Symptoms
- If Nginx is enabled, all sites return the following error:
504 Gateway Timeout error
502 Bad gateway
- Fail2ban is not installed or disabled;
- Apache and nginx services are running;
- There are the following records in
/var/log/httpd/error_log:upstream timed out (110: Connection timed out) while reading response header from upstream
- There are the following records in
/var/www/vhosts/example.com/logs/proxy_error_log:[error] 18625#0: *8 connect() failed (111: Connection refused) while connecting to upstream
curl: (28) Failed to connect to 203.0.113.2 port 7081 after 129871 ms: Connection timed out
Cause
Firewall rules block local connection on port 7080 and 7081, or some rules block the server's IP Address, so Nginx is unable to connect to Apache.
Resolution
Check the Plesk firewall or "iptables" utility and remove rules that block access to 7080 or 7081 ports or block access from the server's IP addresses
Click on a section to expand
Manage rules via Plesk Firewall
- Install Plesk Firewall if it is not installed How to install Plesk Firewall
- Go to Plesk > Tools & Settings > Firewall > Modify Plesk Firewall Rules >Add Custom Rule and allow 7080/7081 ports for all external IP addresses for Incoming/Outgoing.
Click on a section to expand
Adding rules directly from the server
- To do this manually, connect to the server via SSH
Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.
- Add rules using the commands below:
# iptables -A INPUT -s 10.10.10.10 -p tcp -m tcp --dport 7081 -j ACCEPT
# iptables -A INPUT -s 10.10.10.10 -p tcp -m tcp --dport 7080 -j ACCEPT
# iptables -A OUTPUT -s 10.10.10.10 -p tcp -m tcp --sport 7081 -j ACCEPT
# iptables -A OUTPUT -s 10.10.10.10 -p tcp -m tcp --sport 7080 -j ACCEPT
NOTE: In addition, check any other similar tools and extensions installed on the server like Imunify360, DDoS Deflate Interface, or Bitninja for example if there are similar rules forbidding needed ports or blocking the server's IP addresses
with