502 error in Nginx reverse proxy. The following are the specific steps:
1. The nature of 502 error
502 error full nameBad Gateway, the essence isNginx is a proxy server and cannot get a valid response from upstream servers (such as Tomcat/PHP/FastCGI). Common reasons include:
- Upstream server down or unresponsive
- The proxy timeout is too short
- Insufficient number of connections/processes
- Firewall/SELinux Intercept
- DNS resolution failed
2. Step-by-step troubleshooting and solutions
1. Step 1: Confirm whether the upstream server is alive
operate: Bypass Nginx directly and usecurlAccess backend services
Example:
# Assume that the backend service port is 8080curl http://127.0.0.1:8080
- If return to normal content: The problem is in Nginx configuration
- If timeout/connection fails: Repair the backend service first
2. Step 2: Adjust the Nginx timeout parameters
Nginx has a short default timeout (such as 60 seconds), which can be extended by the following configuration:
Modify Nginx configuration(path:/etc/nginx/or/*.conf):
location / {
proxy_pass http://backend_server;
# Timeout time for connecting to the upstream server (default 60s) proxy_connect_timeout 120s;
# Timeout time for reading response from upstream server (default 60s) proxy_read_timeout 120s;
# Timeout time for sending a request to the upstream server (default 60s) proxy_send_timeout 120s;
}
Take effect:
sudo nginx -s reload
3. Step 3: Solve the problem of insufficient connections
Phenomenon: A large number of 502 errors, accompanied by Nginx logsupstream prematurely closed connection
Solution:
- Increase the number of Nginx worker connections:
worker_processes 4; # Adjust according to the number of CPU cores worker_connections 10240; # Maximum number of connections per worker
- Configure the backend server Keepalive(Reduce frequent new connections):
upstream backend_server {
server 192.168.1.10:8080;
keepalive 32; # Keep 32 idle connections }
location / {
proxy_pass http://backend_server;
proxy_http_version 1.1;
proxy_set_header Connection ""; # Close the proxy layer's Connection: close }
4. Step 4: Check the firewall and SELinux
Firewall(Take CentOS as an example):
# Open the port for Nginx to communicate with the backend serversudo firewall-cmd --add-port=8080/tcp --permanent sudo firewall-cmd --reload
SELinux(Temporarily close the test):
sudo setenforce 0 # Temporary Close # Or permanently closed(Revise/etc/selinux/config)
5. Step 5: Fix DNS resolution problem
Phenomenon: Use domain names in proxy configuration (such asproxy_pass 502 appears when )
Solution:
- Plan 1: Use the IP address directly
- Plan 2: Configure Nginx dedicated DNS resolver:
upstream backend_server {
server resolve; # Enable parsing resolver 8.8.8.8 8.8.4.4; # Specify the DNS server resolver_timeout 5s; # parse timeout }
6. Step 6: Other FAQs
- FastCGI/PHP configuration error(Take PHP as an example):
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Need to be surephp-fpmThe service runs, andlistenThe port is correct.
- Improper load balancing configuration:
- If used
least_connorip_hash, you need to check whether the backend server is all healthy.
3. Log positioning skills
View Nginx error log (path:/var/log/nginx/):
tail -f /var/log/nginx/
Key Error Keywords:
-
connect() failed: Connection failed (IP/port error) -
upstream timed out: Timeout (adjust the timeout parameter)
-
-
no live upstreams: There are no surviving nodes on the upstream server (check load balancing configuration)
-
- Follow the above steps to check gradually, 90% of 502 errors can be solved. If the problem remains the same, it is recommended to check the logs of the backend server (such as Tomcat/PHP-FPM logs) for further location.
The above is the detailed content of the resolution steps for 502 errors in Nginx reverse proxy. For more information about Nginx reverse proxy 502 errors, please pay attention to my other related articles!