Problems with Nginx and Seahub: 502 Bad Gateway

Bibo-Joshi · October 12, 2017, 11:24am

Hi there!
Recently I had to completely re-set up my Raspberry, which was sucessfully running my Seafile server. I followed the tutorials here and here. I’m using Let’s Encrypt with Certbot for SSL-certification.
After the re-setup, nginx gives me a 502 Bad Gateway when calling my domain. I’ve tried everything google can offer, but can’t get rid of the problem. Also other 502-related topics is this forum did not help. I’d appreciate any help!
Here is some further Information:

Seafile version: 6.1.2
I’m starting seahub in fastcgi mode, which seems to work fine.
Nginx Error Log
As I understand, this means that Nginx can’t get acces to the Seahub process. I just can’t figure out, why.

2017/10/10 07:39:18 [error] 497#0: *32049 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 182.101.61.201, server: mahlercloud.hopto.org, request: "GET /currentsetting.htm HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "78.52.247.88"
2017/10/10 10:51:23 [error] 497#0: *32112 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 38.142.98.194, server: mahlercloud.hopto.org, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "x4e34f758.dyn.telefonica.de"
2017/10/10 11:01:05 [error] 497#0: *32115 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 158.85.81.122, server: mahlercloud.hopto.org, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "x4e34f758.dyn.telefonica.de"
2017/10/10 17:21:52 [error] 497#0: *32555 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 104.193.9.122, server: mahlercloud.hopto.org, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "mahlercloud.hopto.org"
2017/10/11 00:57:13 [error] 497#0: *33261 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 93.174.95.106, server: mahlercloud.hopto.org, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "mahlercloud.hopto.org"
2017/10/11 03:39:57 [error] 497#0: *33295 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 38.142.98.250, server: mahlercloud.hopto.org, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "x4e336c93.dyn.telefonica.de"
2017/10/11 23:34:33 [error] 16267#0: *34237 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 78.51.108.147, server: mahlercloud.hopto.org, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "mahlercloud.hopto.org"
2017/10/12 03:54:21 [error] 16267#0: *34385 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 45.55.13.142, server: mahlercloud.hopto.org, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:8000", host: "78.51.6.5"

nginx.conf

user www-data;
worker_processes 1;
pid /run/nginx.pid;

events {
worker_connections 128;

multi_accept on;

}

http {

Basic Settings

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

server_tokens off;

server_names_hash_bucket_size 64;

server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

SSL Settings

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

Logging Settings

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Gzip Settings

gzip on;
gzip_disable “msie6”;

gzip_vary on;

gzip_proxied any;

gzip_comp_level 6;

gzip_buffers 16 8k;

gzip_http_version 1.1;

gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

Virtual Host Configs

include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/;
}

Config file for Seafile Server

server {
    listen 80;
    server_name mahlercloud.hopto.org;
    rewrite ^ https://$server_name$request_uri? permanent; # enforce https
}

server {
  listen 443 ssl;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/mahlercloud.hopto.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mahlercloud.hopto.org/privkey.pem;
    server_name mahlercloud.hopto.org;
    error_page 497  https://$host:$server_port$request_uri;
 
    client_max_body_size 10G; # set max upload size
    
    location / {
        fastcgi_pass    127.0.0.1:8000;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;
 
        fastcgi_param   SERVER_PROTOCOL $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;
        fastcgi_param   HTTPS   on;
        fastcgi_param HTTP_SCHEME https;
     
        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;
    }       
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
    }

    location /media {
        root /home/seafile/seafile-server-latest/seahub;
    }
}

ccnet.conf

[General]
USER_NAME = MahlerCloud
ID = ********
NAME = MahlerCloud
SERVICE_URL = https://www.mahlercloud.hopto.org:8000

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = *****
PASSWD = ****
DB = ccnet-db
CONNECTION_CHARSET = utf8

seafile.conf

[fileserver]
port = 8082

[database]
type = mysql
host = 127.0.0.1
port = 3306
user = *****
password = *******
db_name = seafile-db
connection_charset = utf8

seahub_settings.py

#-- coding: utf-8 --
SECRET_KEY = “********”

DATABASES = {
‘default’: {
‘ENGINE’: ‘django.db.backends.mysql’,
‘NAME’: ‘seahub-db’,
‘USER’: ‘',
‘PASSWORD’: '’,
‘HOST’: ‘127.0.0.1’,
‘PORT’: ‘3306’
}
}

FILE_SERVER_ROOT = ‘https://mahlercloud.hopto.org/seafhttp’
HTTP_SERVER_ROOT = ‘https://mahlercloud.hopto.org:8000/seafhttp’

BTW: I’m running Baïkal (WebDAV) for calendar and contact sync on the same machine as another enabled site with Nginx. This domain is also encryptet with Let’s Encrypt. There are no problems here …

I’m very looking forward to your answers.
Kind regards,

Bibo

jobenvil · October 12, 2017, 11:52am

which seafile release?
try with proxy_http_version 1.1;
inside /seafhttp block

Bibo-Joshi · October 12, 2017, 2:31pm

Thanks for your quick reply!
I’m using seafile-server-6.1.2.
I changed the Nginx config file to

…
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_http_version 1.1;
client_max_body_size 0;
}
…

and restartet nginx via sudo nginx -s reload, but still get the 502 Bad Gateway error

jobenvil · October 12, 2017, 3:07pm

This config line is deprecated since long time. Delete it.

should be:
SERVICE_URL = https:// www. mahlercloud.hopto.org
since you use port 80 and 443 on nginx. Check the blank spaces between https://, www and mahler

Bibo-Joshi · October 12, 2017, 3:22pm

Okay, I found both HTTP_… and FILE_SERVER_… while trying to fix it, thanks for the clearification!

Changed ccnet.conf as described, restartet seafile.sh and seahub.sh (start-fastcgi) and reloaded Nginx. No change…

Note: The blanks in SERVICE_URL = https:// www. mahlercloud.hopto.org are due to the fact, that I’m only allowed to have 2 links in my first post There are no blanks in the file.

jobenvil · October 12, 2017, 3:36pm

Check the FAQ/Common Problems, maybe is something there for you

Bibo-Joshi · October 12, 2017, 4:17pm

I can’t find anything, but thank’s again for your effort!
If someone else has an idea or maybe the same problem, please let me know.

Captain_Rage · October 13, 2017, 10:57pm

All I can say is that I’m having veeeeeeery similar problems, which I haven’t been able to work out.
I also followed a similar guide when setting up Seafile server, way back. We should probably scrutinize our old configuration files and compare them to the offical and up-to-date manual.

More info regarding my problem:
https://forum.seafile.com/t/still-getting-502-bad-gateway-and-timeouts-after-upgrading-to-6-2-2/

Bibo-Joshi · November 5, 2017, 3:31pm

Hi there!

I (have a skilled friend, who) found the problem!
Turns out, it had nothing to do with Seafile: I (naively) had added a Repo to /etc/apt/sources.list (because of reasons) and some of the packages installed from it, didn’t fit my CPU. Leaving this info here for anyone who stumbles upon this post …
Sorry for having bothered you and thanks again for your friendly help @jobenvil.
Kind regards,

Bibo,
happily using his once again running private Seafile Cloud