• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved 502 Bad Gateway on All domains

Hi Kingsley,

to solve your issue, consider to change "/etc/logrotate.d/apache2"

to:

Code:
/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
                if /etc/init.d/apache2 status > /dev/null ; then \
                    /etc/init.d/apache2 restart > /dev/null; \
                fi;
    endscript
    prerotate
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
            run-parts /etc/logrotate.d/httpd-prerotate; \
        fi; \
    endscript
}

In addition, consider to change "mpm-event" to "mpm-prefork" at:

Home > Tools & Settings > Apache Web Server => MPM mode
 
Hi Kingsley,

to solve your issue, consider to change "/etc/logrotate.d/apache2"

to:

Code:
/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
                if /etc/init.d/apache2 status > /dev/null ; then \
                    /etc/init.d/apache2 restart > /dev/null; \
                fi;
    endscript
    prerotate
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
            run-parts /etc/logrotate.d/httpd-prerotate; \
        fi; \
    endscript
}

In addition, consider to change "mpm-event" to "mpm-prefork" at:

Home > Tools & Settings > Apache Web Server => MPM mode

I have changed the file and also switched to PREFORK and then restarted apache
 
Hello;

It worked for few days then apache2 went off again.

Code:
root@server4:~# service apache2 status
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: inactive (dead) since Fri 2016-10-28 06:32:29 WAT; 14min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 7842 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 7771 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
  Process: 7732 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)

Oct 28 06:32:22 server4 systemd[1]: Starting LSB: Apache2 web server...
Oct 28 06:32:22 server4 apache2[7732]:  * Starting Apache httpd web server apache2
Oct 28 06:32:24 server4 apache2[7732]:  *
Oct 28 06:32:24 server4 systemd[1]: Started LSB: Apache2 web server.
Oct 28 06:32:24 server4 systemd[1]: Reloading LSB: Apache2 web server.
Oct 28 06:32:24 server4 apache2[7771]:  * Reloading Apache httpd web server apache2
Oct 28 06:32:25 server4 apache2[7771]:  *
Oct 28 06:32:25 server4 systemd[1]: Reloaded LSB: Apache2 web server.
Oct 28 06:32:29 server4 apache2[7842]:  * Stopping Apache httpd web server apache2
Oct 28 06:32:29 server4 apache2[7842]:  *
 
Apache error log

Code:
[Fri Oct 28 06:32:23.014210 2016] [ssl:warn] [pid 7748] AH01909: webmail.server4.kraftysprouts.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:23.016947 2016] [ssl:warn] [pid 7748] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:23.018400 2016] [ssl:warn] [pid 7748] AH01909: default-45_33_123_217:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:23.020278 2016] [:notice] [pid 7748] ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/) configured.
[Fri Oct 28 06:32:23.021117 2016] [:notice] [pid 7748] ModSecurity: APR compiled version="1.5.2"; loaded version="1.5.2"
[Fri Oct 28 06:32:23.021913 2016] [:notice] [pid 7748] ModSecurity: PCRE compiled version="8.38 "; loaded version="8.38 2015-11-23"
[Fri Oct 28 06:32:23.021930 2016] [:notice] [pid 7748] ModSecurity: LUA compiled version="Lua 5.1"
[Fri Oct 28 06:32:23.021934 2016] [:notice] [pid 7748] ModSecurity: LIBXML compiled version="2.9.3"
[Fri Oct 28 06:32:23.021937 2016] [:notice] [pid 7748] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Fri Oct 28 06:32:23.022533 2016] [suexec:notice] [pid 7748] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Fri Oct 28 06:32:23.287111 2016] [auth_digest:notice] [pid 7750] AH01757: generating secret for digest authentication ...
[Fri Oct 28 06:32:24.004240 2016] [ssl:warn] [pid 7750] AH01909: webmail.server4.kraftysprouts.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:24.004480 2016] [ssl:warn] [pid 7750] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:24.004750 2016] [ssl:warn] [pid 7750] AH01909: default-45_33_123_217:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:24.019570 2016] [mpm_prefork:notice] [pid 7750] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_fcgid/2.3.9 configured -- resuming normal operations
[Fri Oct 28 06:32:24.019628 2016] [core:notice] [pid 7750] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 28 06:32:24.941242 2016] [mpm_prefork:notice] [pid 7750] AH00171: Graceful restart requested, doing restart
[Fri Oct 28 06:32:28.190987 2016] [auth_digest:notice] [pid 7750] AH01757: generating secret for digest authentication ...
[Fri Oct 28 06:32:29.013647 2016] [ssl:warn] [pid 7750] AH01909: webmail.server4.kraftysprouts.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:29.015163 2016] [ssl:warn] [pid 7750] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:29.016629 2016] [ssl:warn] [pid 7750] AH01909: default-45_33_123_217:443:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 28 06:32:29.019286 2016] [fcgid:emerg] [pid 7750] (17)File exists: mod_fcgid: Can't create shared memory for size 1200712 bytes
 
attached a log for one of the domains. i have also disabled apache(s) jails in fail2ban
 

Attachments

  • jodalog.txt
    186.3 KB · Views: 4
same issue on 2 servers, this is getting frustrating and i don't why am the only one having this issue.
 
