• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question NGINX 502 error page location

Thank you for your reply @IgorG .

None of those documents has the location of this '502 bad gateway' error page file.

Tried Google as well, All the locations of NGINX error pages doesn't have in Plesk.

I was wondering is it auto generated.
 
Hi IgorG,

Current content of vhost 'Bad Gateway' is
--------------------------------------------
Bad Gateway
Web server received an invalid response while acting as a gateway or proxy server.


Web Server at domain.tld
-------------------------------------------
I'm looking for this file, which generate
------
502 Bad Gateway
nginx
-----

All I'm trying to do is empty content of above file and add html auto refresh as it appears(yes! for a sec) every time I modify a domain in Plesk. So the customer wont notice that.

If you can help, I will really appreciate that.

I do understand the issue caused by Apache restarting when we modify a domain and there is no solution for this when we are using ngnix as a proxy.

Thank you.
 
AusWeb said:
I do understand the issue caused by Apache restarting when we modify a domain and there is no solution for this when we are using ngnix as a proxy.
Click to expand...

There is this solution for it: https://support.plesk.com/hc/en-us/articles/213907285

When you uses graceful restart, make sure that your Apache restart interval (Tools & Settings > General Settings > Apache Webserver Settings ) is set to a value higher 20 seconds, else graceful restarts can have negative side effects.
 
AusWeb said:
I have set Apache restart interval to 25sec but it seems Apache is restarting immediately producing page below
Click to expand...
Not a problem. Ignore. The interval does not define how long Apache shall wait after a configuration change to load that configuration. It only defines how long Apache shall wait after one restart to do another. The setting is correct, graceful restart is definitely a valid approach to solve the 502 that you are seeing after web server configuration updates.

That you are still seeing the 502 is probably caused by a second restart attempt while the first restart attempt has not been completed. I think that the order of these log events describe this:

Code: 
[Wed Jan 18 06:09:38 2017] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips Apache mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Wed Jan 18 06:09:38 2017] [notice] caught SIGTERM, shutting down
The first line confirms that after a restart Apache became available again, and immediately afterwards another shutdown process is logged, with the last line
Code: 
[Wed Jan 18 06:09:42 2017] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips Apache mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
showing that the second restart is finished. However, why are there two restarts? There should only be one.

The two restarts are too close in time and probably overlapping for a short moment. I am not sure however, what exactly is causing that. Your log shows that you are using mod_security. I'd disable that for a test to see whether the issue still occurs afterwards. The many certificate warnings are also strange. If it is not for mod_security, could it be that you are using some specific extension, other security software, anything that is interacting with Apache or system processes that is not "standard"?
 
Hi,

@Peter Debik Thank you very much! I've been looking for an answer for this issue all this time.

I disabled the Mod_Security and change the php version of a domain.

My error Apache error_log entry per ONE domain modification is now,

Code: 
[Wed Jan 18 08:11:13 2017] [notice] Graceful restart requested, doing restart
[Wed Jan 18 08:11:17 2017] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 18 08:11:17 2017] [notice] Digest: done
[Wed Jan 18 08:11:18 2017] [error] python_init: Python version mismatch, expected '2.6.5', found '2.6.6'.
[Wed Jan 18 08:11:18 2017] [error] python_init: Python executable found '/usr/bin/python'.
[Wed Jan 18 08:11:18 2017] [error] python_init: Python path being used '/usr/lib64/python26.zip:/usr/lib64/python2.6/:/usr/lib64/python2.6/plat-linux2:/usr/lib64/python2.6/lib-tk:/usr/lib64/python2.6/lib-old:/usr/lib64/python2.6/lib-dynload'.
[Wed Jan 18 08:11:18 2017] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Jan 18 08:11:18 2017] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.tld' does NOT match server name!?
[Wed Jan 18 08:11:18 2017] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Jan 18 08:11:18 2017] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations

Is it the Mod_Security is doing the second restart? seems like it.

How can we fix this issue?

P.S I guess all the cert error for the individual domains.
 
I remember a recent case where
/etc/logrotate.d/mod_security
had a restart command in it. mod_security cannot restart Apache, but logrotate can, and when logrotate should be executed, it will read the apache file and mod_security log rotation configuration and might restart Apache a second time. So please take a look at /etc/logrotate.d/mod_security. It there is an Apache restart command in it, remove it. That should eliminate the "second" restart.
 
Hi @Peter Debik ,

Thank you for being very helpful.

This is my /etc/logrotate.d/mod_security

Code: 
/var/log/modsec_audit.log {
        daily
        rotate 7
        missingok
        compress
        postrotate
                /sbin/service httpd reload > /dev/null 2>/dev/null || true
        endscript
}

I removed the,

Code: 
/sbin/service httpd reload > /dev/null 2>/dev/null || true

Should I restart the server?

It still didnt fix the issue.

If you have anymore ideas please let me know.
 
Last edited:
I don't see how the 502 can still be there, if Apache is doing graceful restarts, not overlapping several restarts at the same time.

502 means that Nginx cannot forward a request to it or receive a response. Normally this can only happen if Apache does not answer Nginx or fail2ban is blocking the IP. It only does not answer when it is not running (during a restart) or after a long timeout that can be caused by long running scripts. On a graceful restart Apache is merely reloading the configuration, but it is not interrupting the process. Logs are showing that the restart is done gracefully. There is no reason how a configuration change can still lead to a 502. There must be additional aspects that we have not discussed in this thread.
 
Hi @Peter Debik ,

Thank for the reply. I mean even though I removed

Code: 
/sbin/service httpd reload > /dev/null 2>/dev/null || true

Apache restart twice. Which cause the issue when Mod_Security is enabled.
 
Well, I think the concept should be clear by this point. The rest is more or less up to you. Sure, there can be other things causing the additional restart. Maybe the file that was edited is not the right one? I suggest to do further research on it. Eventually you'll figure it out. So far you did not really mention whether the 502 still exists when mod_security is disabled. You would not want to look into the restart issue further if that does not fix it, right?
 
Hi @Peter Bradley,

Thank you for your help. At the moment I guess Mod_Security causing the second restart.

I will try to figure this out.

Very annoying issue.

Thank you very much for your time. Really appreciate it. I had no idea what cause this 502 error. Now I know there is a second restart.
 
Hi @Peter Debik ,

I can confirm that Mod_Security is not the one doing the second apache restart.

I tried with the Mod_Security disabled but the second restart still appears in error_log.

I will attach the error log and create a new tread. Hoping someone from Plesk Team will see and answer.
 

Attachments

  • error_log.txt
    134.5 KB · Views: 3
You must log in or register to reply here.

Similar threads

A
Issue 502 Bad Gateway nginx - have not changed anything
Replies
2
Views
256
Another_Omeka_User
A
T
Resolved IPv6 address connect() failed (111: Connection refused) while connecting to upstream
Replies
2
Views
908
TomE
T
Mlieder
Question Problems with Joomla and my domains on Plesk Obsidian on Ubuntu 22.04
Replies
1
Views
645
Mlieder
Mlieder
B
Issue All my nodeJS sites having nginx 502 Error after restoring bakcup
Replies
8
Views
884
Peter Debik
P
T
Issue 502 Bad Gateway after I changed one of domain names
Replies
13
Views
2K
WebHostingAce
WebHostingAce
Back
Top