Rails 4 + nginx + unicorn + ssl = 502 Bad Gateway

StackOverflow https://stackoverflow.com/questions/21414816

Question

Browser is showing 502 Bad Gateway - nginx. The only good news is my SSL https and green lock is showing up.

Nginx Logs Error below

nginx/error.log

*1 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: mysite.com, request: "GET / HTTP/1.1", upstream: "http://xxx.xxx.xx.xxx:80/maintenance.html", host: "mysite.com"

home/unicorn/log/unicorn.log (seems like it's waiting for nginx):

I, [2014-01-28T17:18:37.176299 #31858]  INFO -- : listening on addr=127.0.0.1:8080 fd=10
I, [2014-01-28T17:18:37.176619 #31858]  INFO -- : worker=0 spawning...
I, [2014-01-28T17:18:37.177379 #31858]  INFO -- : worker=1 spawning...
I, [2014-01-28T17:18:37.178118 #31858]  INFO -- : master process ready
I, [2014-01-28T17:18:37.182850 #31861]  INFO -- : worker=0 spawned pid=31861
I, [2014-01-28T17:18:37.185475 #31863]  INFO -- : worker=1 spawned pid=31863
I, [2014-01-28T17:18:37.186023 #31861]  INFO -- : Refreshing Gem list
I, [2014-01-28T17:18:37.194198 #31863]  INFO -- : Refreshing Gem list
I, [2014-01-28T17:18:38.484772 #31861]  INFO -- : worker=0 ready
I, [2014-01-28T17:18:38.501165 #31863]  INFO -- : worker=1 ready

Here is some of my relevant files:

/etc/nginx/sites-available/default

server {
    listen 443 default;

    ssl on;
    ssl_certificate    /etc/ssl/certs/ssl-bundle.crt;
    ssl_certificate_key     /etc/ssl/private/server.key;

    server_name mysite.com;

    root /home/username/mysite.com/current/public;
    try_files $uri/index.html $uri @unicorn;

    location @unicorn {
      proxy_redirect off;
      proxy_set_header X-Forwarded-Proto https;
      proxy_pass mysite.com;
    }

    error_page 502 503 /maintenance.html;
    error_page 500 504 /500.html;
    keepalive_timeout 5;
}

/etc/nginx/nginx.conf

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events { worker_connections 1024; }

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";
        gzip_types text/plain text/xml text/css text/comma-separated-values;
        upstream app_server { server 127.0.0.1:8080 fail_timeout=0; }

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

/home/unicorn/unicorn.conf

listen "127.0.0.1:8080"
worker_processes 2
user "username"
working_directory "/home/username/mysite.com/current/"
pid "/home/unicorn/pids/unicorn.pid"
stderr_path "/home/unicorn/log/unicorn.log"
stdout_path "/home/unicorn/log/unicorn.log"

/etc/default/unicorn

# Change paramentres below to appropriate values and set CONFIGURED to yes.
CONFIGURED=yes

# Default timeout until child process is killed during server upgrade,
# it has *no* relation to option "timeout" in server's config.rb.
TIMEOUT=60

# Path to your web application, sh'ld be also set in server's config.rb,
# option "working_directory". Rack's config.ru is located here.
APP_ROOT=/home/username/mysite.com/current

# Server's config.rb, it's not a rack's config.ru
CONFIG_RB=/home/unicorn/unicorn.conf

# Where to store PID, sh'ld be also set in server's config.rb, option "pid".
PID=/home/unicorn/pids/unicorn.pid
UNICORN_OPTS="-D -c $CONFIG_RB -E production"

PATH=/usr/local/rvm/rubies/ruby-2.0.0-p353/bin:/usr/local/rvm/gems/ruby-2.0.0-p353/bin:/home/unicorn/.rvm/bin:/usr/local/sbin:/usr/bin:/b$

config/unicorn.rb

application     = "mysite.com"
remote_user     = "username"
env = ENV["RAILS_ENV"] || "production"
RAILS_ROOT = File.join("/home", remote_user, application, "current")

worker_processes 8
timeout 30
preload_app true

working_directory RAILS_ROOT
listen File.join(RAILS_ROOT, "tmp/unicorn.sock"), :backlog => 64
pid_path = File.join(RAILS_ROOT, "tmp/pids/unicorn.pid")
pid pid_path

stderr_path File.join(RAILS_ROOT, "log/unicorn-err.log")
stdout_path File.join(RAILS_ROOT, "log/unicorn-err.log")

before_fork do |server, worker|
  if defined?(ActiveRecord::Base)
    ActiveRecord::Base.connection.disconnect!
  end
  old_pid_path = "#{pid_path}.oldbin"
  if File.exists?(old_pid_path) && server.pid != old_pid_path
    begin
      Process.kill("QUIT", File.read(old_pid_path).to_i)
    rescue Errno::ENOENT, Errno::ESRCH
      # someone else did our job for us
    end
  end
end

after_fork do |server, worker|
  if defined?(ActiveRecord::Base)
    ActiveRecord::Base.establish_connection
  end

  # worker processes http://devmull.net/articles/unicorn-resque-bluepill
  # rails_env = ENV['RAILS_ENV'] || 'production'
  # worker.user('app', 'app') if Process.euid == 0 && rails_env == 'production'
end

Let me know if you would like me to post any other files. Thanks ahead of time for anyone who responds.

Was it helpful?

Solution

The problem is that Unicorn and Nginx do not agree on a shared socket. Also, in the files you have posted, the upstream and proxy_pass do not match. How about:

In the server context:

location @unicorn {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_set_header Host $http_host;
  proxy_redirect off;
  proxy_pass http://unicorn_server; # This name must match the upstream
}

In the http context:

upstream unicorn_server {
  server unix:/var/run/my_site/unicorn.sock;
}

In the Unicorn configuration file (here /home/unicorn/unicorn.conf):

listen '/var/run/my_site/unicorn.sock', :backlog => 64

Note Unicorn listens on a socket where Nginx posts requests.

OTHER TIPS

It was the same for me in Rails 4, but I have added a "SECRETKEYBASE" in /confirg/secrets.yml

production:
secretkeybase: # add yours here

i had the same issue and i solved by changing the name of the socket in the nginx.conf and in the unicorn.conf files, setting up as "unicorn.sock" instead of the one i was using "unicorn.rails_app.sock" in both files like this:

/etc/nginx/nginx.conf

upstream unicorn {
  server unix:/tmp/unicorn.sock fail_timeout=0;
}

/home/unicorn/unicorn.conf

listen "/tmp/unicorn.sock"

And changing that just worked for me, it is weird, because before they were in both files like this "unicorn.rails_app.sock" and i don't know why i get the 502 error when i have other server running like this without problem.

Hope it helps!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top