502 BAD GATEWAY Nginx proxy-pass error

Ever had this error while proxy-passing nginx to your back-end application? Strange enough there are few sources out there stating how it is raised and its solution.

The environment: Centos7+enforced Selinux where there is an application(mattermost)being proxy-passed to by nginx.
After setting up the nginx to proxy pass the application and opening up the firewall service http, you encounter with the error: 502 bad gateway.
Tailing the nginx error log gets you:

tail /var/log/nginx/error.log prints out something vague:
2018/01/31 07:55:25 [error] 2470#0: *1 no live upstreams while connecting to upstream, client: 192.168.122.1, server: mattermost.devopt.net, request: "GET /favicon.ico HTTP/1.1", upstream: "http://backend/favicon.ico", host: "192.168.122.254", referrer: "http://192.168.122.254/"

Only it is after tailing the /var/log/audit/audit.log; and piping denied keyword that you see something like:
type=AVC msg=audit(1517401834.352:180): avc: denied { name_connect } for pid=1678 comm="nginx" dest=8065 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket

Solution:
a. Install the python module:
# yum install policycoreutils-python-2.5-17.1.el7.x86_64
b. Get the audit exception created by:
# cat /var/log/audit/audit.log |grep nginx |grep denied |audit2allow -M nginx

c. Make it permanent by:
# semodule -i nginx.pp

Reload the page again and …Hey presto…

2 thoughts on “502 BAD GATEWAY Nginx proxy-pass error

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.