I setup nginx as a reverse proxy for my apache tomcat. It works normally as I expected. However, I got confused when NGINX is always returning a 502 Bad Gateway when the Apache Tomcat server is down. Instead of returning a 504 Bad Gateway timeout?
502 Bad Gateway:
The server was acting as a gateway or proxy and received an invalid response from the upstream server.504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
keepalive_timeout 65;
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen *:80;
return 301 https://$host:443$request_uri;
}
server{
listen *:443; #Ip of client
# Specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.
client_max_body_size 1024M;
# ssl config
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
# for proxy timeout
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# not cache authorization
proxy_no_cache $http_pragma $http_authorization;
location /wss {
rewrite ^.*\/wss\/(?<api>.*) /$api break;
proxy_pass http://127.0.0.1:8071;
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 1d;
proxy_send_timeout 1d;
}
location / {
proxy_buffering off;
proxy_pass http://127.0.0.1:8071;
}
}
}
Error log when accessing:
2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111:
Connection refused) while connecting to upstream, client:
192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111:
Connection refused) while connecting to upstream, client:
192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
Can anyone explain why the NGINX returns a 502 HTTP error instead of a 504?
Or, are there problems with my configuration?
I think, I missed.
504 only happen when NGINX can't forward request to proxied server but the proxied server doesn't response in time as NGINX expected.
In my case:
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
So in case of Proxied Server is down, NGINX will respond with the HTTP error code 502, 503?
Best Answer
By default, the SELinux configuration does not allow NGINX to connect to a remote web, fastCGI, or other server. You can set permissive mode with setenforce 0 to check whether SELinux is to blame. If it is, All you have to do is use audit2allow to generate a set of policy rules that would allow the required actions:
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
After that, remember to enable SELinux again with setenforce 1.
For more about that, you can see this acticle.