About a month ago I configured a Digital Ocean Droplet to forward all requests to mydomain.com to Webflow (a no-code site-builder) and any requests to mydomain.com/api/v1 to the Node.js backend running on the same Droplet.
Everything was working, but today I went to the site and got a 502 Bad Gateway Nginx error, and I'm not sure why. Whenever I try and connect, I get these errors:
2022/10/16 19:52:44 [error] 1571#1571: *7 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: ipAddress, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "https://ipAddress:443/", host: "mydomain.com"
2022/10/16 19:52:45 [error] 1571#1571: *7 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: ipAddress, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "https://ipAddress:443/", host: "mydomain.com"
2022/10/16 19:52:45 [error] 1571#1571: *7 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: 162.229.177.82, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "https://ipAddress:443/", host: "mydomain.com"
2022/10/16 19:52:45 [error] 1571#1571: *7 no live upstreams while connecting to upstream, client: ipAddress, server: mydomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://webflow/favicon.ico", host: "mydomain.com", referrer: "https://example.com/"
For privacy I've changed any IP addresses to "ipAddress" and the host to "mydomain.com". What do these errors mean, and what are some potential fixes?
If it helps, my Nginx sites-available file looks like this:
upstream webflow {
server proxy-ssl.webflow.com:443;
}
resolver 8.8.8.8 8.8.4.4;
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain.com www.mydomain.com;
location / {
proxy_pass https://webflow;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
}
location /api/v1/ {
proxy_pass http://dropletIp:3001;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Related
Trying to deploy my node js api onto digital ocean using ngnix i can log into my server through ssh fine, Its only when i try to access my server from a browser i get a 502 error i run logs on the command line and this is what is logged to the console
2022/03/28 16:14:37 [error] 1312008#1312008: *20 connect() failed (111: Connection refused) while connecting to upstream, client: 192.53.170.243, server: telebotstools.io, request: "GET / HTTP/1.1", upstream: "http://[::1]:5000/", host: "188.166.14.11"
2022/03/28 16:30:25 [error] 1399533#1399533: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 71.183.157.83, server: telebotstools.io, request: "GET / HTTP/1.1", upstream: "http://[::1]:8080/", host: "telebotstools.io"
2022/03/28 16:30:25 [error] 1399533#1399533: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 71.183.157.83, server: telebotstools.io, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "telebotstools.io"
2022/03/28 16:35:41 [error] 1399533#1399533: *4 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 71.183.157.83, server: telebotstools.io, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "telebotstools.io"
2022/03/28 16:36:41 [error] 1399533#1399533: *4 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 71.183.157.83, server: telebotstools.io, request: "GET / HTTP/1.1", upstream: "http://[::1]:8080/", host: "telebotstools.io"
I've tried to troubleshoot the problem with no luck
I have restarted the server checked logs rewritten my config file multiple times with no luck
i followed this url to the T and i still cant seem to trouble shoot the problem
server {
listen 80 default_server;
listen [::]:80 default_server;
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name telebotstools.io www.telebotstools.io;
location / {
proxy_pass http://localhost:8080; #whatever port your app runs on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
Thanks in advance
I have a node.js (+Express) application hosted on ubuntu 16.04 machine serving a http web application and an nginx reverse proxy serving a https server (proxying requests to my node application to port 8080). When somebody is using my web app via the browser, after a couple of requests sent back and forth between the browser and the server, the applications stops responding and returns a 502 bad gateway response.
From what I read about upstream errors in nginx, the fault lies probably with the node.js application and bad error handling - server crashing and restarting. Unfortunately there is nothing in my node logs, the logs just "fall silent" at one point and log nothing. So I am frankly at a loss at how to debug the issue. I do have an error handler set up in my node app - setup as a middleware, the last to be used by the express app.
One other thing I find very weird is that when I get a 502 bad gateway in chrome (after 2mins of app hanging/loading), the site just won't load or reload. But when I open the site in chrome incognito, I manage to open the landing page, go to login page and send a POST request with login details. Only after that do the app hang (and send a 502 bad gateway, after about 2mins). And when I use chrome incognito the logs do show some request, the last one is usually
GET /js/24.a34f9a13b9032f4d89b4.chunk.js HTTP/1.1 then the log goes silent again. (So express never receives the POST request with login data)
Could anyone point me in the right direction to find and fix that problem? Please be patient with me, since I am mostly a beginner in web development.
