Rails 4 + nginx + unicorn + ssl = 502 Bad Gateway

J Grover picture J Grover · Jan 28, 2014 · Viewed 11.3k times · Source

Browser is showing 502 Bad Gateway - nginx. The only good news is my SSL https and green lock is showing up.

Nginx Logs Error below

nginx/error.log

*1 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: mysite.com, request: "GET / HTTP/1.1", upstream: "http://xxx.xxx.xx.xxx:80/maintenance.html", host: "mysite.com"

home/unicorn/log/unicorn.log (seems like it's waiting for nginx):

I, [2014-01-28T17:18:37.176299 #31858]  INFO -- : listening on addr=127.0.0.1:8080 fd=10
I, [2014-01-28T17:18:37.176619 #31858]  INFO -- : worker=0 spawning...
I, [2014-01-28T17:18:37.177379 #31858]  INFO -- : worker=1 spawning...
I, [2014-01-28T17:18:37.178118 #31858]  INFO -- : master process ready
I, [2014-01-28T17:18:37.182850 #31861]  INFO -- : worker=0 spawned pid=31861
I, [2014-01-28T17:18:37.185475 #31863]  INFO -- : worker=1 spawned pid=31863
I, [2014-01-28T17:18:37.186023 #31861]  INFO -- : Refreshing Gem list
I, [2014-01-28T17:18:37.194198 #31863]  INFO -- : Refreshing Gem list
I, [2014-01-28T17:18:38.484772 #31861]  INFO -- : worker=0 ready
I, [2014-01-28T17:18:38.501165 #31863]  INFO -- : worker=1 ready

Here is some of my relevant files:

/etc/nginx/sites-available/default

server {
    listen 443 default;

    ssl on;
    ssl_certificate    /etc/ssl/certs/ssl-bundle.crt;
    ssl_certificate_key     /etc/ssl/private/server.key;

    server_name mysite.com;

    root /home/username/mysite.com/current/public;
    try_files $uri/index.html $uri @unicorn;

    location @unicorn {
      proxy_redirect off;
      proxy_set_header X-Forwarded-Proto https;
      proxy_pass mysite.com;
    }

    error_page 502 503 /maintenance.html;
    error_page 500 504 /500.html;
    keepalive_timeout 5;
}

/etc/nginx/nginx.conf

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events { worker_connections 1024; }

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";
        gzip_types text/plain text/xml text/css text/comma-separated-values;
        upstream app_server { server 127.0.0.1:8080 fail_timeout=0; }

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

/home/unicorn/unicorn.conf

listen "127.0.0.1:8080"
worker_processes 2
user "username"
working_directory "/home/username/mysite.com/current/"
pid "/home/unicorn/pids/unicorn.pid"
stderr_path "/home/unicorn/log/unicorn.log"
stdout_path "/home/unicorn/log/unicorn.log"

/etc/default/unicorn

# Change paramentres below to appropriate values and set CONFIGURED to yes.
CONFIGURED=yes

# Default timeout until child process is killed during server upgrade,
# it has *no* relation to option "timeout" in server's config.rb.
TIMEOUT=60

# Path to your web application, sh'ld be also set in server's config.rb,
# option "working_directory". Rack's config.ru is located here.
APP_ROOT=/home/username/mysite.com/current

# Server's config.rb, it's not a rack's config.ru
CONFIG_RB=/home/unicorn/unicorn.conf

# Where to store PID, sh'ld be also set in server's config.rb, option "pid".
PID=/home/unicorn/pids/unicorn.pid
UNICORN_OPTS="-D -c $CONFIG_RB -E production"

PATH=/usr/local/rvm/rubies/ruby-2.0.0-p353/bin:/usr/local/rvm/gems/ruby-2.0.0-p353/bin:/home/unicorn/.rvm/bin:/usr/local/sbin:/usr/bin:/b$

config/unicorn.rb

application     = "mysite.com"
remote_user     = "username"
env = ENV["RAILS_ENV"] || "production"
RAILS_ROOT = File.join("/home", remote_user, application, "current")

worker_processes 8
timeout 30
preload_app true

working_directory RAILS_ROOT
listen File.join(RAILS_ROOT, "tmp/unicorn.sock"), :backlog => 64
pid_path = File.join(RAILS_ROOT, "tmp/pids/unicorn.pid")
pid pid_path

stderr_path File.join(RAILS_ROOT, "log/unicorn-err.log")
stdout_path File.join(RAILS_ROOT, "log/unicorn-err.log")

before_fork do |server, worker|
  if defined?(ActiveRecord::Base)
    ActiveRecord::Base.connection.disconnect!
  end
  old_pid_path = "#{pid_path}.oldbin"
  if File.exists?(old_pid_path) && server.pid != old_pid_path
    begin
      Process.kill("QUIT", File.read(old_pid_path).to_i)
    rescue Errno::ENOENT, Errno::ESRCH
      # someone else did our job for us
    end
  end
end

after_fork do |server, worker|
  if defined?(ActiveRecord::Base)
    ActiveRecord::Base.establish_connection
  end

  # worker processes http://devmull.net/articles/unicorn-resque-bluepill
  # rails_env = ENV['RAILS_ENV'] || 'production'
  # worker.user('app', 'app') if Process.euid == 0 && rails_env == 'production'
end

Let me know if you would like me to post any other files. Thanks ahead of time for anyone who responds.

Answer

Eric Platon picture Eric Platon · Feb 15, 2014

The problem is that Unicorn and Nginx do not agree on a shared socket. Also, in the files you have posted, the upstream and proxy_pass do not match. How about:

In the server context:

location @unicorn {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_set_header Host $http_host;
  proxy_redirect off;
  proxy_pass http://unicorn_server; # This name must match the upstream
}

In the http context:

upstream unicorn_server {
  server unix:/var/run/my_site/unicorn.sock;
}

In the Unicorn configuration file (here /home/unicorn/unicorn.conf):

listen '/var/run/my_site/unicorn.sock', :backlog => 64

Note Unicorn listens on a socket where Nginx posts requests.