nginx: connect() failed (111: Connection refused) while connecting to upstream - php

Trying to deploy my first portal .
I am getting 502 gateway timeout error in browser when i was sending the request through browser
when i checked the logs , i got this error
2014/02/03 09:00:32 [error] 16607#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 14.159.131.19, server: foo.com, request: "GET HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "22.11.180.154"
is there any problem related to permissions

I don't think that solution would work anyways because you will see some error message in your error log file.
The solution was a lot easier than what I thought.
simply, open the following path to your php5-fpm
sudo nano /etc/php5/fpm/pool.d/www.conf
or if you're the admin 'root'
nano /etc/php5/fpm/pool.d/www.conf
Then find this line and uncomment it:
listen.allowed_clients = 127.0.0.1
This solution will make you be able to use listen = 127.0.0.1:9000 in your vhost blocks
like this: fastcgi_pass 127.0.0.1:9000;
after you make the modifications, all you need is to restart or reload both Nginx and Php5-fpm
Php5-fpm
sudo service php5-fpm restart
or
sudo service php5-fpm reload
Nginx
sudo service nginx restart
or
sudo service nginx reload
From the comments:
Also comment
;listen = /var/run/php5-fpm.sock
and add
listen = 9000

I had the same problem when I wrote two upstreams in NGINX conf
upstream php_upstream {
server unix:/var/run/php/my.site.sock;
server 127.0.0.1:9000;
}
...
fastcgi_pass php_upstream;
but in /etc/php/7.3/fpm/pool.d/www.conf I listened the socket only
listen = /var/run/php/my.site.sock
So I need just socket, no any 127.0.0.1:9000, and I just removed IP+port upstream
upstream php_upstream {
server unix:/var/run/php/my.site.sock;
}
This could be rewritten without an upstream
fastcgi_pass unix:/var/run/php/my.site.sock;

I faced the same issue in Centos 8.
In this file /etc/nginx/default.d/php.conf I just replaced the below line, and it works perfectly.
#orignal line
fastcgi_pass 127.0.0.1:9000;
#replaced with
fastcgi_pass unix:/run/php-fpm/www.sock;

This may be useful for someone:
If you have multiple versions of PHP installed e.g 8.0 and 7.4 on your mac, and you have tried several options and still gets a 502 Gateway error, trying check how your valet connects with your PHP version and Nginx.
from terminal run valet use php#7.4 if that's the version you use.
The current version will be unlinked and the new version linked then Nginx and php#7.4 will be restarted.

Related

I recieve a file instead of access PhpMyAdmin page

When I installed Php, PhpMyAdmin and Nginx, I recievied this file with these code file instead of access to
http://localhost:80/phpmyadmin
<?php
declare(strict_types=1);
use PhpMyAdmin\Routing;
if (! defined('ROOT_PATH')) {
// phpcs:disable PSR1.Files.SideEffects
define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
// phpcs:enable
}
global $route, $containerBuilder;
require_once ROOT_PATH . 'libraries/common.inc.php';
$dispatcher = Routing::getDispatcher();
Routing::callControllerForRoute($route, $dispatcher, $containerBuilder);
I've done like this
phpmyadmin 404 error in nginx
to fix the 404 error but after that I've received error above.
Sorry for my bad English.
Step 1: you need to check status of nginx server with command line:
sudo service nginx status
If nginx server not active,try to restart nginx server with command line sudo service nginx restart
If you see failed, let's check what program is running on port 80 (let's me know in the comment). The common error is caused by the apache2 server running on port 80 (If this is true, go to the next step).
Step 2: The are two solution for you
1, Stop server apache2 with this commana line:
sudo service apache2 stop
Restart nginx server:
sudo service nginx restart
Check status nginx server again, it's should be ok right now.
2, Change port apache2
You need to change two file /etc/httpd/conf/httpd.conf and /etc/apache2/ports.conf
For example, I change port apache2 from 80 to 8888:
sudo nano /etc/apache2/ports.conf and change Listen 80 to Listen 8888
sudo nano /etc/apache2/ports.conf and change <VirtualHost: *:80> to <VirtualHost: *:8080>
After that, restart the apache2 server and nginx server:
Restart apache2 server: sudo service apache2 restart
Restart nginx server: sudo service nginx restart
Please leave comment if anything you want to ask.

nginx: connect() failed (111: Connection refused) while connecting to upstream - after update nginx -

