Bad Gateway after Ubuntu Upgrade to 22.04

My system was running Ubuntu 20.04 with NC25, nginx, php7.3 and mariadb. Now I updated the System to the latest Ubuntu LTS Version 22.04.
But NC throws out the 502 Error after the update.

I tried to install php8.0-fpm and php8.1-fpm, all necessary modules and edited the nginx config from: php7.3-fpm.sock to php8.0-fpm.sock and php8.1-fpm.sock but I still stuck with the bad gateway error.

Any ideas how to fix this?

I think I found the problem.

The sock for php8.0-fpm and php8.1-fpm on /run/PHP/ is missing.

How can i add the sock?

Check your FPM pool configuration. From the sounds I’ve it I’d guess it to be in /etc/php/8.1/fpm/pool.d/www.conf. The path for the socket is in the listen line.

https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html#php-handler-configuration-avoiding-502-bad-gateway

Also make sure FPM is running. Maybe need to restart the service.

systemctl status php8.1-fpm.service
● php8.1-fpm.service - The PHP 8.1 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.1-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-06-22 19:28:16 CEST; 5min ago
       Docs: man:php-fpm8.1(8)
   Main PID: 1334 (php-fpm8.1)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 3902)
     Memory: 23.8M
        CPU: 510ms
     CGroup: /system.slice/php8.1-fpm.service
             ├─1334 "php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─2320 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "">
             └─2321 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "">

Jun 22 19:26:47 htpc systemd[1]: Starting The PHP 8.1 FastCGI Process Manager...
Jun 22 19:28:16 htpc systemd[1]: Started The PHP 8.1 FastCGI Process Manager.

etc/php/8.1/fpm/pool.d/www.conf contains this line: listen = /run/php/php8.1-fpm.sock
etc/nginx/conf.d/mysite_nextcloud.conf contains this line fastcgi_pass unix:/run/php/php8.1-fpm.sock;
etc/nginx/conf.d/mysite.de.conf contains this line server unix:/run/php/php8.1-fpm.sock;

The php8.1-fpm.sock and the php8.1-fpm.pid files are available in /run/php/

I have no idea why it isnt working…

It sounds you’re using a custom Nginx config of some sort.

It’s a little weird to be specifying the socket in two places and across two different sites.

Are you also running a reverse proxy on the same NGINX instance or something?

Can you provide a few of the the lines immediately before and after the server line in /etc/nginx/conf.d/mysite.de.conf?

Also, from the looks of it I’m guessing you aren’t using an upstream php-handler section in your /etc/nginx/conf.d/mysite_nextcloud.conf like is in the recommended config? Is that correct?

Don’t start changing it… I’m asking so I can understand what you’re doing before I make any further suggestion.

https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html

/etc/nginx/conf.d/mysite.de.conf

upstream php-handler {
    server unix:/run/php/php8.1-fpm.sock;
}

server {
	listen 80 default_server;
	  listen [::]:80 ipv6only=on default_server;
	server_name my.site.com 192.168.178.32;
 
	root /var/www;
	
	location ^~ /.well-known/acme-challenge {
		proxy_pass http://127.0.0.1:81;
		proxy_redirect off;
	}
		location / {
		# Enforce HTTPS
		# Use this if you always want to redirect to the DynDNS address (no local access).
		return 301 https://$server_name$request_uri;
		
		# Use this if you also want to access the server by local IP:
		#return 301 https://$server_addr$request_uri;

    }	
}
server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name my.site.com 192.168.178.32;
  
	# Certificates used
	ssl_certificate /etc/letsencrypt/live/my.site.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/my.site.com/privkey.pem;
  
	# Not using TLSv1 will break:
	#	Android <= 4.4.40
	#	IE <= 10
	#	IE mobile <=10
	# Removing TLSv1.1 breaks nothing else!
	# TLSv1.3 is not supported by most clients, but it should be enabled.
	ssl_protocols TLSv1.2 TLSv1.3;
	
	# Cipher suite from https://cipherli.st/
	# Max. security, but lower compatibility 
	ssl_ciphers '00000';
 
	# Cipher suite from https://wiki.mozilla.org/Security/Server_Side_TLS
	#ssl_ciphers '00000;
 
	# (Modern) cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/
	#ssl_ciphers '00000;
 
	# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
	ssl_dhparam /etc/nginx/ssl/dhparams.pem;
  
	# Use multiple curves.
	# secp521r1: Not supported by Chrome
	# secp384r1: Not supported by Android (DAVdroid)
	ssl_ecdh_curve 000000;
 
	# Server should determine the ciphers, not the client
	ssl_prefer_server_ciphers on;
  
	# OCSP Stapling
	# fetch OCSP records from URL in ssl_certificate and cache them
	ssl_stapling on;
	ssl_stapling_verify on;
	
	# This should be chain.pem
	# See here: https://certbot.eff.org/docs/using.html
	ssl_trusted_certificate /etc/letsencrypt/live/my.site.com/chain.pem;
	
	resolver 192.168.178.1;
  
