Nginx sever 502 [closed]

nginx digital-ocean

I know this has been answerd before but none of the solutions worked for me.

I installed an update on my digitalocean droplet and then rebooted it only to find my site down with a 502 error.

Running: sudo tail -100 /var/log/nginx/error.log gives me:

2021/04/21 13:28:15 [crit] 23183#23183: *6744 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 192.241.217.146, server: 0.0.0.0:443
2021/04/21 17:59:08 [crit] 23183#23183: *6928 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 172.105.13.165, server: 0.0.0.0:443
2021/04/21 22:52:02 [error] 833#833: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 108.162.241.244, server: site.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "site.com

What does: SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low mean and how can I fix it?

Note: Nginx is running and I've tried restarting it, also running nginx -t says everything is successful.


Solution 1:

Those errors mean that the client cannot negotiate what particular cipher it should use to talk with your server, so the SSL handshake fails. These can be someone with a ridiculously old client of some type, or something more nefarious, such as someone looking for potential vulnerabilities to exploit on your site.

I don't believe these are the cause of your issue though. The third error you've captured tells a different story though - it would appear your nginx server cannot talk to an upstream, maybe something like flask?

Assuming you have something like a Flask application, or php-fpm, etc that should also be working, you may want to check if it is alive. You could also check on the host with lsof -i :5000 and see if anything is listening. It could also be that you don't have a firewall rule in place allowing access to port 5000, and when the droplet rebooted, it no longer worked.

If that doesn't help point you in the right direction, please share your nginx configuration, and some more details about what your application does.

Related

Can't install Mysql on Linux -- Mysql website failing?
Server with multiple replicate=do-db entries
No space left on device mysql
Virtualbox snapshot manager
Exchange 2010 Recovery: Mailbox not found using Restore-Mailbox
Safest way to move a mount point that is a parent of other mount points on Linux to a new physical device
Force Remote IIS Manager to connect through TLS 1.2
Apache Reverse Proxy - HTTP requests with a Cookie
Billing for multiple users of google cloud APIs on one GCP project
Nginx - Serve static html content with whitespace in filename
Why does my ntpd not work?
What is the optimal way to protect my data from my VPS provider? [closed]