After update nginx to version 1.19 my web server stop to work.
I am getting 502 gateway timeout error in browser when i was sending the request through browser
when i checked the nginx error log, i got this error
2021/03/24 06:25:50 [error] 56837#56837: *7775 connect() failed (111: Connection refused) while connecting to upstream, client: 85.208.98.19, server: bienestarmutuo.org, request: "GET /ten-principles-of-the-new-education/ HTTP/1.1", upstream: "fastcgi://10.64.10.43:8050", host: "mutualwelfare.org"
After many hours trying to find the source of the problem (many install and purge)
The problem was, for me, the use of different port "name" in nginx and php.
in php (/etc/php/8.0/fpm/pool.d/bienestarmutuo-org8050.conf) i have
listen = localhost:8050
in nginx (/etc/nginx/sites-available/bienestarmutuo.org.conf) i have
fastcgi_pass 10.64.10.43:8050;
This was changed to:
in nginx
fastcgi_pass 127.0.0.1:8050;
in php
listen = 127.0.0.1:8050
restart php and nginx, everything Work again.
note: use of 127.0.0.1 instead of localhost, save an DNS lookup.
the solution for me, was use the same reference for the ip:port in both php and nginx -> 127.0.0.1

Configuration Issues: multi-domain auto SSL from LetsCncrypt using OpenResty & lua-resty-auto-ssl

Please excuse lengthy write up - I would really appreciate any help in following regard.
I am trying to setup multi tenant subdomain + custom domain with SSL using LetsEncrypt:
(some will use subdomain some will use custom domain)
https://customer1.myapp.com
https://customer2.myapp.com
https://customer1.com (customer sets up A/CNAME recoreds at his DNS provider)
I am on EC2 instance using Ubuntu OS with username 'ubuntu'.
I learned from following tutorials:
https://sandeep.dev/how-we-generate-and-renew-ssl-certs-for-arbitrary-custom-domains-using-letsencrypt-cjtk0utui000c1cs1f7y9ua5n
https://www.digitalocean.com/community/tutorials/how-to-use-the-openresty-web-framework-for-nginx-on-ubuntu-16-04
https://sandro-keil.de/blog/openresty-nginx-with-auto-generated-ssl-certificate-from-lets-encrypt/
I have successfully done following:
Installed build-essential on server
Install OpenResty (Comes with its own Nginx & OpenSSL)
Install LuaRocks
Install lua-resty-auto-ssl
Created directory for resty auto ssl
sudo mkdir /etc/resty-auto-ssl
sudo chown -R ubuntu /etc/resty-auto-ssl
sudo chown -R www-data /etc/resty-auto-ssl
chmod -R 777 /etc/resty-auto-ssl/
Created Fallback Self-signed Certificate which expires in 3600 days
This is my starter conf file (/usr/local/openresty/nginx/conf/nginx.conf)
(I would refine it further to suite my redirect & security needs)
#user nginx;
error_log /usr/local/openresty/nginx/logs/error.log warn;
events {
worker_connections 1024;
}
http {
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:set("dir", "/etc/resty-auto-ssl")
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
# access_log /usr/local/openresty/nginx/logs/access.log main;
server {
listen 443 ssl;
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
root /var/www/myapp.com/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# location ~ \.php$ {
# include snippets/fastcgi-php.conf;
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# fastcgi_read_timeout 600;
# }
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name *.myapp.com myapp.com;
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
location / {
return 301 https://myapp.com$request_uri;
}
}
server {
listen 8999;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
I am facing multiple issues like:
Cant mention user in nginx config - still works without it also
Trying to mention user in 1st line of config files gives me error.
So i commented it out and tried to caryy on anyways
Dehydrated Failure but certificate is created
keep getting following error in my log:
lets_encrypt.lua:40: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=XXXX HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain myapp.com --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
But it still goes on & does create a certificate after which it gives random number generator error.
Sometimes, if I delete everything inside /etc/resty-auto-ssl - it dosent give me such errors.
Can't find OpenSSL random number generator
I keep getting following error in my log:
Can't load ./.rnd into RNG
random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=./.rnd
curl: (22) The requested URL returned error: 500 Internal Server Error
PHP-FPM on nginx provided with OpenResty
I have properly installed php-fpm and have tested it when using nginx standalone.
But, now that I am using nginx provided with openresty, it dosent seem to work
Error (Shown when tested config using: nginx -t command):
"/usr/local/openresty/nginx/conf/snippets/fastcgi-php.conf" failed (2: No such file or directory)
Failed to create certificate
Sometimes this error is followed by error in above point number 2:
auto-ssl: could not get certificate for myapp.com - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 123.201.226.209, server: 0.0.0.0:443
set_response_cert(): auto-ssl: failed to set ocsp stapling for xxxx.myapp.com - continuing anyway - failed to get ocsp response: OCSP responder query failed (http://ocsp.int-x3.letsencrypt.org): no resolver defined to resolve "ocsp.int-x3.letsencrypt.org", context: ssl_certificate_by_lua*, client: 123.201.226.209, server: 0.0.0.0:443
connect() to unix:/run/php/php7.4-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 123.201.226.209, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "xxxx.myapp.com"
When trying to access customer1.com whoes A record points to myapp.com server IP
"Error creating new order :: Cannot issue for \"X.X.X.X\": The ACME server can not issue a certificate for an IP address"
ssl_certificate.lua:281: auto-ssl: could not determine domain for request (SNI not supported?) - using fallback - , context: ssl_certificate_by_lua*, client: 45.148.10.72, server: 0.0.0.0:443
... where x.x.x.x is A recored for customer1.com whch was opened from browser
I have following confusions:
Should I get one proper (paid) wildcard positive ssl certificate for myapp.com ? (And use it as fallback)
This covers all my subdomain and I won't have to deal with limits on subdomain by letsencrypt.
This way I only have to use lets encrypt for custom domains like customer1.com
I am not sure if my users & permission are properly set up - any pointers would help
I would wish my final nginx config to fulfill following needs
Redirect http://myapp.com & http://www.myapp.com to -> https://myapp.com
Redirect https://www.myapp.com to -> https://myapp.com
Redirect http://customer1.com & http://www.customer1.com to -> https://customer1.com
And then on my acutal ssl server block - write all logic for auto ssl generation
It is somewhat hard to answer all these question, so I'll attempt to answer part of 5 & 6. I have setup open resty myself in a prod environment, see link.
I ran into this OCSP stapling issue. I found that it was resolved by adding this to my NGINX config:
# A DNS resolver must be defined for OSCP stapling to function.
resolver 172.20.0.10 ipv6=off;
Regarding question 6, I would suggest that customer1.com should be a CNAME to myapp.com.
I would also recommend using as a base the openresty docker image, or at least a reverse engineered version of the docker image into an EC2 instance. Here is my dockerfile:
FROM openresty/openresty:latest-xenial
RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl
RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-http
RUN apt-get update
RUN apt-get install -y dnsutils
RUN openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt
ADD nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
Hopefully this is helpful.

