502 Bad Gateway
Closed this issue · 7 comments
Hi.
Can't get it to work.
I have my SSL elsewhere and use a proxy_pass to the ip of c2FmZQ-server, and get 502.
I use
EXPOSE 80
and
CMD ["-address=:80"]
in the Dockerfile.
Create the docker with:
docker run --detach --name=c2fmzq-server --network=proxynetwork -p 8099:80 --volume=/xxx/c2fmzq-server/data:/data --volume=/xxx/c2fmzq-server/secrets:/secrets:ro c2fmzq-server
docker logs -f c2fmzq-server
c2FmZQ-server/main.go:220] Starting server WITHOUT TLS
Files gets created:
ls /xxx/c2fmzq-server/data
06
86
EB
master.key
And in my nginx I have:
location / {
proxy_pass http://xxx.xx.xx.xx:8099;
}
Nginx log:
[error] 493#493: *47 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xx.xx.xx, server: xxxx.*, request: "GET /favicon.ico HTTP/2.0", upstream: "http://xxxx.xx.xx.xx:8099/favicon.ico", host: "xxxxxx.xxxxxx.xxx", referrer: "https://xxxxx.xxxxxx.xxx/v2/register/createAccount"
What am I missing?
First, the app doesn't try to access favicon.ico. So, I suspect you're testing it with a web browser? Regardless, there's a real problem because you shouldn't get connection refused.
The problem could be a number of things. Let's try to narrow it down a little bit.
What's the actually command line that's passed to c2fmzq-server:
$ docker exec -it c2fmzq-server ps auxw | grep c2fmzq-server
From the host where docker is running can you reach the c2fmzq-server?
$ curl http://xxx.xx.xx.xx:8099/
This should give you a 404 or a 302. If so, try to the same from the host where nginx is running.
Let's start with that.
Hi, thanks for the reply.
docker exec -it c2fmzq-server ps auxw | grep c2FmZQ-server
1 root 0:04 /app/bin/c2FmZQ-server -address=:80
curl -I xx.xx.xx.xx:8099
HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Mon, 13 Dec 2021 19:51:20
Hmm, I changed the proxy_pass port to 80 (again, tested that before), and now when I tried to create an account using the c2fmzq-client from a different computer, I got:
./c2FmZQ-client create-account
Enter database passphrase:
Enter server URL: https://xxx.xxxxxxx.xxx
Enter email: xxxxxxxx@xxxxxxxxxx.xxx
Enter password:
Account created successfully.
F1213 200357.575 c2FmZQ-client/main.go:18] request returned status code 502
And
docker logs -f c2fmzq-server
I1213 141843.518 c2FmZQ-server/main.go:220] Starting server WITHOUT TLS
I1213 200356.898 server/server.go:293] POST /v2/register/createAccount
and
./c2FmZQ-client status
Enter database passphrase:
Logged in as xxx@xxxxx.xxx on https://xxxxxx.xxxxxx.xxx.
Secret key is backed up.
Public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So it can create an account, but with the 502 error.
Similar to when I want to log out (apparently I can't):
./c2FmZQ-client logout
Enter database passphrase:
c2FmZQ-client/main.go:18] request returned status code 502
When I try to login on the compiled android app I get: "Error. Something went wrong durin login, please try again."
Or create an account, "Error, something went wrong, please try again."
So, the server is working and listening on port 80 inside the container, and it looks like it's reachable from outside the container as well.
Account created successfully.
F1213 200357.575 c2FmZQ-client/main.go:18] request returned status code 502
This is puzzling. What should happen is this:
- The account is created. That worked because we see "Account created successfully"
- The client should login. That failed with 502.
So, the gateway (nginx) looks flaky. Sometimes it passes the request. Sometimes it doesn't. What does the nginx logs say after the successful account creation and failed login?
