502 Bad Gateway errors from Nginx when trying to access Tomcat

I have JIRA and Nginx running on the same server with Nginx installed to
serve as a reverse proxy. From what I learnt from various sources, in
the
Tomcat server.xml file, I must add an address=“127.0.0.1” attribute so
that
Tomcat does not listen to outside IPs. But once I add that to my 8080
and
8443 connectors, things stop working i.e., the JIRA site becomes
inaccessible. Browser displays Connection refused / connection timed out
errors. Trying to access the site through curl gives me 502 Bad gateway
error. I have also checked the Nginx error log which shows this -

connect() failed (111: Connection refused) while connecting to upstream,
client: , server: , request: “GET / HTTP/1.1”,
upstream:
“http://:8080/”, host:

Here is my nginx.conf
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] 

“$request”

'$status $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

#gzip  on;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

and the entire content of the file for sites-enabled

server {
listen 80;

    server_name test-pcrdesk.ingrnet.com;
    location / {

            proxy_pass http://<IP>:8080/; #Here I have tried the 

real IP
of the server, localhost, FQDN with and without port 8080, almost
anything I
could think of
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;

}
}

Here is server.xml file configuration for Tomcat.
<Connector port=“8080”
address=“127.0.0.1”
maxThreads=“150”
minSpareThreads=“25”
connectionTimeout=“20000”
enableLookups=“false”
maxHttpHeaderSize=“8192”
protocol=“HTTP/1.1”
useBodyEncodingForURI=“true”
acceptCount=“100”
redirectPort=“8443”
disableUploadTimeout=“true”
proxyName=
proxyPort=“80”/>

<Connector port=“8443”
address=“127.0.0.1”
SSLEnabled=“true”
acceptCount=“100”
clientAuth=“false”
connectionTimeout=“20000”
disableUploadTimeout=“true”
enableLookups=“false”
keyAlias=
keystoreFile=
keystorePass=
keystoreType=“JKS”
maxHttpHeaderSize=“8192”
maxSpareThreads=“75”
maxThreads=“150”
minSpareThreads=“25”
protocol=“org.apache.coyote.http11.Http11Protocol”
scheme=“https”
secure=“true”
sslProtocol=“TLS”
useBodyEncodingForURI=“true”/>

What is wrong with my configuration?

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266336,266336#msg-266336

Hello,

did you followed the atlassian-guide?

https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html

https://confluence.atlassian.com/confkb/how-to-use-nginx-to-proxy-requests-for-confluence-313459790.html

usually when nginxy says “502” you should trust this.

for debuggging, try

curl -v http://JIRA_IP:JIRA_PORT/ from the server nginx runs on., to
see, if
you have
access to the ressource you configured in proxy_pass

cheers,

mex

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266336,266339#msg-266339

Yes, I followed the instructions as-is and they work. The problems begin
when I block Tomcat from listening to external IPs by adding
address=127.0.0.1 in the Connector blocks. The Atlassian guide does not
discuss that aspect at all.

From what I have observed, I feel that even if I have a Nginx reverse
proxy,
the requests are handled by Tomcat if one follows Atlassian’s
documentation.

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266336,266340#msg-266340

On Fri, Apr 22, 2016 at 02:29:07AM -0400, gischethans wrote:

Hi there,

I have JIRA and Nginx running on the same server with Nginx installed to
serve as a reverse proxy.

For this to work, you need your users to connect to nginx, and you need
nginx to connect to jira.

Browser displays Connection refused / connection timed out
errors.

To aid debugging, can you make sure that one specific nginx config is
being used, run

curl -i http://nginx-server/

and paste the result here?

That should show whether this config leads to a “refused” or a “timed
out”
– they are different errors, with different causes.

Trying to access the site through curl gives me 502 Bad gateway
error. I have also checked the Nginx error log which shows this -

“bad gateway” is a different error, with a different cause.

connect() failed (111: Connection refused) while connecting to upstream,
client: , server: , request: “GET / HTTP/1.1”, upstream:
“http://:8080/”, host:

That is good; it suggests that your user is connecting to nginx.

It appears that nginx is not connecting to jira.

You have jira/tomcat listening on 127.0.0.1:8080.

above should be exactly 127.0.0.1. That comes from…

            proxy_pass http://<IP>:8080/; #Here I have tried the real IP

there should be exactly 127.0.0.1.

Make that one change; make sure your new nginx.conf is being used,
test again, and report if anything is imperfect.

Good luck with it,

f

Francis D. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs