[Solved] 502 (Bad Gateway)
Added by wakkw over 5 years ago
I used lighttpd-1.4.45 before, and it worked well. But when I update to lighttpd-1.4.49, and I use the same config file: lighttpd.conf (add mod_openssl),
then errors appeared: 502 (Bad Gateway)
After my tests, I found that the lighttpd version <= 1.4.45 , it works well, lighttpd version > 1.4.45 , this error appears
here is my config file:lighttpd.conf
config {
var.PID = 30225
var.CWD = ""
server.modules = (
"mod_redirect",
"mod_access",
"mod_setenv",
"mod_expire",
"mod_fastcgi",
"mod_cgi",
"mod_compress",
"mod_openssl",
"mod_accesslog",
# 9
)
server.document-root = "/home/sysuser/www/"
server.errorlog = "/www/logs/lighttpd.error.log"
index-file.names = ("index.php", "index.html", "index.htm", "default.htm")
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
# 5
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
# 10
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
# 15
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
# 20
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
# 25
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
# 30
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
# 35
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
# 40
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
# 45
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
# 50
".tar.bz2" => "application/x-bzip-compressed-tar",
# 51
)
url.access-deny = ("~", ".inc")
static-file.exclude-extensions = (".php", ".pl", ".fcgi", ".cgi")
server.port = 80
debug.log-request-header = "enable"
debug.log-response-header = "enable"
debug.log-request-handling = "enable"
debug.log-file-not-found = "enable"
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = (
"text/plain",
"text/html",
"text/javascript",
"text/css",
"image/png",
"text/php",
# 6
)
cgi.assign = (
".cgi" => "",
)
setenv.add-environment = (
"PATH" => "/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:.",
)
server.network-backend = "writev"
server.upload-dirs = ("/home/sysuser")
etag.use-inode = "enable"
etag.use-mtime = "enable"
etag.use-size = "enable"
static-file.etags = "enable"
fastcgi.server = (
"/data" => (
"test.fastcgi.handler" => (
"socket" => "/tmp/WebService.fastcgi.socket",
"check-local" => "disable",
# 2
),
),
"/sys" => (
"test.fastcgi.handler" => (
"socket" => "/tmp/WebService.fastcgi.socket",
"check-local" => "disable",
# 2
),
),
# 2
)
$HTTP["url"] =~ "\.pdf$" {
# block 1
server.range-requests = "disable"
} # end of $HTTP["url"] =~ "\.pdf$"
$HTTP["url"] =~ "\.(jpg|gif|png)$" {
# block 2
expire.url = (
"" => "access 3 years",
)
} # end of $HTTP["url"] =~ "\.(jpg|gif|png)$"
$HTTP["referer"] !~ ".+" {
# block 3
$HTTP["url"] =~ "^/$" {
# block 4
url.access-allow = ("")
} # end of $HTTP["url"] =~ "^/$"
$HTTP["url"] !~ "^/(index|login).html" {
# block 5
url.access-deny = ("")
} # end of $HTTP["url"] !~ "^/(index|login).html"
} # end of $HTTP["referer"] !~ ".+"
$HTTP["scheme"] == "http" {
# block 6
$HTTP["host"] =~ ".*" {
# block 7
url.redirect = (
".*" => "https://%0$0",
)
} # end of $HTTP["host"] =~ ".*"
} # end of $HTTP["scheme"] == "http"
$SERVER["socket"] == ":443" {
# block 8
ssl.engine = "enable"
ssl.pemfile = "/home/sysuser/project/webserver.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
} # end of $SERVER["socket"] == ":443"
}
I will appreciate it if you could help me, thanks
and here is the lighttpd.error.log:
2018-08-12 16:08:16: (response.c.243) -- splitting Request-URI
2018-08-12 16:08:16: (response.c.244) Request-URI : /sys/log_in/
2018-08-12 16:08:16: (response.c.245) URI-scheme : https
2018-08-12 16:08:16: (response.c.246) URI-authority : 192.168.1.138
2018-08-12 16:08:16: (response.c.247) URI-path (raw) : /sys/log_in/
2018-08-12 16:08:16: (response.c.248) URI-path (clean): /sys/log_in/
2018-08-12 16:08:16: (response.c.249) URI-query :
2018-08-12 16:08:16: (mod_access.c.159) -- mod_access_uri_handler called
2018-08-12 16:08:16: (gw_backend.c.2406) handling it in mod_gw
2018-08-12 16:08:16: (response.c.383) -- before doc_root
2018-08-12 16:08:16: (response.c.384) Doc-Root : /home/sysuser/www/
2018-08-12 16:08:16: (response.c.385) Rel-Path : /sys
2018-08-12 16:08:16: (response.c.386) Path :
2018-08-12 16:08:16: (response.c.438) -- after doc_root
2018-08-12 16:08:16: (response.c.439) Doc-Root : /home/sysuser/www/
2018-08-12 16:08:16: (response.c.440) Rel-Path : /sys
2018-08-12 16:08:16: (response.c.441) Path : /home/sysuser/www/sys
2018-08-12 16:08:16: (response.c.458) -- logical -> physical
2018-08-12 16:08:16: (response.c.459) Doc-Root : /home/sysuser/www/
2018-08-12 16:08:16: (response.c.460) Basedir : /home/sysuser/www/
2018-08-12 16:08:16: (response.c.461) Rel-Path : /sys
2018-08-12 16:08:16: (response.c.462) Path : /home/sysuser/www/sys
2018-08-12 16:08:16: (response.c.122) Response-Header: \nHTTP/1.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Length: 349\r\nDate: Sun, 12 Aug 2018 08:08:16 GMT\r\nServer: lighttpd/1.4.46\r\n\r\n
| lighttpd.conf (13 KB) lighttpd.conf |
Replies (10)
RE: 502 (Bad Gateway) - Added by wakkw over 5 years ago
my build options is : ./configure --host=arm-linux-gnueabihf --with-openssl --with-zlib --with-pcre --with-bzip2
kernel : linux3.12
RE: 502 (Bad Gateway) - Added by gstrauss over 5 years ago
You say that you updated to lighttpd 1.4.49, but the response headers you provide show Server: lighttpd/1.4.46
Please try again with lighttpd 1.4.49. If you are building from source, please use lighttpd 1.4.50, which was recently released.
RE: 502 (Bad Gateway) - Added by wakkw over 5 years ago
Hi, gstrauss ,I have tried lighttpd1.4.45 - lighttpd1.4.50 (the same config file),. After my tests, I found that the lighttpd version <= 1.4.45 , it works well, lighttpd version > 1.4.45 , this error appears.
and here is the lighttpd.error.log of lighttpd1.4.50:
2018-08-13 08:36:27: (response.c.629) Doc-Root : /home/sysuser/www/
2018-08-13 08:36:27: (response.c.630) Rel-Path : /sys
2018-08-13 08:36:27: (response.c.631) Path : /home/sysuser/www/sys
2018-08-13 08:36:27: (response.c.655) -- logical -> physical
2018-08-13 08:36:27: (response.c.656) Doc-Root : /home/sysuser/www/
2018-08-13 08:36:27: (response.c.657) Basedir : /home/sysuser/www/
2018-08-13 08:36:27: (response.c.658) Rel-Path : /sys
2018-08-13 08:36:27: (response.c.659) Path : /home/sysuser/www/sys
2018-08-13 08:36:27: (response.c.117) Response-Header: \nHTTP/1.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Length: 349\r\nDate: Mon, 13 Aug 2018 00:36:27 GMT\r\nServer: lighttpd/1.4.50\r\n\r\n
I viewed the changelog of lighttpd, and I found that the changes are relatively large between 1.4.45 and 1.4.46 , Do we need any special changes in configuration files and compilation options? such as mod_fastcgi, mod_openssl and so on
I will appreciate it if you could help me, thanks
RE: 502 (Bad Gateway) - Added by gstrauss over 5 years ago
The gateway is probably sending an invalid response. lighttpd >= 1.4.46 are slightly stricter in what is accepted from the backend.
Try strace -s 1024 -p pid (of lighttpd pid) and see what the backend is sending to lighttpd before lighttpd sends the 502. Are you using XSendfile2? Given the modules you are using, the 502 Bad Gateway is very likely coming from backend response processing in http-header-glue.c. Search for '502'. Which backend is responding to your request? CGI? or FastCGI? or something else?
Have you tried a simple "Hello World!" style program as a response from the backend?
RE: 502 (Bad Gateway) - Added by wakkw over 5 years ago
I have tried a simple "Hello World!" style program, it works well.
I used the module : mod_fastcgi , and the response is from FastCGI
$ strace -s 1024 -p pid
write(5, "2018-08-13 16:03:54: (response.c.422) -- splitting Request-URI \n", 64) = 64
write(5, "2018-08-13 16:03:54: (response.c.423) Request-URI : /sys/log_in/ \n", 71) = 71
write(5, "2018-08-13 16:03:54: (response.c.424) URI-scheme : https \n", 64) = 64
write(5, "2018-08-13 16:03:54: (response.c.425) URI-authority : 192.168.1.138 \n", 72) = 72
write(5, "2018-08-13 16:03:54: (response.c.426) URI-path (raw) : /sys/log_in/ \n", 71) = 71
write(5, "2018-08-13 16:03:54: (response.c.427) URI-path (clean): /sys/log_in/ \n", 71) = 71
write(5, "2018-08-13 16:03:54: (response.c.428) URI-query : \n", 59) = 59
write(5, "2018-08-13 16:03:54: (mod_access.c.159) -- mod_access_uri_handler called \n", 74) = 74
write(5, "2018-08-13 16:03:54: (gw_backend.c.2444) handling it in mod_gw \n", 64) = 64
write(5, "2018-08-13 16:03:54: (response.c.573) -- before doc_root \n", 58) = 58
write(5, "2018-08-13 16:03:54: (response.c.574) Doc-Root : /home/sysuser/www/ \n", 73) = 73
write(5, "2018-08-13 16:03:54: (response.c.575) Rel-Path : /sys \n", 59) = 59
write(5, "2018-08-13 16:03:54: (response.c.576) Path : \n", 55) = 55
write(5, "2018-08-13 16:03:54: (response.c.628) -- after doc_root \n", 57) = 57
write(5, "2018-08-13 16:03:54: (response.c.629) Doc-Root : /home/sysuser/www/ \n", 73) = 73
write(5, "2018-08-13 16:03:54: (response.c.630) Rel-Path : /sys \n", 59) = 59
write(5, "2018-08-13 16:03:54: (response.c.631) Path : /home/sysuser/www/sys \n", 76) = 76
write(5, "2018-08-13 16:03:54: (response.c.655) -- logical -> physical \n", 62) = 62
write(5, "2018-08-13 16:03:54: (response.c.656) Doc-Root : /home/sysuser/www/ \n", 73) = 73
write(5, "2018-08-13 16:03:54: (response.c.657) Basedir : /home/sysuser/www/ \n", 73) = 73
write(5, "2018-08-13 16:03:54: (response.c.658) Rel-Path : /sys \n", 59) = 59
write(5, "2018-08-13 16:03:54: (response.c.659) Path : /home/sysuser/www/sys \n", 76) = 76
read(8, 0x221383, 5) = -1 EAGAIN (Resource temporarily unavailable)
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 9
connect(9, {sa_family=AF_FILE, sun_path="/tmp/WebService.fastcgi.socket"}, 32) = 0
getsockname(8, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("192.168.1.138")}, [16]) = 0
epoll_ctl(6, EPOLL_CTL_ADD, 9, {...}) = 0
writev(9, [{"\1\1\0\1\0\10\0\0\0\1\0\0\0\0\0\0\1\4\0\1\4q\0\0\16\2CONTENT_LENGTH23\f\0QUERY_STRING\v\fREQUEST_URI/sys/log_in/\17\3REDIRECT_STATUS200\v\4SCRIPT_NAME/sys\t\10PATH_INFO/log_in/\17\32PATH_TRANSLATED/home/sysuser/www//log_in/\17\25SCRIPT_FILENAME/home/sysuser/www/sys\r\22DOCUMENT_ROOT/home/sysuser/www/\16\3REQUEST_METHODPUT\17\10SERVER_PROTOCOLHTTP/1.1\17\17SERVER_SOFTWARElighttpd/1.4.50\21\7GATEWAY_INTERFACECGI/1.1\16\5REQUEST_SCHEMEhttps\5\2HTTPSon\v\3SERVER_PORT443\v\rSERVER_ADDR192.168.1.138\v\rSERVER_NAME192.168.1.138\v\rREMOTE_ADDR192.168.1.133\v\5REMOTE_PORT64555\t\rHTTP_HOST192.168.1.138\17\nHTTP_CONNECTIONkeep-alive\23\2HTTP_CONTENT_LENGTH23\v.HTTP_ACCEPTapplication/json, text/javascript, */*; q=0.01\v\25HTTP_ORIGINhttps://192.168.1.138\25\16HTTP_X_REQUESTED_WITHXMLHttpRequest\17rHTTP_USER_AGENTMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36\f\20CONTENT_TYPEapplication/json\f HTTP_REFERERhttps://192.168.1.138/login.html\24\21HTTP_ACCEPT_ENCODINGgzip, deflate, br\24\16HTTP_ACCEPT_LANGUAGEzh-CN,zh;q=0.9\4>PATH/usr/local/bin:/usr/bin:/bin:/usr/loc"..., 1169}, {"\1\5\0\1\0\27\0\0", 8}, {"{\"password\":\"00000000\"}", 23}, {"\1\5\0\1\0\0\0\0", 8}], 4) = 1208
epoll_ctl(6, EPOLL_CTL_MOD, 8, {...}) = 0
gettimeofday({1534147434, 114285}, NULL) = 0
epoll_wait(6, {?} 0x79610, 1025, 1000) = 1