Below is the error from nginx logs:
2018/03/28 17:34:45 [error] 19696#19696: *2078 connect() failed (111: Connection refused) while connecting to upstream, client: 91.89.32.129, server: dashboard.hsseowayds.com, request: "GET /assets/css/font-awesome.min.css HTTP/1.1", upstream: "http://[::1]:8080/assets/css/font-awesome.min.css", host: "dashboard.hsseowayds.com", referrer: "https://dashboard.hsseowayds.com/"
2018/03/28 17:34:50 [error] 19696#19696: *2036 upstream prematurely closed connection while reading response header from upstream, client: 91.89.32.129, server: dashboard.hsseowayds.com, request: "POST /auth/login HTTP/1.1", upstream: "http://127.0.0.1:8080/auth/login", host: "dashboard.hsseowayds.com", referrer: "https://dashboard.hsseowayds.com/"
2018/03/28 17:34:50 [error] 19696#19696: *2036 no live upstreams while connecting to upstream, client: 91.89.32.129, server: dashboard.hsseowayds.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://localhost/favicon.ico", host: "dashboard.hsseowayds.com", referrer: "https://dashboard.hsseowayds.com/auth/login"
I also did a tcpdump for ports 80, 443 and 8080 for all interfaces (both ethernet and loopback) when I was using chrome incognito during the issues with the server and tried to use wireshark to figure out what was wrong, but had no success. (I also used wireshark to caputure the traffic between my computer and the server which yielded nothing helpful to me either). The tcpdump command I used was:
sudo tcpdump -l -w tcpdump_any_fail_1832.pcap -tttt -i any -s0 port 80 or port 443 or port 8080
If anyone wants to have a look, here is a screenshot from wireshark and the .pcap file I can send you privately (I changed the login data inside), since I don't think I can attach it here:
wireshark screenshot
And this is my nginx file from sites-availables:
server {
listen 80;
server_name dashboard.hsseowayds.com dashboard.hsseowayds.com;
return 301 https://dashboard.hsseowayds.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name dashboard.hsseowayds.com;
ssl on;
ssl_certificate /etc/nginx/ssl/dashboard.hsseowayds.com/rapidSSL.crt;
ssl_certificate_key /etc/nginx/ssl/dashboard.hsseowayds.com/ssl_private_key.pem;
ssl_session_timeout 180m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:20m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
underscores_in_headers on;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection '';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 160s;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
}
Ive got a rpi2 running node.js with an app configured via .env on port 442. Nginx is configured to serve https with letsencrypt certificate. I tried the node app by itself on http and it responded fine. I tried the served index.html on https on nginx from my mac on the lan and it worked fine. The issue is now that Im trying to combine them.
Im test posting from hurl.it but getting a bad gateway error and the error log on nginx for the site says:
POST /API/switches/sw1?password=123456 HTTP/1.1", upstream:
"http://192.168.1.53:442/50x.html", host: "subdomain.domain.com"
2017/04/23 20:08:38 [error] 20424#0: *4 upstream prematurely closed
connection while reading response header from upstream, client:
192.168.1.56, server: subdomain.domain.com, request: "GET /aism/ HTTP/1.1", upstream: "http://192.168.1.53:442/aism/", host:
"subdomain.domain.com" 2017/04/23 20:08:38 [error] 20424#0: *4
upstream prematurely closed connection while reading response header
from upstream, client: 192.168.1.56, server: subdomain.domain.com,
request: "GET /aism/ HTTP/1.1", upstream:
"http://192.168.1.53:442/50x.html", host: "subdomain.domain.com"
2017/04/23 20:09:25 [error] 20467#0: *1 upstream prematurely closed
connection while reading response header from upstream, client:
23.20.198.108, server: subdomain.domain.com, request: "POST /API/switches/sw1?password=123456 HTTP/1.1", upstream:
"http://192.168.1.53:442/API/switches/sw1?password=123456", host:
"subdomain.domain.com"
Here is my site config:
#server {
# listen 80;
# listen [::]:80;
# server_name subdomain.domain.com;
# return 301 https://$server_name$request_uri;
#}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name subdomain.domain.com;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;
root /www/subdomain.domain.com/aism;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Error & Access logs
error_log /www/subdomain.domain.com/logs/error.log error;
access_log /www/subdomain.domain.com/logs/access.log;
location / {
index index.html index.php;
proxy_pass http://192.168.1.53:442;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.well-known {
allow all;
}
location /public {
root /www/subdomain.domain.com/aism;
}
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/) {
}
#location ~ [^/].php(/|$) {
# fastcgi_split_path_info ^(.+?.php)(/.*)$;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}
}
What is wrong with my config file for the site?