	# SSL session handling
	ssl_session_timeout 24h;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
 
	#
	# Add headers to serve security related headers
	#  
	# HSTS (ngx_http_headers_module is required)
	# In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";
	add_header X-Content-Type-Options "nosniff";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;
	add_header Referrer-Policy no-referrer;
	add_header X-Robots-Tag "noindex, nofollow" always;
        add_header X-Frame-Options "SAMEORIGIN"; 
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;	
	
	location = / {
        # Disable access to the web root, otherwise nginx will show the default site here.
		deny all;
        }	
 
	#
	# Nextcloud
	#
	location ^~ /nextcloud/ {
		# Set max. size of a request (important for uploads to Nextcloud)
		client_max_body_size 10G;
		# Besides the timeout values have to be raised in nginx' Nextcloud config, these values have to be raised for the proxy as well
		proxy_connect_timeout 3600;
		proxy_send_timeout 3600;
		proxy_read_timeout 3600;
		send_timeout 3600;
		proxy_buffering off;
		proxy_request_buffering off;
		proxy_max_temp_file_size 10240m;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass http://127.0.0.1:82;
		proxy_redirect off;
	}
        location ^~ /.well-known {
                # The rules in this block are an adaptation of the rules
                # in the Nextcloud `.htaccess` that concern `/.well-known`.
                location = /.well-known/carddav { return 301 $scheme://$host/nextcloud/remote.php/dav/; }
                location = /.well-known/caldav  { return 301 $scheme://$host/nextcloud/remote.php/dav/; }
                location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
                location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
                # Let Nextcloud's API for `/.well-known` URIs handle all other
                # requests by passing them to the front-end controller.
                return 301 $scheme://$host/nextcloud/index.php$request_uri;
         } 

	 location ^~ /mysite/ {
                proxy_pass http://127.0.0.1:8199; # Local# ip and non SSL port

                proxy_hide_header X-Powered-By;
                proxy_set_header Range $http_range;
                proxy_set_header If-Range $http_if_range;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               #Next three lines allow websockets
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
        location ^~ /mysite/ {
                proxy_pass http://127.0.0.1:9999; # Local ip and non SSL port

                proxy_hide_header X-Powered-By;
                proxy_set_header Range $http_range;
                proxy_set_header If-Range $http_if_range;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               #Next three lines allow websockets
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
        location ^~ /mysite/ {
                proxy_pass http://127.0.0.1:5252; # Local ip and non SSL port

                proxy_hide_header X-Powered-By;
                proxy_set_header Range $http_range;
                proxy_set_header If-Range $http_if_range;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               #Next three lines allow websockets
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
         }
}

/etc/nginx/conf.d/mysite_nextcloud.conf

server {
    listen 127.0.0.1:82;
    server_name 127.0.0.1;
 
    # Path to the root of your installation
    root /var/www/;
 
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
 
    location ^~ /nextcloud {
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;
 
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 
        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;
 
        location /nextcloud {
            rewrite ^ /nextcloud/index.php$request_uri;
        }
 
        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
 
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
 
        location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
			
			# Important: disable HTTPS, otherwise no log in will be possible!
            #fastcgi_param HTTPS on;
 
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_param front_controller_active true;
            fastcgi_pass unix:/run/php/php8.1-fpm.sock;
            fastcgi_intercept_errors on;
 
            # Raise timeout values.
            # This is especially important when the Nextcloud setup runs into timeouts (504 gateway errors)
			fastcgi_read_timeout 600;
			fastcgi_send_timeout 600;
			fastcgi_connect_timeout 600;
            fastcgi_request_buffering off;
	    
            # Pass PHP variables directly to PHP.
            # This is usually done in the php.ini. For more flexibility, these variables are configured in the nginx config.
			# All the PHP parameters have to be set in one fastcgi_param. When using more 'fastcgi_param PHP_VALUE' directives, the last one will override all the others.
			fastcgi_param PHP_VALUE "open_basedir=/var/www:/tmp/:/var/nextcloud_data:/dev/urandom:/proc/meminfo
				upload_max_filesize = 10G
				post_max_size = 10G
				max_execution_time = 3600
				max_input_time = 3600
				output_buffering = off";
            
            # Make sure that the real IP of the remote host is passed to PHP.
            fastcgi_param REMOTE_ADDR $http_x_real_ip;
        }
 
        location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
 
        # Adding the cache control header for js and css files
		# Make sure it is BELOW the PHP block
		location ~* \.(?:css|js|woff2?|svg|gif)$ {
			try_files $uri /nextcloud/index.php$request_uri;
			proxy_set_header Cache-Control "public, max-age=15778463";
			# Add headers to serve security related headers
			# Use 'proxy_set_header' (not 'add_header') as the headers have to be passed
			proxy_set_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";
			proxy_set_header X-Content-Type-Options nosniff;
			proxy_set_header X-XSS-Protection "1; mode=block";
			proxy_set_header X-Robots-Tag none;
			proxy_set_header X-Download-Options noopen;
			proxy_set_header X-Permitted-Cross-Domain-Policies none;
			proxy_set_header Referrer-Policy no-referrer;
			# Optional: Don't log access to assets
			access_log off;
		}
 
		location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
			try_files $uri /nextcloud/index.php$request_uri;
			# Optional: Don't log access to other assets
			access_log off;
		}
    }
}