ioctl(9, FIONREAD, [216]) = 0
read(9, "\1\6\0\1\0\262\6\0input_string = 00000000\nencrypted string = ee65324c27a8b038b2fb017f782c2a25\nStatus: 200 OK\r\nContent-Type: application/json\r\n\r\n{\"session_id\":\"0140fb2c481097b10274ce4470787989c99\"}\0\0\0\0\0\0\1\6\0\1\0\0\0\0\1\3\0\1\0\10\0\0\0\0\0\0\0\0\0\0", 4096) = 216
epoll_ctl(6, EPOLL_CTL_DEL, 9, {...}) = 0
close(9) = 0
write(5, "2018-08-13 16:03:54: (response.c.117) Response-Header: \\nHTTP/1.1 502 Bad Gateway\\r\\nContent-Type: text/html\\r\\nContent-Length: 349\\r\\nDate: Mon, 13 Aug 2018 08:03:54 GMT\\r\\nServer: lighttpd/1.4.50\\r\\n\\r\\n \n", 207) = 207
write(8, "\27\3\3\1\375\262N.\211\347\2570k\t\325p\263\354fg\207`\33\27\343\3303\310\200\254*\266\344y\\\270\n\305\36\224o\243\16\206\t!\317\322\337\300\377\247\266\26\26\204\377\365\345W)\227\232'~,\323\310\205s\263\331\224\10KD=\25\314\330\312j\261\nnK\307$\3309\204\375\377\350]\f\202gl @*q\21\f\234\t\261\261\334C\375^<\364\350\355,t_9x\337\212Mv\221L\234\201L\7\305\205E+_\315\36<\207i8\212\305\321]\353\24\16\23\275P\n\332'\226<\303+\235\217\373\365X\\'\353 \320*\205\366\211\340G\261b\344\346'4]}\321\304$\266\216\362\212s\2A\357\274\0270\357\3076\253%VP\355\276\327\0P\246I$k\242\337\316\16\215\230\312Fq\250\234y\346w\353\377k\305Tz#\35%G\340\252\337\33^\317%u\220]\323e\360\223\3402\335c\4\237!FK\301\0\356\334\362\335p\373\26\223\240\247\4\232\1~\346\20\364\362\26\334a\242-I\370:Z\362/Z\214\0\301;\320\2268\1\25\263n\241Gv\322\246X\241\206YZ\216\303`\351Q\244\232\251\230\302B\247?\254\177\r7\256\316\302\7]x\273C\375\324G\210\315#W\302K\302+\373\"m9\325\262\355\3215\345I\271=\344\25\221\4lH\262n\357r\"\31\37\323;\26\221\212\213\325\226k \204b\256\317\37 O\1\311\227\347\310$\3777{F3\310\325\233\240\370C\2438\2720r#\30\370\244\342\337\233\v#JH\211\2705\264\234*}\273\334\240\275_\377\261\fM\t\230!\254\261\3307\335\230\364\253\331\204\274Hq\f\372\303\315\270\3012\217\227\312\372h\n(z\10_\3658!\334\224\350\27q\245\257Gs\277\247\314R\325\2315\275\246$,\251\200@\334\273x\3743#$\v\207r\357\354\354", 514) = 514
write(7, "192.168.1.133 192.168.1.138 - [13/Aug/2018:16:03:54 +0800] \"PUT /sys/log_in/ HTTP/1.1\" 502 349 \"https://192.168.1.138/login.html\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36\"\n", 247) = 247
RE: 502 (Bad Gateway) - Added by gstrauss over 5 years ago
Why is your FastCGI returning invalid response headers
input_string = 000000 encrypted string = 0955b81b3f2a08de377cade05620199d
before
Status: 200 OK
?
RE: 502 (Bad Gateway) - Added by wakkw over 5 years ago
Thanks for your replication .
input_string = 00000000 , this is what I input on my web broswer, it is correct, Could you help me find the possible reasons of the error? many thanks
RE: 502 (Bad Gateway) - Added by gstrauss over 5 years ago
I pointed you at the problem. I didn't replicate it. I read it from your strace. Your FastCGI response is broken.
Start with "Hello World!" as a FastCGI program, get that working, test it. Start simple, change one thing, test it. Repeat.
Compare the simple, working example to your FastCGI program and fix your broken FastCGI program.
RE: 502 (Bad Gateway) - Added by wakkw over 5 years ago
OK,I will do that , But I have the question that why lighttpd-1.4.45 + my FastCGI => OK, and lighttpd-1.4.50 + my FastCGI => failed? thanks again
RE: [Solved] 502 (Bad Gateway) - Added by wakkw over 5 years ago
I have located the problem, as you say, lighttpd >= 1.4.46 are slightly stricter in what is accepted from the backend , In my FastCGI program, there is a "printf" which is redundant, is mistaked for the response.It works well on old versions ,but failed on new versions. Thanks a lot.