I am making muy posts on hurl.it to my router's public ip:
https://routerIP/API/switches/sw1?password=123456
that gets routed to 192.168.1.53:443 by my router
which according to the config file gets proxied to 192.168.1.53:442
I am trying to run a Node.js server (with socket.io) as a pub/sub server for my main app. I pushed it to the server and created a subdomain (with SSL). My client HTML page can load the socket.io/socket.io.js, but the WSS handshake dont work as expected:
WebSocket connection to
'wss://ws.example.com/socket.io/?EIO=3&transport=websocket&sid=ogEegJXhjFh5lplgAAAF'
failed: Error during WebSocket handshake: Unexpected response code: 502
I've got a SSL subdomain defined in my nginx like this:
server {
listen 80;
listen 443 default ssl;
server_name ws.example.com;
# ssl on;
ssl_certificate /etc/nginx/certificates/certificate-ws-example-com.crt;
ssl_certificate_key /etc/nginx/certificates/ws.example.com.key;
# Redirect all non-SSL traffic to SSL.
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
location / {
proxy_pass http://localhost:6969;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
access_log /var/log/nginx/example_production.access.log;
error_log /var/log/nginx/example_production.error.log;
}
}
And my Node.js (pm2) server responds me:
[error] 29726#0: *31 upstream prematurely closed connection
while reading response header from upstream,
client: 86.228.47.218,
server: ws.example.com,
request:
"GET /socket.io/?EIO=3&transport=websocket&sid=ogEegJXhjFh5lplgAAAF HTTP/1.1",
upstream:
"http://127.0.0.1:6969/socket.io/?EIO=3&transport=websocket&sid=ogEegJXhjFh5lplgAAAF",
host: "ws.example.com"
Quick breakdown -
Dev environment works properly. SSL Cert on local server, nginx configured for proxy pass on 443 traffic.
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
#proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
for some reason, version 1.1 never works (always tosses an error)
Again, Dev environment works properly.
Production environment is giving me the following error:
WebSocket connection to 'wss://website.com/sockjs/421/fin4cg38/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
I use a load balancer which has the SSL cert on it and we enforce SSL through our application.
Now, I checked the configuration of NGINX and I have it as follows:
server {
listen 80;
server_name www.website.com;
error_log /var/log/nginx/sites-error.log;
return 301 https://website.com$request_uri;
}
server {
listen 80 default_server;
server_name _;
location / {
proxy_pass http://localhost:3000;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
The way its set up is anything on 80 goes to 443, etc etc.
If I uncomment the proxy_set_headers, our sign up breaks and the chrome console doesn't show any errors.
error log has this:
2014/07/13 18:15:16 [error] 16175#0: *93 connect() failed (111: Connection refused) while connecting to upstream, client: 10.189.245.5, server: _, request: "POST /sockjs/421/wq2dqb2w/xhr_send HTTP/1.1", upstream: "http://[::1]:3000/sockjs/421/wq2dqb2w/xhr_send", host: "website.com", referrer: "https://website.com/signIn"
2014/07/13 18:15:42 [error] 16487#0: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 10.189.245.5, server: _, request: "GET /sockjs/120/95m6dozn/websocket HTTP/1.1", upstream: "http://[::1]:3000/sockjs/120/95m6dozn/websocket", host: "website.com"
2014/07/13 18:16:12 [error] 16487#0: *12 connect() failed (111: Connection refused) while connecting to upstream, client: 10.189.245.5, server: _, request: "GET /f1be3f98162c975fdc9524a0a222f9a02cc6dcde.js HTTP/1.1", upstream: "http://[::1]:3000/f1be3f98162c975fdc9524a0a222f9a02cc6dcde.js", host: "website.com", referrer: "https://website.com/signIn"
I'm not really sure what's going on. Any help would be awesome.
Thanks!