• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved 502 Bad Gateway nginx : How to solve?

P

PeterK900

Basic Pleskian
I have encountered this problem 502 Bad Gateway nginx for all sites on the server. Everything was working fine one evening, the following morning no site (3) was accessible. No server changes had been made. Everything else works, ftp and Plesk.

I have looked at two possible solutions from this forum - Apache may have stopped - It hadn't.
I have run plesk repair web <domainname> to sort any Domain misconfiguration. Script runs with no errors but the problem still exists.

What else can I do to sort this problem? The server is unmanaged and the hosting company isn't providing any help.

Thanks.
 
The 502 means that nginx is not able to communicate with Apache. This is almost always caused by Apache not running. Are you on Debian/Ubuntu or Redhat/CentOS? Please post the output of this command:

Debian/Ubuntu:
# service apache2 status

Redhat/CentOS:
# service httpd status

If Apache IS running and does not show any errors, it is possible that your local IP address (the IP address of your server) has been blacklisted by Fail2Ban. Please check the blocked ip list in Tools & Settings > IP Address Banning. If it is blocked, remove it from the ban list and add your server's IP to Fail2Ban's "Trusted IP Addresses".
 
Peter Debik said:
The 502 means that nginx is not able to communicate with Apache. This is almost always caused by Apache not running. Are you on Debian/Ubuntu or Redhat/CentOS? Please post the output of this command:

Debian/Ubuntu:
# service apache2 status

Redhat/CentOS:
# service httpd status

If Apache IS running and does not show any errors, it is possible that your local IP address (the IP address of your server) has been blacklisted by Fail2Ban. Please check the blocked ip list in Tools & Settings > IP Address Banning. If it is blocked, remove it from the ban list and add your server's IP to Fail2Ban's "Trusted IP Addresses".
Click to expand...

Absolutely fantastic....

The server address is listed under IP Address banning Used Jail : plesk-apache-badbot

and removing it brings everything back. Thank you so much.

Can you throw any light on how this could have happened? I can see why a third party banning service might list the server if it had been doing something naughty ( which this server hasn't) - but why should the server do it to itself? Does this suggest a hack? Or a hosting issue? Is it going to happen again and should I de-activate IP address banning?

Thanks Peter for your prompt help so far. If you can give any pointers on these last questions then I'd be very grateful.
 
From Apache's perspective, a high number of requests coming from the same system over and over again is an attack. That system of course is the Nginx reverse proxy, but Fail2Ban does not know that. It is correct that by default this can trigger a badbot jail, bad bots are doing exactly the same: The hammer the web server with stupid requests that cause a lot of load and have no use. For that reason, your local IP address(es) need to be on the "Trusted IPs" list of the Fail2Ban component, so that Nginx does not trigger the jail with all the requests it forwards to Apache.

In new Obisidian installations Plesk addes the local IP to the whitelist automatically.
 
Peter Debik said:
From Apache's perspective, a high number of requests coming from the same system over and over again is an attack. That system of course is the Nginx reverse proxy, but Fail2Ban does not know that. It is correct that by default this can trigger a badbot jail, bad bots are doing exactly the same: The hammer the web server with stupid requests that cause a lot of load and have no use. For that reason, your local IP address(es) need to be on the "Trusted IPs" list of the Fail2Ban component, so that Nginx does not trigger the jail with all the requests it forwards to Apache.

In new Obisidian installations Plesk addes the local IP to the whitelist automatically.
Click to expand...
Thanks again Peter for the solution and explanation. And for an early taste of Christmas. Had me dancing round the room, not just the music perhaps, a little bit that three websites are up again! Liked it, of course.
 
Hi, I was seeing a lot of errors related to 502. And this one is more like mine, of course, everyone who entered did the tests mentioned and it didn't work. All my sites are showing error 502. I checked the IP and added the server's IP to FAIL2BAN but it didn't work.

What but can I analyze and try?
 
You must log in or register to reply here.

Similar threads

D
Issue 502 Bad Gateway - New Install - Restored from Backup
Replies
10
Views
2K
MartinT
M
The 8th
Issue Server Error 502 Bad Gateway
Replies
10
Views
1K
WebHostingAce
WebHostingAce
A
Issue 502 Bad Gateway nginx - have not changed anything
Replies
3
Views
2K
The 8th
The 8th
Mario Chamorro
Input Webmail 502 Bad Gateway
Replies
0
Views
2K
Mario Chamorro
Mario Chamorro
T
Issue ModSecurity and bad gateway 500 nginx
Replies
3
Views
920
tomaszt
T
Back
Top