the problem, without any interference of CSF.
Anyway, hope the above helps.
Regards.......
trialotto
My issues may not necessarily be related to CSF but going by the Connection Refused error that's what I looked at and restarting it worked. It's only happened a couple times so far and I don't have much on that server yet so it's not a huge deal right now. I'll keep monitoring it though and I'll disable the CSF if it looks to be causing issues or conflicts with Fail2Ban. Thanks for the info
My issues may not necessarily be related to CSF but going by the Connection Refused error that's what I looked at and restarting it worked. It's only happened a couple times so far and I don't have much on that server yet so it's not a huge deal right now. I'll keep monitoring it though and I'll disable the CSF if it looks to be causing issues or conflicts with Fail2Ban. Thanks for the info
Similar threads
