We Keep Coding

JQuery Post - random 502 bad gateway error - NGINX

I am noticing strange behavior with my code. ( PHP 7.4 ).
I am using Jquery (jquery-3.6.0.min.js).
I am using JQuery post to retrieve the data from the server, but randomly ( sometimes on every 4th attempt ), I do get for the same request 502 Bad Gateway - with no errors in NGINX.
The jquery code is:
$.post(IBE_URL+"/assets/ajax/tour-addons.php",
payload,
function(data, status){
$("#addon_canvas_body").html(data);
});
The current nginx configuration is:
## For a live site, handling more connections, uncomment, then start WinNMP.exe --phpCgiServers=25:
#worker_processes auto;
#worker_rlimit_nofile 100000;
events {
## For a live site, uncomment:
#worker_connections 8096;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
ssi off;
server_names_hash_bucket_size 64;
## Timeouts ##
##############
client_body_timeout 5;
client_header_timeout 5;
keepalive_timeout 25 25;
send_timeout 15s;
resolver_timeout 3s;
# Timeout period for connection with FastCGI-server. It should be noted that this value can't exceed 75 seconds.
fastcgi_connect_timeout 5s;
# Amount of time for upstream to wait for a fastcgi process to send data.
# Change this directive if you have long running fastcgi processes that do not produce output until they have finished processing.
# If you are seeing an upstream timed out error in the error log, then increase this parameter to something more appropriate.
fastcgi_read_timeout 40s;
# Request timeout to the server. The timeout is calculated between two write operations, not for the whole request.
# If no data have been written during this period then serve closes the connection.
fastcgi_send_timeout 15s;
## Buffers ##
#############
fastcgi_temp_file_write_size 10m;
#fastcgi_busy_buffers_size 512k;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 512k;
open_file_cache off;
# php max upload limit cannot be larger than this
client_max_body_size 50m;
####client_body_buffer_size 1K;
client_header_buffer_size 8k;
large_client_header_buffers 8 16k;
types_hash_max_size 2048;
include nginx.mimetypes.conf;
default_type text/html;
## Logging ##
#############
access_log "c:/winnmp/log/nginx_access.log";
error_log "c:/winnmp/log/nginx_error.log" warn; #debug or warn
log_not_found on; #enables or disables messages in error_log about files not found on disk.
rewrite_log off;
fastcgi_intercept_errors off; # Do Not Change (off) !
gzip off;
index index.php index.htm index.html;
server {
# NEVER ALLOW PUBLIC ACCESS TO THIS SERVER !!!
# Instead, create projects using WinNMP Manager, and allow public access only to those projects!
# How to allow access from LAN and Internet to your local project:
# http://WinNMP.wtriple.com/howtos.php#How-to-allow-access-from-LAN-and-Internet-to-your-local-project
listen 127.0.0.1:80 default_server; # Do Not Change ! Security Risk !
#listen [::1]:80 ipv6only=on; # Do Not Change ! Security Risk !
server_name localhost; # Do Not Change ! Security Risk !
# This directive is modified automatically by WinNMP.exe for portability.
root "c:/winnmp/www";
autoindex on;
allow 127.0.0.1; # Do Not Change ! Security Risk !
allow ::1; # Do Not Change ! Security Risk !
deny all; # Do Not Change ! Security Risk !
## deny access to .htaccess files, if Apache's document root concurs with nginx's one
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
log_not_found off;
}
## Tools are now served from include/tools/
location ~ ^/tools/.*\.php$ {
root "c:/winnmp/include";
try_files $uri =404;
include nginx.fastcgi.conf;
fastcgi_pass php_farm;
allow 127.0.0.1; # Do Not Change ! Security Risk !
allow ::1; # Do Not Change ! Security Risk !
deny all; # Do Not Change ! Security Risk !
}
location ~ ^/tools/ {
root "c:/winnmp/include";
allow 127.0.0.1; # Do Not Change ! Security Risk !
allow ::1; # Do Not Change ! Security Risk !
deny all; # Do Not Change ! Security Risk !
}
## How to add phpMyAdmin
## Copy phpMyAdmin files to c:/winnmp/include/phpMyAdmin then uncomment:
#location ~ ^/phpMyAdmin/.*\.php$ {
# root "c:/winnmp/include";
# try_files $uri =404;
# include nginx.fastcgi.conf;
# fastcgi_pass php_farm;
# allow 127.0.0.1;
# allow ::1;
# deny all;
#}
#location ~ ^/phpMyAdmin/ {
# root "c:/winnmp/include";
#}
## Notice that the root directive lacks /phpMyAdmin because Nginx adds the URL path /phpMyAdmin to the root path, so the resulting directory is c:/winnmp/include/phpMyAdmin
## PHP for localhost ##
#######################
location ~ \.php$ {
try_files $uri =404;
include nginx.fastcgi.conf;
include nginx.redis.conf;
fastcgi_pass php_farm;
allow 127.0.0.1; # Do Not Change ! Security Risk !
allow ::1; # Do Not Change ! Security Risk !
deny all; # Do Not Change ! Security Risk !
}
# How to allow access from LAN and Internet to your local project:
# http://WinNMP.wtriple.com/howtos.php#How-to-allow-access-from-LAN-and-Internet-to-your-local-project
}
include domains.d/*.conf;
include nginx.phpfarm.conf;
}
Considering I'm on windows machine, I'm using WinNMP to run NGINX.
The things that I believe that are important, that I have checked are:
The payload is an array containing 2 short strings ( up to 5 characters ) with no strange characters
I have re-worked the tour-addons.php script to only return a string "ok" and 200 HTTP code, to make sure the the amount of data going over a network is not an issue - still the same behavior
Following the online responses, I have updated my fastcgi parameters and have restarted NGINX, but still the same result.
I have also tried to make the intervals between the requests to be longer ( up to 10-15 seconds ) to make sure that I am not sending too many requests in short amount of time, but still with the same result. Even with 30 seconds in between the requests, for the SAME request, every 4th fails.
If I use postman to send the requests, the same behavior is repeated with 502 bad gateway having the error: The server was acting as a gateway or proxy and received an invalid response from the upstream server.
Thank you in advance!

