@David_W and
@boosterfan,
It seems to be the case that you are both using Hetzner, a server/hosting provider that uses a particular network setup and configuration.
In the case of Hetzner, a 502 Nginx is common to be one of the following:
a) activation of the Web Application Firewall (WAF) with setting "on" is resulting in a lot of log entries of various IP addresses, related to or belonging to the server.
Check: if you set WAF to "off" and the 502 error disappears, it is Fail2Ban scanning the WAF log files and blocking the server IP addresses.
Solution A: if the issue is WAF/Fail2Ban related, just whitelist your server IPs in Fail2Ban and Nginx should be running
Solution B: change the Fail2Ban plesk-modsecurity filter (go to "Tools & Settings > Fail2Ban > Jails > Manage Filters > plesk-modsecurity (click/select)") and add some appropriate regexp to the "ignoreregex=" line. For instance, this works: \[.*?\]\s\S*\s<IP Address>\s and <IP Address> should be replaced with the relevant IP address(es) of the server.
Note: it is better to use solution B, since it will increase performance of Fail2Ban. However, solution B is error-prone, so I would
strongly recommend solution A.
b) an incorrect configuration on the server side, being the Plesk instance.
Check: if you did use a custom network setup, in order to allow for the particular Hetzner network structure, have a look at your /etc/network/interfaces file. You will notice that is really completely different from the default network setup, used by Plesk, for instance when adding an (extra) IP.
Solution A: check for the IP ranges, required for the Hetzner network, and add them to the Fail2Ban whitelist (and if needed, also add them to a "allow" rule in Plesk Firewall).
Solution B: consider to rewrite the /etc/network/interfaces file.
Do NOT do this if you are not familiar with network configuration!
c) an incorrect configuration on the server side, being the servers of Hetzner upon which a VPS is hosted OR being the network infrastructure of Hetzner.
Solution: create a ticket or contact Hetzner for support.
Hope the above helps a bit to get to the root cause of the problem and the solution thereof.
As a final remark, I would
strongly recommend that one starts the error analysis by (first) following point a, (second) follow point b and, if that does not work, to post your results on this forum or contact Hetzner directly.
Regards.....
Facebook
Twitter