Hi Kingsley,

It worked for few days then apache2 went off again.

...
Process: 7842 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 7771 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 7732 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)

Oct 28 06:32:22 server4 systemd[1]: Starting LSB: Apache2 web server...
Oct 28 06:32:22 server4 apache2[7732]: * Starting Apache httpd web server apache2
Oct 28 06:32:24 server4 apache2[7732]: *
Oct 28 06:32:24 server4 systemd[1]: Started LSB: Apache2 web server.
Oct 28 06:32:24 server4 systemd[1]: Reloading LSB: Apache2 web server.
Oct 28 06:32:24 server4 apache2[7771]: * Reloading Apache httpd web server apache2
Oct 28 06:32:25 server4 apache2[7771]: *
Oct 28 06:32:25 server4 systemd[1]: Reloaded LSB: Apache2 web server.
Oct 28 06:32:29 server4 apache2[7842]: * Stopping Apache httpd web server apache2
Oct 28 06:32:29 server4 apache2[7842]: *

Even that the suggestion was to change "reload" to "restart" in your file "/etc/logrotate.d/apache2", you can see from your status - command, that you either re-changed the file again, or that you have more, additional logrotate - configuration files at "/etc/logrotate.d/", which reload the apache server, instead of restarting it.

In addition, pls. note, that
i thought it was a 12.5 thingy
this has got nothing to do with Plesk itself, it's YOUR unique configuration, which results in apache2 - issues/errors/failures/problems. Plesk does not change and does not modify existing logrotation files.



If you would inspect as well the corresponding log - file from your attachment "jodalog.txt", you would have noticed additional misconfigurations, as for example:

...
[Thu Oct 20 19:05:43.672699 2016] [proxy_fcgi:error] [pid 25519:tid 139963437930240] [client 77.75.76.162:46600] AH01071: Got error 'PHP message: PHP Warning: include(): open_basedir restriction in effect. File(/home/krafhcnc/public_html/jodablog.com/wp-content/plugins/wp-super-cache/wp-cache-base.php) is not within the allowed path(s): (/var/www/vhosts/jodablog.com/:/tmp/) in /var/www/vhosts/jodablog.com/httpdocs/wp-content/plugins/wp-super-cache/wp-cache.php on line 65\nPHP message: PHP Warning: include(/home/krafhcnc/public_html/jodablog.com/wp-content/plugins/wp-super-cache/wp-cache-base.php): failed to open stream: Operation not permitted in /var/www/vhosts/jodablog.com/httpdocs/wp-content/plugins/wp-super-cache/wp-cache.php on line 65\nPHP message: PHP Warning: include(): Failed opening '/home/krafhcnc/public_html/jodablog.com/wp-content/plugins/wp-super-cache/wp-cache-base.php' for inclusion (include_path='.:/usr/share/php') in /var/www/vhosts/jodablog.com/httpdocs/wp-content/plugins/wp-super-cache/wp-cache.php on line 65\nPHP message: PHP Warning: include_once(): open_basedir restriction in effect. File(/home/krafhcnc/public_html/jodablog.com/wp-content/plugins/wp-super-cache/ossdl-cdn.php) is not within the allowed path(s): (/var/www/vhosts/jodablog.com/:/tmp/) in /var/www/vhosts/jodablog.com/httpdocs/wp-content/plugins/wp-super-cache/wp-cache.php on line 82\nPHP message: PHP Warning: include_once(/home/krafhcnc/public_html/jodablog.com/wp-content/plugins/wp-super-cache/ossdl-cdn.php): failed to open stream: Operation not permitted in /var/www/vhosts/jodablog.com/httpdocs/wp-content/plugins/wp-super-cache/wp-cache.php on line 82\nPHP message: PHP Warning: include_once(): Failed opening '/home/krafhcnc/public_html/jodablog.com/wp-content/plugins/wp-super-cache/ossdl-cdn.php' for inclusion (include_path='.:/usr/share/php') in /var/www/vhosts/jodablog.com/httpdocs/wp-content/plugins/wp-super-cache/wp-cache.php on line 82\n'
...

