Jay Taylor's notes

back to listing index

Proxy (nginx) shows a Bad gateway error

[web search]
Original source (unix.stackexchange.com)
Tags: nginx oracle-enterprise-linux-7 se-linux unix.stackexchange.com
Clipped on: 2018-10-02

I have a service (docker registry) that runs on port 5000, I have installed nginx to redirect http request from 8080 to 5000. If I make a curl to localhost:5000 it works, but when I make a curl to localhost:8080 I get a Bad gateway error.

nginx config file:

upstream docker-registry {
 server localhost:5000;
}

server {
 listen 8080;
 server_name registry.mydomain.com;

 proxy_set_header Host       $http_host; 
 proxy_set_header X-Real-IP  $remote_addr; 
 client_max_body_size 0; 
 chunked_transfer_encoding on;

 location / {

     proxy_pass http://docker-registry;
 }
 location /_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }
 location /v1/_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }

}

In /var/log/nginx/error.log I have:

[crit] 15595#0: *1 connect() to [::1]:5000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: registry.mydomain.com, request: "GET / HTTP/1.1", upstream: "http://[::1]:5000/", host: "localhost:8080"

Any idea?

asked Apr 17 '15 at 16:21
hellb0y77
77661938
  • In my case, my service that I was proxying died (and I didn't realize it) in the middle of me using it. One second I was accessing it, the next second I got bad gateway. I had to restart the service. – Michael Plautz Feb 18 '17 at 4:17

I assume its a Linux box, so most likely SELinux is preventing the connection as there is no policy allowing the connection.

You should be able to just run

# setsebool -P httpd_can_network_connect true

and then restart nginx.

answered Apr 27 '15 at 0:50
Warren
43132

Based on the error message, it makes me wonder if localhost:5000 is being resolved as an ipv6 address, which you may not want. You could try changing that to 127.0.0.1:5000

EDIT: In your proxy_pass line, it is possible you are missing part of the URL? Try adding $request_uri so it could be:

proxy_pass http://docker-registry/$request_uri;

or probably:

proxy_pass http://docker-registry$request_uri;

Not sure which one is most correct.

Another thing to consider. Your config indicates:

server_name registry.mydomain.com;

So, localhost:8080 may not be matched. For testing, you could change this to:

server_name registry.mydomain.com localhost;

Then the localhost:8080 would be matched, as well as your domain. I assume registry.mydomain.com is just an example and you would put your real server FQDN in there.

answered Apr 18 '15 at 4:16
Gregor
548211
  • Not work, set 127.0.0.1:5000and i have tried with only server_name localhost and server_name registry.mydomain.com (trying from another server in the same lan with hostname registry.mydomain.com in /etc/hosts), and both, but nothing...same error – hellb0y77 Apr 18 '15 at 7:21
  • Whit registry.mydomain.com [crit] 16839#0: *5 connect() to 127.0.0.1:5000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: registry.mydomain,com request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "localhost:8080", with localhost: [crit] 16839#0: *5 connect() to 127.0.0.1:5000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "localhost:8080" – hellb0y77 Apr 18 '15 at 7:30

Your Answer

 
community wiki

Not the answer you're looking for? Browse other questions tagged or ask your own question.

asked

3 years, 5 months ago

viewed

37,386 times

active

3 years, 5 months ago

Hot Network Questions

Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group.

This site is not affiliated with Linus Torvalds or The Open Group in any way.