Nginx sever 502 [closed]

I know this has been answerd before but none of the solutions worked for me.

I installed an update on my digitalocean droplet and then rebooted it only to find my site down with a 502 error.

Running: sudo tail -100 /var/log/nginx/error.log gives me:

2021/04/21 13:28:15 [crit] 23183#23183: *6744 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 192.241.217.146, server: 0.0.0.0:443
2021/04/21 17:59:08 [crit] 23183#23183: *6928 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 172.105.13.165, server: 0.0.0.0:443
2021/04/21 22:52:02 [error] 833#833: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 108.162.241.244, server: site.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "site.com

What does: SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low mean and how can I fix it?

Note: Nginx is running and I've tried restarting it, also running nginx -t says everything is successful.


Solution 1:

Those errors mean that the client cannot negotiate what particular cipher it should use to talk with your server, so the SSL handshake fails. These can be someone with a ridiculously old client of some type, or something more nefarious, such as someone looking for potential vulnerabilities to exploit on your site.

I don't believe these are the cause of your issue though. The third error you've captured tells a different story though - it would appear your nginx server cannot talk to an upstream, maybe something like flask?

Assuming you have something like a Flask application, or php-fpm, etc that should also be working, you may want to check if it is alive. You could also check on the host with lsof -i :5000 and see if anything is listening. It could also be that you don't have a firewall rule in place allowing access to port 5000, and when the droplet rebooted, it no longer worked.

If that doesn't help point you in the right direction, please share your nginx configuration, and some more details about what your application does.