Problems parsing PHP code in HTML files with Nginx FastCGI?

I am trying to migrate my website from LAMP to NGINX FastCGI on Linux on AWS and I am having problems trying to parse PHP in some legacy .htm files on my site.
I have tried the solutions listed here:
HTML files as PHP in Nginx
php code inside html files not executed
NGINX execute embedded PHP in HTML file
Specifically, I am using:
location ~ \.(php|html|htm)$ {
and
security.limit_extensions = .php .htm .html
in my /etc/nginx/sites-available/mybrokensite.com and /etc/php-fpm.d/www.conf files.
When I open the .htm files in my browser, I just get a blank page. When I view source, I see the entire raw php and html in the file. If I rename the file with a .php extension it interprets the php and I get the formatted html file that I expect in my browser.
I used the following steps to setup my NGINX FastCGI Wordpress server:
https://gist.github.com/ericandrewlewis/95239573dc97c0e86714
Here is my config:
# Define the microcache path.
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=microcache:100m inactive=60m;
# Redirect http traffic to https
server {
listen [::]:80;
listen 80;
server_name www.mybrokensite.com mybrokensite.com;
return 301 https://mybrokensite.com$request_uri;
}
# Redirect www https traffic to non-www https
server {
listen 443 ssl;
ssl_certificate_key /etc/sslmate/mybrokensite.com.key;
ssl_certificate /etc/sslmate/mybrokensite.com.chained.crt;
server_name www.mybrokensite.com;
return 301 https://mybrokensite.com$request_uri;
}
server {
listen 443 ssl;
server_name mybrokensite.com;
# Include defaults for allowed SSL/TLS protocols and handshake caches.
include h5bp/directive-only/ssl.conf;
# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate_key /etc/sslmate/mybrokensite.com.key;
ssl_certificate /etc/sslmate/mybrokensite.com.chained.crt;
# Path for static files
root /sites/mybrokensite.com/public;
#Specify a charset
charset utf-8;
# Include the basic h5bp config set
include h5bp/basic.conf;
location / {
index index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.(php|html|htm)$ {
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_method$request_uri;
fastcgi_cache_valid 200 304 10m;
fastcgi_cache_use_stale updating;
fastcgi_max_temp_file_size 1M;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# Local variables to track whether to serve a microcached page or not.
set $no_cache_set 0;
set $no_cache_get 0;
# If a request comes in with a X-Nginx-Cache-Purge: 1 header, do not grab from cache
# But note that we will still store to cache
# We use this to proactively update items in the cache!
if ( $http_x_nginx_cache_purge ) {
set $no_cache_get 1;
}
# If the user has a user logged-in cookie, circumvent the microcache.
if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $no_cache_set 1;
set $no_cache_get 1;
}
# fastcgi_no_cache means "Do not store this proxy response in the cache"
fastcgi_no_cache $no_cache_set;
# fastcgi_cache_bypass means "Do not look in the cache for this request"
fastcgi_cache_bypass $no_cache_get;
}
}
My site is mostly a Wordpress site with some legacy .htm files with php in them. I am new to NGINX and any help would be greatly appreciated.

