• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Some errors only on som of the domains (111: Connection refused) while connecting to upstream

bulent

bulent

Regular Pleskian
On some of the domains I have begin to get 502 Bad Gateway error. When I checked the log, there is:

3229#0: *67 connect() failed (111: Connection refused) while connecting to upstream

It's pnly on some domains and when I set "FPM application set by nginx" it seems fork fine

I saw that, this morning plesk has updated to 12.5.30 Update #28

Is someone have this problem I how can I solve it.

PS
I tried to rbuild config for these domains, it did not help/there was no errors/
 
Strange things happens!

I have found the cause of the problem, some of the server IPs were blocked by Fail2Ban. I have moved them to trusted list and now everything is fine.
 
bulent said:
Strange things happens!

I have found the cause of the problem, some of the server IPs were blocked by Fail2Ban. I have moved them to trusted list and now everything is fine.
Click to expand...

are you serious? i have having this same issue with 7 domains, i moved some to namecheap leaving only 3 ( 2 wp & 1 piwik) up till now 19 days no error of this kind.


Should i ask for refund and move them back?
 
Exactly that was the issue. From 10 domains only on 2 domains and 1 subdomain were with that issues.
After little bit digging I checked the IPs in fail2ban ban list, two of them were my vps extra IPs. When I added them in trusted list, everything worked.
 
Hey thanks for your post @bulent and sorry to hear of your dilemma @Kingsley, after much head scratching - this post seems the most relevant (and works), but I'm unsure if this is the correct fix for the longrun as there is obviously an underlining configuration change since #28 which we are ignoring? o_O

I've had this problem the last few days and it only seems apparent since update #28 (I noted Nginx was updated to 1.9.14 in #28 too).

I have now added my server IP to my trusted IP's as it had indeed added itself to fail2ban.
Have you had any 502 Bad gateway issues since whitelisting your IP's at all? :)
 
@bulent, @Kingsley, @Jay Pee

In essence, the "Fail2Ban whitelisting solution" is a work-around, that is related to TWO (factual) issues:

a) Fail2Ban is actually reading your proxy_error_log, hence blocking the server IP: this should not be the case.

Note that on specific OSes this is very likely to happen, but the solution is very simple: just change the logpath (for a jail) to /var/www/vhosts/system/*/logs/error_log.

Note that you can find the specific jails by having a look at /etc/fail2ban/jail.local or via the Plesk Panel (just click on the jails)

Note that the default Plesk jail configuration should not have any regexp "*error_log": if it does, just let me know (please)!!

b) Another underlying problem causing the upstream connection issue in the past, upon which Fail2Ban has reacted (after some failed connection attempts).

Note that whitelisting the server IP addresses can only work if the original upstream connection issue has already been resolved.

Note that, in most cases, the upstream connection issue (from the past) has been already resolved by the application of multiple micro-updates, explaining why step a is sufficient.


In conclusion, try the solution as explained in step a): make sure that Fail2Ban does not read the proxy_error_log.

This will prevent future problems.

Hope the above helps.

Regards.....
 
@trialotto
Thank you for your detailed explanation.
Being a learned chap, I hope you don't mind me staring at the screen a little longer than the other two chaps trying to comprehend as they certainly seem a little more proficient than I. :rolleyes:

On clicking plesk-apache then change settings (in plesk), there were these two lines in the log path area.

/var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log

Is this correct or require editing still?
Kind regards in advance :)
 

Attachments

  • plesk-apache-logs.jpg
    plesk-apache-logs.jpg
    11.9 KB · Views: 5
@Jay Pee

I suppose that you are running CentOS. But I can better ask: which OS do you use?

Note that my post was also intended for Plesk Team, since there are some ambiguities (or things to improve) with respect to the default jails and jail settings for Fail2Ban in Plesk.

Any feedback from forum members simply do make life more easy.

Regards.....
 
trialotto said:
@bulent, @Kingsley, @Jay Pee

In essence, the "Fail2Ban whitelisting solution" is a work-around, that is related to TWO (factual) issues:

a) Fail2Ban is actually reading your proxy_error_log, hence blocking the server IP: this should not be the case.

Note that on specific OSes this is very likely to happen, but the solution is very simple: just change the logpath (for a jail) to /var/www/vhosts/system/*/logs/error_log.

Note that you can find the specific jails by having a look at /etc/fail2ban/jail.local or via the Plesk Panel (just click on the jails)

Note that the default Plesk jail configuration should not have any regexp "*error_log": if it does, just let me know (please)!!

b) Another underlying problem causing the upstream connection issue in the past, upon which Fail2Ban has reacted (after some failed connection attempts).

Note that whitelisting the server IP addresses can only work if the original upstream connection issue has already been resolved.

Note that, in most cases, the upstream connection issue (from the past) has been already resolved by the application of multiple micro-updates, explaining why step a is sufficient.


In conclusion, try the solution as explained in step a): make sure that Fail2Ban does not read the proxy_error_log.

This will prevent future problems.

Hope the above helps.

Regards.....
Click to expand...

Thanks
 
You must log in or register to reply here.

Similar threads

M
Issue Database Connection Refused 10 mins after Deploy
Replies
1
Views
375
scsa20
scsa20
T
Resolved IPv6 address connect() failed (111: Connection refused) while connecting to upstream
Replies
2
Views
2K
TomE
T
Mario Chamorro
Input Webmail 502 Bad Gateway
Replies
0
Views
2K
Mario Chamorro
Mario Chamorro
B
Issue All my nodeJS sites having nginx 502 Error after restoring bakcup
Replies
8
Views
2K
Peter Debik
P
R
Resolved upstream timed out (110: Connection timed out) while connecting to upstream
2
Replies
24
Views
23K
rhand
R
Back
Top