I'm trying to setup Nginx as a reverse proxy to Apache for a site running locally on :8080 and externally accesible via lessico.pistacchioso.com. The current configuration leads to a 502 - Bad Gateway error.
#/etc/apache2/ports.conf
Listen 127.0.0.1:8080
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Then
#/etc/apache2/sites-enabled/lessico
NameVirtualHost 127.0.0.1:8080
<VirtualHost 127.0.0.1:8080>
ServerAdmin webmaster@localhost
ServerName lessico.pistacchioso.com
DocumentRoot /home/pistacchio/sites/lessico/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/pistacchio/sites/lessico/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
And finally
#/etc/nginx/sites-enabled/default
server {
listen 80;
server_name corpus.pistacchioso.com;
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
server {
listen 80;
server_name lemmi.pistacchioso.com;
access_log /var/log/nginx/localhost.access.log;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
Any help on how to set this up properly? Thanks
Generally, 502 means the NGINX server couldn't connect to your upstream proxy.
-Wikipedia
If you look in your error log (Could be one of /var/log/nginx/error.log, /var/log/nginx/error_log or /usr/local/nginx/var/log/error.log but see your configuration) you should see some relevant errors allong the lines of.
If you see something like that, it probably means your NGINX server can't talk to your upstream. If you SSH on to the server, you can run a few commands to check a basic connection to the upstream can be established. Try running the command;
That sends a HTTP HEAD request to your local server. In the output the first line should be something like
or
If it's anything other than a 200 response code it means there's something wrong with the Apache server. If it's a 500+ error check the Apache error logs to see what they thing the issue is. If this command gives you any sort of timeout or an error like
There is a networking issue with the Apache server.
First try checking your firewall, it might be blocking the port. I think generally all firewalls should allow all ports on the loopback address, but I could be wrong so it's always worth checking. Run
That will return any firewall rules related to the port 8080, it doesn't confirm if it's blocked or unblocked but it will flag up any obvious rules. Next check Apache is running and listening on the port it thinks it's listening on.
This will return all the Apache processes, there should be at least two results returned (One httpd process and one
grep httpdprocess) but there may be more depending on your configuration. Next to check the port run thisThis will return all the processes listening on port 9000. You should have at least one 'httpd' process which will look something like this
That's a pretty decent diagnosis of 'is a process listening correctly', if your firewall is OK, the processes are up and listening on the right port, but you still can't get any response, even an error, the issue could be much deeper. Post the last few lines of your Apache and NGINX error logs, they might give a bit more information.