502 Bad Gateway, nginx

Aseknet

Hi Experts,

Really need your help now.
Running latest pfSense on an Intel NUC and this issue has been escalating.
The latest year I started to get “502 Bad Gateway, nginx”.
Often this can be solved by using SSH and select option “16. Restart PHP-FFM”.
After 15 to 60 minutes, I am back with the same problem, often even WAN connection drops.

Tried guides on Internet that suggests to disable different widgets but with no success.

Any ideas what to look for and what logs to check to solve this?

I have many years of configurations and would not like to start from scratch.
Tried a new installation and imported my configurations and still had these issues.

Thanks,
Asenet

stephenw10

Check the system logs. Check the nginx logs in /var/log.

You are running 2.5.2?

Have you been running it for some time and this just started?

Steve

Aseknet

@stephenw10,
Running 2.5.2
I think this behaviour started with this version but happened quite seldom.
It is in the last month it has escalated to a real problem for me.

Need some guidance to read the logs (not an linux guy).
I manager to goto cd /var/log
Then i cannot use dir to see the files.
How to see the files and then read the logs?

Thanks,
Aseknet

fireodo

@aseknet said in 502 Bad Gateway, nginx:

How to see the files and then read the logs?

ls (to see the files in the directory)

cat <filename> (to see the content of the file)

stephenw10

Yes, the nginx logs need to be read manually like that. The main system log can be accessed in the gui though via Status > System Logs.

Aseknet

Thanks Guys for the help,

I can now open the nginx.log fine.
I restarted the PHP-FPM service so I could narrow down the time when this happens and find an error message that matches that timeframe, of course it has now been working for 2 hours when trying to chase it...
Will come back when I catch the problem in the log.

Thanks,
Aseknet

Aseknet

Hi Guys,

Everything seemed to work until today when I logged on pfSense.
After some minutes I got a freeze, 502 Bad Gateway, this is what the logs say:
Seems like the widgets are involved.

Replaced the actual IPs with ClientIP and pfSenseIP.

Nov 18 17:06:30 pfSense nginx: 2021/11/18 17:06:30 [error] 83498#100152: *2302 connect() to unix:/var/run/php-fpm.socket failed (61: Connection refused) while connecting to upstream, client: ClientIP, server: , request: "GET /widgets/widgets/snort_alerts.widget.php?getNewAlerts=1637251590358 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "pfSenseIP", referrer: "http://pfSenseIP/"

Nov 18 17:06:30 pfSense nginx: ClientIP - - [18/Nov/2021:17:06:30 +0100] "GET /widgets/widgets/snort_alerts.widget.php?getNewAlerts=1637251590358 HTTP/1.1" 502 552 "http://pfSenseIP/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"

Nov 18 17:06:35 pfSense nginx: 2021/11/18 17:06:35 [error] 83498#100152: *2302 connect() to unix:/var/run/php-fpm.socket failed (61: Connection refused) while connecting to upstream, client: ClientIP, server: , request: "GET /widgets/widgets/pfblockerng.widget.php?getNewWidget=1637251595359 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "pfSenseIP", referrer: "http://pfSenseIP/"

Nov 18 17:06:35 pfSense nginx: ClientIP - - [18/Nov/2021:17:06:35 +0100] "GET /widgets/widgets/pfblockerng.widget.php?getNewWidget=1637251595359 HTTP/1.1" 502 552 "http://pfSenseIP/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"

And to resolve this the solution was:
Using SSH and select option “16. Restart PHP-FFM”
Usually this works but sometimes a reboot of pfSense is needed.

Thanks,
Asknet

Bambos

Hello everyone,

i run to the same problem with version 2.6.0.
502 bad gateway nginx.

Do we have some updates about that ? what is recommended ?

stephenw10

Upgrade to the current version, 2.7.2.

Aseknet

Sadly I never got around this after a huge amount of time for a fix, not even in 2.7.2 so I turned to OPNsense instead of waiting for 2.8.0.
Missing some features from pfSense, but now I don’t have issues anymore to access the interface.
Loved pfSense and the community but this was a big issue for me :(

stephenw10

Hmm, odd. We don't really see that in 2.7.2 any longer. I used to be a much bigger issue. It pretty much always implies some php process running away though.