Rails 4 + nginx + unicorn + ssl = 502 Bad Gateway
Browser is showing 502 Bad Gateway - nginx. The only good news is my SSL https and green lock is showing up.
Nginx Logs Error below
nginx/error.log
*1 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: mysite.com, request: "GET / HTTP/1.1", upstream: "http://xxx.xxx.xx.xxx:80/maintenance.html", host: "mysite.com"
home/unicorn/log/unicorn.log (seems like it's waiting for nginx):
I, [2014-01-28T17:18:37.176299 #31858] INFO -- : listening on addr=127.0.0.1:8080 fd=10
I, [2014-01-28T17:18:37.176619 #31858] INFO -- : worker=0 spawning...
I, [2014-01-28T17:18:37.177379 #31858] INFO -- : worker=1 spawning...
I, [2014-01-28T17:18:37.178118 #31858] INFO -- : master process ready
I, [2014-01-28T17:18:37.182850 #31861] INFO -- : worker=0 spawned pid=31861
I, [2014-01-28T17:18:37.185475 #31863] INFO -- : worker=1 spawned pid=31863
I, [2014-01-28T17:18:37.186023 #31861] INFO -- : Refreshing Gem list
I, [2014-01-28T17:18:37.194198 #31863] INFO -- : Refreshing Gem list
I, [2014-01-28T17:18:38.484772 #31861] INFO -- : worker=0 ready
I, [2014-01-28T17:18:38.501165 #31863] INFO -- : worker=1 ready
Here is some of my relevant files:
/etc/nginx/sites-available/default
server {
listen 443 default;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;
server_name mysite.com;
root /home/username/mysite.com/current/public;
try_files $uri/index.html $uri @unicorn;
location @unicorn {
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_pass mysite.com;
}
error_page 502 503 /maintenance.html;
error_page 500 504 /500.html;
keepalive_timeout 5;
}
/etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/xml text/css text/comma-separated-values;
upstream app_server { server 127.0.0.1:8080 fail_timeout=0; }
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/home/unicorn/unicorn.conf
listen "127.0.0.1:8080"
worker_processes 2
user "username"
working_directory "/home/username/mysite.com/current/"
pid "/home/unicorn/pids/unicorn.pid"
stderr_path "/home/unicorn/log/unicorn.log"
stdout_path "/home/unicorn/log/unicorn.log"
/etc/default/unicorn
# Change paramentres below to appropriate values and set CONFIGURED to yes.
CONFIGURED=yes
# Default timeout until child process is killed during server upgrade,
# it has *no* relation to option "timeout" in server's config.rb.
TIMEOUT=60
# Path to your web application, sh'ld be also set in server's config.rb,
# option "working_directory". Rack's config.ru is located here.
APP_ROOT=/home/username/mysite.com/current
# Server's config.rb, it's not a rack's config.ru
CONFIG_RB=/home/unicorn/unicorn.conf
# Where to store PID, sh'ld be also set in server's config.rb, option "pid".
PID=/home/unicorn/pids/unicorn.pid
UNICORN_OPTS="-D -c $CONFIG_RB -E production"
PATH=/usr/local/rvm/rubies/ruby-2.0.0-p353/bin:/usr/local/rvm/gems/ruby-2.0.0-p353/bin:/home/unicorn/.rvm/bin:/usr/local/sbin:/usr/bin:/b$
config/unicorn.rb
application = "mysite.com"
remote_user = "username"
env = ENV["RAILS_ENV"] || "production"
RAILS_ROOT = File.join("/home", remote_user, application, "current")
worker_processes 8
timeout 30
preload_app true
working_directory RAILS_ROOT
listen File.join(RAILS_ROOT, "tmp/unicorn.sock"), :backlog => 64
pid_path = File.join(RAILS_ROOT, "tmp/pids/unicorn.pid")
pid pid_path
stderr_path File.join(RAILS_ROOT, "log/unicorn-err.log")
stdout_path File.join(RAILS_ROOT, "log/unicorn-err.log")
before_fork do |server, worker|
if defined?(ActiveRecord::Base)
ActiveRecord::Base.connection.disconnect!
end
old_pid_path = "#{pid_path}.oldbin"
if File.exists?(old_pid_path) && server.pid != old_pid_path
begin
Process.kill("QUIT", File.read(old_pid_path).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end
after_fork do |server, worker|
if defined?(ActiveRecord::Base)
ActiveRecord::Base.establish_connection
end
# worker processes http://devmull.net/articles/unicorn-resque-bluepill
# rails_env = ENV['RAILS_ENV'] || 'production'
# worker.user('app', 'app') if Process.euid == 0 && rails_env == 'production'
end
Let me know if you would like me to post any other files. Thanks ahead of time for anyone who responds.
Answer
The problem is that Unicorn and Nginx do not agree on a shared socket. Also, in the files you have posted, the upstream and proxy_pass do not match. How about:
In the server context:
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn_server; # This name must match the upstream
}
In the http context:
upstream unicorn_server {
server unix:/var/run/my_site/unicorn.sock;
}
In the Unicorn configuration file (here /home/unicorn/unicorn.conf):
listen '/var/run/my_site/unicorn.sock', :backlog => 64
Note Unicorn listens on a socket where Nginx posts requests.