Yeah, perhaps I need more location blocks in nginx?
location / {
proxy_pass http://xxx.xx.xx.xx:8099;
}
access:
xx.xx.xx.xx - - [13/Dec/2021:21:21:36 +0100] "POST /v2/register/createAccount HTTP/2.0" 200 50 "-" "Dalvik/2.1.0 (Linux; U; Android 9; moto x4 Build/PPWS29.69-39-6-4)"
xx.xx.xx.xx - - [13/Dec/2021:21:21:36 +0100] "POST /v2/login/login HTTP/2.0" 502 157 "-" "Dalvik/2.1.0 (Linux; U; Android 9; moto x4 Build/PPWS29.69-39-6-4)"
xx.xx.xx.xx - - [13/Dec/2021:21:28:09 +0100] "POST /v2/sync/getUpdates HTTP/2.0" 502 157 "-" "Dalvik/2.1.0 (Linux; U; Android 9; moto x4 Build/PPWS29.69-39-6-4)"
xx.xx.xx.xx - - [13/Dec/2021:21:29:02 +0100] "POST /v2/login/logout HTTP/2.0" 502 157 "-" "Dalvik/2.1.0 (Linux; U; Android 9; moto x4 Build/PPWS29.69-39-6-4)"
xx.xx.xx.xx - - [13/Dec/2021:21:29:15 +0100] "POST /v2/login/logout HTTP/2.0" 502 157 "-" "Dalvik/2.1.0 (Linux; U; Android 9; moto x4 Build/PPWS29.69-39-6-4)"
error:
2021/12/13 21:03:58 [error] 493#493: *32 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: xxxxx.*, request: "POST /v2/login/login HTTP/2.0", upstream: "http://xx.xx.xx.xx:8099/v2/login/login", host: "xxx.xxxxxxx.xxx"
2021/12/13 21:21:36 [error] 493#493: *726 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: xxxxx.*, request: "POST /v2/login/login HTTP/2.0", upstream: "http://xx.xx.xx.xx:8099/v2/login/login", host: "xxx.xxxxxxx.xxx"
2021/12/13 21:28:09 [error] 493#493: *978 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: xxxxx.*, request: "POST /v2/sync/getUpdates HTTP/2.0", upstream: "http://xx.xx.xx.xx:8099/v2/sync/getUpdates", host: "xxx.xxxxxxx.xxx"
2021/12/13 21:29:02 [error] 493#493: *1006 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: xxxxx.*, request: "POST /v2/login/logout HTTP/2.0", upstream: "http://xx.xx.xx.xx:8099/v2/login/logout", host: "xxx.xxxxxxx.xxx"
2021/12/13 21:29:15 [error] 493#493: *1020 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: xxxxx.*, request: "POST /v2/login/logout HTTP/2.0", upstream: "http://xx.xx.xx.xx:8099/v2/login/logout", host: "xxx.xxxxxxx.xxx"
And there it is.. its trying to talk to the c2fmzq-server on 8099, not 80. That ip in "upstream: "http://xx.xx.xx.xx:8099/v2/login/logout" is the docker ip of the c2fmzq-server, not the server that runs docker.
I was trying different Location blocks in nginx and forgot to change 1 or 2 blocks to 80 (was 8099). So that explains why some commands worked and others not.
Do you now if I need a location for each "subfolder"? e.g.
Location /
Location /v2
Location /v2/register
and so on?
So, with the c2fmzq-client it seemes to work now (with only "Location /" in nginx).
docker logs -f c2fmzq-server
I1213 210428.054 server/server.go:293] POST /v2/register/createAccount
I1213 210535.675 server/server.go:293] POST /v2/login/preLogin
I1213 210536.723 server/server.go:293] POST /v2/login/login
I1213 210538.667 server/server.go:353] POST /v2/sync/getUpdates (UserID:xxxxxxxx)
But I still get the same errors in the andoid app, and nothing gets logged anywhere?
Edit:
And now that works too \m/
Apparently the server address must have a slash in the end... (in the android app)
So I guess I got it working right away, it was the slash that threw me off.
Thanks for the help, and for what seems like an awesome privacy-solution for images/movies. Now back to syncing :)
Also, you can use the --path-prefix flag to change what the API endpoints look like, e.g. --path-prefix=/foo will make all the endpoints start with /foo. So, /foo/v2/login/createAccount, etc. Of course, the clients needs to include that prefix as well.
This was intended exactly for your use-case where c2fmzq-server is sitting behind a gateway / load-balancer.