Why nginx always redirects to one of my virtual hosts?

I have several virtual hosts configured with nginx. They are very simiral to each other and for most of them, everything seems to be working fine.
However,
If I hit the server through a url that does not have any virtual host configured, nginx always redirects to one of the existing virtual hosts (seems to be the first one in the list.
Same happens if I simply go there using IP address.
Most of the virtual hosts look like this:
server {
server_name iibs.co;
return 302 $scheme://www.iibs.co$request_uri;
}
server {
server_name www.iibs.co;
root /var/www/iibs.co;
index index.php;
include global/restrictions.conf;
client_max_body_size 64M;
# Additional rules go here.
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
# Only include one of the files below.
# include global/wordpress.conf;
# include global/wordpress-ms-subdir.conf;
# include global/wordpress-ms-subdomain.conf;
}
I just tried adding another one, very similar just with different domain and root. And that particular one, also getting redirected to the same first vhost on the list.
At this point, I have no idea where and what should I looks for.

This is an example of default NGINX config for prevent redirects to the first of the existing virtual hosts .
### Block all illegal host headers. Taken from a discussion on nginx
### forums. Cf. http://forum.nginx.org/read.php?2,3482,3518 following
### a suggestion by Maxim Dounin. Also suggested in
### http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names.
server {
listen 80 default_server; # IPv4
#listen [::]:80 default_server ipv6only=on; # IPv6
server_name _;
server_name "";
return 444;
}

Nginx + Passenger 403 error

I have a hybrid php/Rails app sitting on one AWS ec2 server. I am hosting a Mediawiki installation and using Rails as a frontend to it. For the Rails app, I am using Passenger as a server. I would like location / to serve the Rails app, and anything at location /w or any .php files to be served by Mediawiki (php5-fpm).
I used to have a working configuration, but it was hacked together and I would like to refactor it.
My current working implementation gives me a 403 Forbidden error when I try to access the Rails app at /.
The error I get (from rails_error.log): 2017/10/24 20:08:31 [error] 14947#14947: *2 directory index of "/var/www/myapp/public/" is forbidden, client: xx.yy.zz.aa, server: myapp.amazonaws.com, request: "GET / HTTP/1.1", host: "myapp.amazonaws.com"
I would like to be able to access only the Rails app at / for now; I am not focused on the php5-fpm configurations yet.
Here are my .conf files:
sites-available/myapp.conf:
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=mw_cache:10m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name myapp.com;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
root /var/www/myapp/public;
passenger_enabled on;
location /w {
alias /var/www/mediawiki-1.28.0;
index index.php index.html index.htm;
charset utf-8;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_cache mw_cache;
fastcgi_cache_valid 200 60m;
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:7777;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
error_log /var/log/nginx/mediawiki_error.log;
access_log /var/log/nginx/mediawiki_access.log;
}
error_log /var/log/nginx/rails_error.log;
access_log /var/log/nginx/rails_access.log;
}
nginx.conf:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
passenger_root /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/gems/passenger-5.1.1;
passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/wrappers/ruby;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I have a suspicion it has to do with how Passenger is installed or running, or it could be that I am running Passenger not as www-data but as ubuntu.
/var/www/myapp/ is also owned by ubuntu, though I have tried chown -R www-data /var/www/myapp and chown -R ubuntu:www-data /var/www/myapp to no avail.
Does anyone have any pointers from here?
Thanks.

