A missing log file or firewall blocks can cause the Digitalocean err_connection_refused error.
As part of our DigitalOcean Managed Services, we assist our customers with several such error queries.
Today, let us see how to effectively resolve it.
Recently one of our customers went ahead to power off the droplet to do a snapshot. However, while accessing the site, he came across:
Initially, we check the power-up state using the Digitalocean dashboard. In addition, we use the Digitalocean console to check the boot messages.
Then we check the status of the Nginx service:
# service nginx status
We also try to restart the Nginx service:
# service nginx restart
At times, we may receive the error:
*Restarting nginx nginx [fail]
To check the Nginx configuration, we execute:
$ sudo nginx -t
Then we will receive:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx [emerg] open() “/var/log/nginx/mysitename/access.log” failed (2: No such file or directory) nginx: configuration file /etc/nginx/nginx.conf test failed
The major cause of these can be:
- A missing log file,
- Firewall blocking the connection,
- Service listening on localhost.
- Create an empty log file.
To do so, we login to the server as root and execute:
# touch /var/log/nginx/mysitename/access.log
If it fails, the intervening directory will not be present.
We create and change ownership and permissions for Nginx to use:
# mkdir -p /var/log/nginx/mysitename
To set the correct ownership and permissions, we use chown and chmod commands.
- Check whether we can access the site from the server using curl or wget.
We need to open ports 80 and 443 in the firewall. In addition, we set it in the Nginx configuration file.
Initially, we check the status of port 443 in the server using the netstat command:
netstat -plan | grep :443
On finding it closed, we open port 443 in the firewall. Make note that different firewalls follow different commands to open a port.
For instance, to open port 443 in iptables, we use:
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
Similarly, in the CentOS server, to open port in firewalld, we use:
firewall-cmd –permanent –zone=public –add-port=443/tcp
Next, we edit the Nginx configuration file /etc/nginx/nginx.conf and add:
listen 443 ssl http/2 default_server; listen [::]:80 default_server;
It will add 443 as the listening port in the Nginx server and enables HTTPS connections.
Finally, when Nginx listens on port 443, it will look like this:
[root@xxx ~]# netstat -lpan | grep :443 tcp 0 0 1xx.2x.111.23:443 0.0.0.0:* LISTEN 11978/nginx tcp 0 0 1xx.2x.111.22:443 0.0.0.0:* LISTEN 11978/nginx tcp 0 0 1xx.2x.111.19:443 0.0.0.0:* LISTEN 11978/nginx
We ensure that the service listens on 0.0.0.0 instead of 127.0.0.1 (localhost). We can set it in /etc/nginx/nginx.conf file.
[Need help with the fix? We’d be happy to assist]
In short, we saw effective methods our Support Techs employ to fix the DigitalOcean error.