Hello,
After upgrading to Nextcloud 23, I’ve started getting 502 Bad Gateway errors. After googling for hours and trying to fix it, I’ve come to fix ‘some’ issues. Now, the following works:
- iOS Client (files/folder sync works)
- MacOS Client (files/folder sync works)
- Safari on Mac works to login use the site
What does not work:
- Edge on Mac loads the login screen, but as soon as I enter user/pass, it redirects to 502 bad gateway
- Fiery Feeds app on iOS gives a 502 Bad Gateway error
I have no errors when trying to run the occ command, and nginx logs don’t give anything useful except:
“FastCGI sent in stderr: PHP message”
Which doesn’t provide much help.
Can anyone recommend some next steps for me please?
I’m currently using the below as my nginx conf:
server {
listen 80;
server_name my.nextcloud.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name my.nextcloud.com;
root /var/www/html/nextcloud;
ssl on;
ssl_certificate /etc/nginx/ssl/nextcloud.crt;
ssl_certificate_key /etc/nginx/ssl/nextcloud.key;
ssl_session_timeout 5m;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=15768000; preload;";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
I had a similar problem than you. with post login pages displaying error 502 on nginx, but syncs still working. fail2ban was using a lot of ressources too. I suspected that was linked to my log file.
The problem as been solved by enabling rotating log.