A missing log file or firewall blocks can cause the Digitalocean err_connection_refused error.

As part of our DigitalOcean Managed Services, we assist our customers with several such error queries.

Today, let us see how to effectively resolve it.

Digitalocean err_connection_refused

Recently one of our customers went ahead to power off the droplet to do a snapshot. However, while accessing the site, he came across:

ERR_CONNECTION_REFUSED

Initially, we check the power-up state using the Digitalocean dashboard. In addition, we use the Digitalocean console to check the boot messages.

Then we check the status of the Nginx service:

# service nginx status

We also try to restart the Nginx service:

# service nginx restart

At times, we may receive the error:

*Restarting nginx nginx [fail]

To check the Nginx configuration, we execute:

$ sudo nginx -t

Then we will receive:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx [emerg] open() “/var/log/nginx/mysitename/access.log” failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

The major cause of these can be:

• A missing log file,
• Firewall blocking the connection,
• Service listening on localhost.

Solution

• Create an empty log file.

To do so, we login to the server as root and execute:

# touch /var/log/nginx/mysitename/access.log

If it fails, the intervening directory will not be present.

We create and change ownership and permissions for Nginx to use:

# mkdir -p /var/log/nginx/mysitename

To set the correct ownership and permissions, we use chown and chmod commands.

• Check whether we can access the site from the server using curl or wget.

We need to open ports 80 and 443 in the firewall. In addition, we set it in the Nginx configuration file.

Initially, we check the status of port 443 in the server using the netstat command:

netstat -plan | grep :443

On finding it closed, we open port 443 in the firewall. Make note that different firewalls follow different commands to open a port.

For instance, to open port 443 in iptables, we use:

iptables -A INPUT -p tcp –dport 443 -j ACCEPT

Similarly, in the CentOS server, to open port in firewalld, we use:

firewall-cmd –permanent –zone=public –add-port=443/tcp

Next, we edit the Nginx configuration file /etc/nginx/nginx.conf and add:

listen 443 ssl http/2 default_server;
listen [::]:80 default_server;

It will add 443 as the listening port in the Nginx server and enables HTTPS connections.

Finally, when Nginx listens on port 443, it will look like this:

[root@xxx ~]# netstat -lpan | grep :443
tcp 0 0 1xx.2x.111.23:443 0.0.0.0:* LISTEN 11978/nginx
tcp 0 0 1xx.2x.111.22:443 0.0.0.0:* LISTEN 11978/nginx
tcp 0 0 1xx.2x.111.19:443 0.0.0.0:* LISTEN 11978/nginx

We ensure that the service listens on 0.0.0.0 instead of 127.0.0.1 (localhost). We can set it in /etc/nginx/nginx.conf file.

[Need help with the fix? We’d be happy to assist]

Conclusion

In short, we saw effective methods our Support Techs employ to fix the DigitalOcean error.