Your config works for me: the app is started successfully, at least, if I start Nginx as root (how it usually is done).
Note that the user directive from your config tells Nginx what user to run its workers as, it does not specify what user to run the Passenger core as (that is inherited from what Nginx was started with).
My pointers would be as follows:
Usually the first thing to do is to check the logs.
Your config declares logfiles, but doesn't set the top level error log, so you're missing the Passenger log output.
To solve this, move the error_log /var/log/nginx/error.log; to above the http { line in your nginx.conf.
If needed, you can also set passenger_log_level 7; (in the http block) to get very detailed logs.
By changing the log level and observing the result you can also ensure that the config you think is being used, is actually the one that is used, on the URL that you are querying (i.e. you can see requests coming in).
Passenger has some troubleshooting tools, e.g. passenger-status can be used to inspect if it's running successfully. Note that you haven't declared a passenger_pre_start url, so your app won't be started by Passenger until the first request is routed to it.

Base URLs like example.com not working in NGinx

I have 12 sites that I plan to run on a single server that has NGinx and php5-fpm on it. I set them all up using one server block per conf file, all included by the main nginx.conf file. It's a mix of Wordpress, PhpMyAdmin, and PHP sites. The wordpress and PhpMyAdmin sites are working fine, but the PHP sites are not. Meaning, when I pull up example.com, Chrome says connection refused, and there's no trace of an incoming connection on NGinx logs. test.example.com pulls up the default site(because I didn't configure test.example.com then) at the same time.
I copied the nginx configs from the working sites to set up the sites that are not working, but no luck. The only difference in nginx config between the working and non-working sites are the server_name directive.
After checking and rechecking for over 2 hours, I found out that the sites that have the server_name as pqr.example.com work, but the ones with example.com don't. All of the working sites are configured to use subdomain URLs, and that's probably why they're working.
My questions are -
1. What am I missing in the config to make the abc.com work ?
2. I have two sites, example.com and example.net that I'm trying to run on the same server. Is that going to be a problem for NGinx ?
3. Does Nginx have a problem with differentiating between example.com, test.example.com, and example.net ?
4. I also noticed that if www.example.net works, www.example.com doesn't and vice versa, which means I have to assign each site that has the name abc in it different subdomains like www.example.net and test.example.com. Is this a standard/expected behavior of Nginx, or am I missing something ?
5. All of my base URLs auto redirect from http://example.com to http://www.example.com; How do I find out where that redirect is happening ?
Below are the Nginx config files that I'm having problems with, truncated to include the important parts; Please let me know if more info is needed.
Main nginx.conf file -
user www-data www-data;
pid /var/run/nginx.pid;
worker_processes 4;
worker_rlimit_nofile 100000;
events {
worker_connections 4096;
include /etc/nginx.custom.events.d/*.conf;
}
http {
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log crit;
.......
server_tokens off;
include proxy.conf;
include fcgi.conf;
include conf.d/*.conf;
include /etc/nginx.custom.d/*.conf;
}
include /etc/nginx.custom.global.d/*.conf;
Here is the full working .conf file for a blog that works. All other sites have this full config, since they are just basic PHP sites.
server {
listen *:80;
server_name blog.example.com;
access_log /var/log/nginx/blog-example.access.log;
error_log /var/log/nginx/blog-example.error.log;
root /var/www/example/blog;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ [^/]\.php(/|$) {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-blog-example-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here's the truncated .conf file for example.com
server {
listen *:80;
server_name example.com www.example.com test.example.com;
access_log /var/log/nginx/examplecom.access.log;
error_log /var/log/nginx/examplecom.error.log;
root /var/www/example/com;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
........
location ~ [^/]\.php(/|$) {
......
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-examplecom-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here's the truncated file for example.net
server {
listen *:80;
server_name example.net www.example.net test.example.net;
access_log /var/log/nginx/examplenet.access.log;
error_log /var/log/nginx/examplenet.error.log;
root /var/www/example/net;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
........
location ~ [^/]\.php(/|$) {
......
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-examplenet-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

Meaning, when I pull up example.com, Chrome says connection refused, and there's no trace of an incoming connection on NGinx logs. test.example.com pulls up the default site(because I didn't configure test.example.com then) at the same time.
Well, your server is listening. Chances are you haven't configured your DNS records correctly, or there is DNS caching. Set your host file to test this theory.