Nginx Error is Resulting in 502 Bad Gateway

I have an AWS EC2 instance which is running Ubuntu. When I go into my error logs I have this one right here. What does this mean and how can I fix it?
This is from my error.log file:
2019/09/05 18:01:02 [crit] 991#991: *46 connect() to unix:/var/run/php/php7.2-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 64.223.223.8, server: _, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host: "thewildwear.com"
Your Nginx server not able to communicate with php7.2-fpm either the path /var/run/php/php7.2-fpm.sock is not valid or the php7.2-fpm is not running.
Check if PHP is running.
sudo systemctl status php7.2-fpm
verify the path if it existls -l /var/run/php/php7.2-fpm.sock
If not exist then try to find the exact file under php cd /var/run/php/ and ls you will see
php7.*-fpm.pid php7.*-fpm.sock
update the /etc/nginx/sites-available/default and changed "fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;" line to "fastcgi_pass unix:/var/run/php/php7.{after ls}-fpm.sock;".
You can check this GitHub issue and here.

nginx: 502 error: connect() failed (111: Connection refused) with vagrant

I'm experiencing 502 gateway errors when accessing my site on 127.0.0.1:8000
Working with Vagrant and ubuntu with nginx, trying to install Magento 2.0. After a lot of bugfixxing I still have this 502 error.
Config:
Ubuntu 14.04 (ubuntu/trusty64 box)
Php 5.6.18 from ppa
Nginx 1.8.1
Error log:
connect() failed (111: Connection refused) while connecting to upstream, client: 10.0.2.2, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:7777", host: "127.0.0.1:8000", referrer: "http://127.0.0.1:8000/"
VagrantFile config: http://pastebin.com/rMSTmwJn
my /etc/php5/pool.d/vagrant.conf (and www.conf) file: http://pastebin.com/hHnFrf55
my /etc/nginx/sites-available/default file: http://pastebin.com/0mwR7CxY
which includes this magento nginx config file: https://github.com/magento/magento2/blob/develop/nginx.conf.sample (no edits)
Also have I edited the user and group in www.conf to 'vagrant'
I'm really stuck on this one. Hope you guys can help! If you need more information, please let me know.
I think the problem is occur in your nginx config. It only serves your localhost, but you are trying to access from physical, or another virtual machine. Try to add public domain name.
also add 10.0.2.2 public.domain to client's /etc/hosts file. And change below config's related line as server_name localhost public.domain;
server {
listen 80;
server_name localhost public.domain;
set $MAGE_ROOT /var/www/magento2;
set $MAGE_MODE developer;
include /vagrant/magento2/nginx.conf.sample;
}
After some more struggling I found out with php5-fpm -t and nginx -t I had an error in my /etc/php5/pool.d/vagrant.conf file rule 1 (:1). I change vagrant to [vagrant].
Next I got the following error from php5-fpm -t: Both www.conf and vagrant.conf serve on port :7777. Makes sense, so I changed www.conf to listen :9000 and everything is working! Thanks for the effort.
These answers got me close, but weren't my exact problem.
For those interested I'm using Windows 10 with Vagrant - 1.9.3 (laravel/homestead) box.
I was using this in my nginx config:
fastcgi_pass 127.0.0.1:9000;
I recently changed it to this:
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;

Categories