Issue nginx 502 Bad Gateway when using https with webmail subdomain

[AndyM]

Operating System: Ubuntu 12.04.5 LTS; Plesk Onyx v17.0.17 build1700161028.14
Apache, nginx, PHP-FPM 5.6.30, Fail2ban, Dovecot IMAP/POP3, QMail, SpamAssassin

After struggling for many hours and researching forum threads, I cannot figure out how to configure nginx to allow access to webmail (webmail.domain.com) through https://. Currently I get "502 Bad Gateway". It works fine with http://. I wish to switch to https for all domains. While I do have Let's Encrypt certs applied to 4 domains and a GeoTrust cert for 1 domain, I'm not worried about using the SSL certificate just yet. I just want to get https working first.

Apache, nginx, PHP-FPM, and Fail2ban are all running properly. I know the issue relates to "111: Connection refused". Here is what is showing in /var/log/nginx/error.log:

2017/05/15 19:45:50 [error] 6893#0: *36785 connect() failed (111: Connection refused) while connecting to upstream, client: ...., server: webmail.mydomain.com, request: "GET / HTTP/1.1", upstream: "https://[ip address]:7081/", host: "webmail.mydomain.com"

What I've tried already with no success:
- I have added my server's IP address to Trusted IP's
Websites show 502 Bad Gateway after enabling nginx on a server with Fail2ban
Issue - 502 Bad Gateway on webmail.domain.com

Apache is listening on port 7080, but this error is for 7081. Is this related to my problem?
tcp6 0 0 7080 * LISTEN 555/apache2

What other config files do you need for assistance? I will offer more as needed, but as a beginner I'm confused as to which config settings are important here. Thanks in advance.

 

[Bitpalast]

Please make sure that httpd is listening on port 7081. What is the output of
# netstat -nlp | grep 7081
? (The pound sign "#" is indicating the prompt, do not include this when entering the command.)

It should yield something very similar to

tcp6       0      0 :::7081                 :::*                    LISTEN      23317/httpd

 

[UFHH01]

Hi AndyM,

Apache is listening on port 7080, but this error is for 7081. Is this related to my problem?

Pls. note:

"7080" = HTTP
"7081" = HTTPS​

Pls. check as well the webmail - corresponding - log - files at

=> /var/log/plesk-roundcube​

or

=> /var/log/psa-horde​

 

[AndyM]

Peter & UFHH01, I truly appreciate your responses and help.

I'm using Roundcube for webmail and see nothing related to this error in my /var/log/plesk-roundcube. It was updated at least a few days ago and should have had something this morning as I created the error again.

In SSH, after typing "netstat -nlp | grep 7081" and pressing return nothing appears. When I enter "netstat -nlp | grep 7080" I get
tcp6 0 0 :::7080 :::* LISTEN 7935/apache2

So this means httpd is not listening on port 7081? I recently started using https:// for all the websites of my domains, just not webmail subdomain.

In case you're wondering about zz010_psa_httpd.conf, I don't have an "httpd" directory of "/etc/httpd/... I do have /etc/nginx/conf.d/zz010_psa_httpd.conf
It does not contain "IncludeOptional". Here are the contents:
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmails/*.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;

 

[UFHH01]

Hi AndyM,

In case you're wondering about zz010_psa_httpd.conf, I don't have an "httpd" directory of "/etc/httpd/...

CentOS/RHEL and Debian/Ubuntu - based systems have sometimes different paths. Nothing to worry about.

So this means httpd is not listening on port 7081?

Correct.

Restart apache and search again in your apache logs for possible errors/problems ( grep 7081 /var/log/apache2/* ).

Consider as well to rebuild all your webserver configuration files with for example:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

 

[AndyM]

Hi AndyM,

Restart apache and search again in your apache logs for possible errors/problems ( grep 7081 /var/log/apache2/* ).

Consider as well to rebuild all your webserver configuration files with for example:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Yes, I've run the reconfigure-all command many times lately. As for apache log, I see this which might be of interest. 7081 has no virtual hosts. What does this mean. Can I make this work, or do I need to stop using nginx?
......
[Tue May 16 04:26:51 2017] [warn] NameVirtualHost 127.0.0.1:7081 has no VirtualHosts
[Tue May 16 04:26:51 2017] [warn] NameVirtualHost [my ip address]:7081 has no VirtualHosts
[Tue May 16 04:26:51 2017] [notice] Digest: generating secret for digest........

 

[UFHH01]

Hi AndyM,

pls. start with the following steps:

1. Go to HOME > Tools & Settings > IP Addresses

... choose each listed IP address and assign a default domain for each IP.
​

2. Go to HOME > Service Plans > YOUR-SERVICE-PLAN-NAME > (tab) Hosting Parameters

and choose "SSL/TLS support" ( and optional, but recommended "Permanent SEO-safe 301 redirect from HTTP to HTTPS" )
​

3. Make sure, that your service - plan(s) are synced with the corresponding subscriptions.

4. Make sure, that nginx has been enabled and is up and running ( => /usr/local/psa/admin/bin/nginxmng -s / service nginx status ).

5. Use the "Plesk Repair Utility" in case that you experience issues/errors/problems ( => Plesk Repair Utility )

6. Restart all webserver relevant services ( service apache2 restart / service nginx restart / service php-fpm restart or service php5-fpm restart )

7. Even that you are on Linux... you "normally" don't have to reboot/restart, but sometimes ( in case of recent kernel updates/upgrades, a reboot is necessary! )

8. Check again relevant logs for recent errors/issues/problems and pls. post the NEW entries in case that you still experience issues.

9. Pls. don't forget, that a cup of coffee/tea or a walk will not solve your issue, but it could help to unblock your brains and will sometimes help to inspire you, so that further investigations result in finding your root cause. ​