• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved 502 Bad Gateway nginx : How to solve?

PeterK900

Basic Pleskian
I have encountered this problem 502 Bad Gateway nginx for all sites on the server. Everything was working fine one evening, the following morning no site (3) was accessible. No server changes had been made. Everything else works, ftp and Plesk.

I have looked at two possible solutions from this forum - Apache may have stopped - It hadn't.
I have run plesk repair web <domainname> to sort any Domain misconfiguration. Script runs with no errors but the problem still exists.

What else can I do to sort this problem? The server is unmanaged and the hosting company isn't providing any help.

Thanks.
 
The 502 means that nginx is not able to communicate with Apache. This is almost always caused by Apache not running. Are you on Debian/Ubuntu or Redhat/CentOS? Please post the output of this command:

Debian/Ubuntu:
# service apache2 status

Redhat/CentOS:
# service httpd status

If Apache IS running and does not show any errors, it is possible that your local IP address (the IP address of your server) has been blacklisted by Fail2Ban. Please check the blocked ip list in Tools & Settings > IP Address Banning. If it is blocked, remove it from the ban list and add your server's IP to Fail2Ban's "Trusted IP Addresses".
 
The 502 means that nginx is not able to communicate with Apache. This is almost always caused by Apache not running. Are you on Debian/Ubuntu or Redhat/CentOS? Please post the output of this command:

Debian/Ubuntu:
# service apache2 status

Redhat/CentOS:
# service httpd status

If Apache IS running and does not show any errors, it is possible that your local IP address (the IP address of your server) has been blacklisted by Fail2Ban. Please check the blocked ip list in Tools & Settings > IP Address Banning. If it is blocked, remove it from the ban list and add your server's IP to Fail2Ban's "Trusted IP Addresses".

Absolutely fantastic....

The server address is listed under IP Address banning Used Jail : plesk-apache-badbot

and removing it brings everything back. Thank you so much.

Can you throw any light on how this could have happened? I can see why a third party banning service might list the server if it had been doing something naughty ( which this server hasn't) - but why should the server do it to itself? Does this suggest a hack? Or a hosting issue? Is it going to happen again and should I de-activate IP address banning?

Thanks Peter for your prompt help so far. If you can give any pointers on these last questions then I'd be very grateful.
 
From Apache's perspective, a high number of requests coming from the same system over and over again is an attack. That system of course is the Nginx reverse proxy, but Fail2Ban does not know that. It is correct that by default this can trigger a badbot jail, bad bots are doing exactly the same: The hammer the web server with stupid requests that cause a lot of load and have no use. For that reason, your local IP address(es) need to be on the "Trusted IPs" list of the Fail2Ban component, so that Nginx does not trigger the jail with all the requests it forwards to Apache.

In new Obisidian installations Plesk addes the local IP to the whitelist automatically.
 
From Apache's perspective, a high number of requests coming from the same system over and over again is an attack. That system of course is the Nginx reverse proxy, but Fail2Ban does not know that. It is correct that by default this can trigger a badbot jail, bad bots are doing exactly the same: The hammer the web server with stupid requests that cause a lot of load and have no use. For that reason, your local IP address(es) need to be on the "Trusted IPs" list of the Fail2Ban component, so that Nginx does not trigger the jail with all the requests it forwards to Apache.

In new Obisidian installations Plesk addes the local IP to the whitelist automatically.
Thanks again Peter for the solution and explanation. And for an early taste of Christmas. Had me dancing round the room, not just the music perhaps, a little bit that three websites are up again! Liked it, of course.
 
Hi, I was seeing a lot of errors related to 502. And this one is more like mine, of course, everyone who entered did the tests mentioned and it didn't work. All my sites are showing error 502. I checked the IP and added the server's IP to FAIL2BAN but it didn't work.

What but can I analyze and try?
 
Back
Top