Intermittent Authentication Failure (502 Bad Gateway)

Question

Intermittent Authentication Failure (502 Bad Gateway)

Closed this issue 8 years ago · 3 comments

Original User Complaint:
Current PawPrints login is not working...if someone could investigate that would be appreciated. This is a big deal to get fixed ASAP. Thank you!

Nginx Error Log 2/6/2016 17:00PM-17:59PM Retrieved

Answer 1 · 2017-02-07T16:33:52.000Z

Update 2/7/2017

Of particular interest are error-log entries that look like this:
2017/02/06 17:45:02 [error] 22266#0: *2291058 connect() failed (111: Connection refused) while connecting to upstream, [REMOVED]

Answer 2 · 2017-02-07T17:14:28.000Z

After some cursory research on the Google, I have discovered an SELinux boolean that has been known to raise errors similar to those listed above. A DigitalOcean user reported that by setting httpd_can_network_connect to true, (s)he was able to eliminate both the connnect() failed and 502 Bad Gateway errors.

[REMOVED]

EDIT: This should be considered in future SG Services efforts, but in retrospect I do not believe SELinux was the root cause.

Answer 3 · 2017-02-07T22:41:08.000Z

Update 2/7/2017 (End of Business)

At this time, I believe we have resolved this issue. No more 502 Bad Gateway on Pawprints Rochester.

Root Cause

One bad line in an Nginx config. Default listen 80; assumes IPv6 is in use, and then nginx gets confused.

Resolution

added listen 127.0.0.1; to port-80 server block.

Example:

server {
    listen 127.0.0.1;
    listen 80;

   [. . .]
}

Validation of Resolution

Apache Bench Tests
Manual Refresh
Chrome Console
Nginx Error Logs

Okay, I just hit Pawprints-ROC with 1 million requests, 1 thousand requests at at time. Everything came up clear in AB and manual refreshing like a maniac has yielded no 502s. I'm gonna call this one closed.

We ought to be able to take care of 502 errors in all other and future Meteor implementations.