...
[Sun Oct 23 14:53:52.633651 2016] [:error] [pid 6556:tid 139627397269248] [client 46.119.127.129] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(\\\\d*|uploads\\\\/.*\\\\.(jpeg|jpg|gif|png|bmp))$" against "ARGS_GET:img" required. [file "/etc/apache2/modsecurity.d/rules/comodo/29_Apps_WPPlugin.conf"] [line "624"] [id "222050"] [rev "4"] [msg "COMODO WAF: Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress (CVE-2014-9734)||jodablog.com|F|2"] [hostname "jodablog.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WAzA8H8AAQEAABmcOLAAAABA"]
...

...
[Sun Oct 23 14:53:54.011700 2016] [:error] [pid 6556:tid 139627230881536] [client 46.119.127.129] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:(?<!\\\\w)(?:\\\\.(?:ht(?:access|group|passwd)|www_{0,1}acl)|boot\\\\.ini|global\\\\.asa|httpd\\\\.conf)\\\\b|/etc/)" at ARGS:file_link. [file "/etc/apache2/modsecurity.d/rules/comodo/01_Global_Generic.conf"] [line "52"] [id "211190"] [rev "8"] [msg "COMODO WAF: Remote File Access Attempt||jodablog.com|F|2"] [data "Matched Data: /etc/ found within ARGS:file_link: /etc/passwd"] [severity "CRITICAL"] [hostname "jodablog.com"] [uri "/wp-content/plugins/recent-backups/download-file.php"] [unique_id "WAzA8n8AAQEAABmcOLIAAABL"]

...
[uri "/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php"]
...

...
[uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"]
...

...
[uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"]
...

...
[uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php"]
...

...
[Wed Oct 26 08:46:32.667707 2016] [:error] [pid 2447] [client 195.154.242.146] ModSecurity: Multipart parsing error (init): Multipart: Invalid boundary in C-T (characters). [hostname "jodablog.com"] [uri "/"] [unique_id "WBBfWH8AAQEAAAmPeRUAAAAD"]
[Wed Oct 26 08:46:32.668140 2016] [:error] [pid 2447] [client 195.154.242.146] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/apache2/modsecurity.d/rules/comodo/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||jodablog.com|F|2"] [data "Multipart: Invalid boundary in C-T (characters)."] [severity "CRITICAL"] [hostname "jodablog.com"] [uri "/"] [unique_id "WBBfWH8AAQEAAAmPeRUAAAAD"]
...


Pls. consider to hire a server administrator for your server, if you are overwhelmed with the server administration tasks ( depending to "How to configure an apache2 - webserver", "How to adjust WAF - rules", "How to install wordpress theme", or "How to install and configure additional Wordpress Plugins" ). Here at the Plesk - Forum, we are able to help you with your issues/errors/problems and questions, but we are not able to administrate the server for you.
 
Hi Kingsley,





Even that the suggestion was to change "reload" to "restart" in your file "/etc/logrotate.d/apache2", you can see from your status - command, that you either re-changed the file again, or that you have more, additional logrotate - configuration files at "/etc/logrotate.d/", which reload the apache server, instead of restarting it.

In addition, pls. note, that

this has got nothing to do with Plesk itself, it's YOUR unique configuration, which results in apache2 - issues/errors/failures/problems. Plesk does not change and does not modify existing logrotation files.



If you would inspect as well the corresponding log - file from your attachment "jodalog.txt", you would have noticed additional misconfigurations, as for example:




Pls. consider to hire a server administrator for your server, if you are overwhelmed with the server administration tasks ( depending to "How to configure an apache2 - webserver", "How to adjust WAF - rules", "How to install wordpress theme", or "How to install and configure additional Wordpress Plugins" ). Here at the Plesk - Forum, we are able to help you with your issues/errors/problems and questions, but we are not able to administrate the server for you.

I did not change the file, just as you instructed i used the one you gave to me.
 
I have exactly the same problem :/
Ubuntu 16.04.1 LTS‬ & Plesk Onyx 17.0.17 Update #4

Around 6am, Apache stops working.
 
Hello,
I had the same issue with 502 errors,
The problem was fail2ban banned IP server address
I also whitelisted my server IP, but today there is update for fail2ban and some other plesk files
 
Last edited:
Hi jth,

... but 127.0.0.1/8 is whitelisted ...
Pls. note, that the whitelisting of "localhost", doesn't include your unqiue server IPs. Pls. consider to ADD them as well to your whitelist.

Another reason can be logrotate. Pls. see the suggestions as for example at: => #4
 
Yes I've both installed but 127.0.0.1/8 is whitelisted and modsecurity is turned off.

@dyrer
I've updated plesk to #5, I will se if I get 502 tomorrow :/

I moved to a cenos7 server and installed fail2ban only but its using almost 70% of my RAM
 
Back
Top