5 steps to solve “bad gateway” error in Plesk
I can’t access my Plesk panel. It shows a “Bad gateway” error. Something is wrong with my system. Please help!!
That was a recent support ticket we received at our Outsourced Technical Support services where we resolve support queries for web hosting providers.
Customer tried to login to his plesk panel. But, he was kicked out with the error “502 Bad Gateway“.
What can be the problem here?
Today, let’s see the top 5 reasons for the error “plesk bad gateway“ and how we fix them.
What is Plesk Bad Gateway error?
From Plesk version 12 onwards, Nginx is supported as a reverse proxy and most web hosts prefer this.
With reverse proxy, it accepts a request from the client, forwards it to Upstream server(server that can complete the request), and returns the server’s response to the client.
Plesk bad gateway errors occur when the proxy server receives an invalid response or no response from the upstream server.
Users will see this error when they access Plesk or perform any actions from plesk.
This error is cryptic and you feel like something is messed up but not sure where to start.
That’s where you need an expert to figure it out quickly and fix it permanently.
Reasons for Plesk Bad Gateway error? How to fix it?
To fix the error, we identify the cause of the error by checking and ruling out each possibility.
For that, our Hosting Engineers first examine the plesk web server logs and other server logs(/var/log/messages, /var/log/syslog, etc.) to identify why Plesk is not working properly.
For example, here’s a sample error message.
recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 188.8.131.52, server: , request: "POST <some url>
In our experience dealing with gateway errors, we’ve come across a number of reasons that can be the cause of this error.
1) Service errors
Plesk panel depends on 2 services sw-cp-server and sw-engine.
“sw-cp-server” is the Plesk web server and “sw-engine” is the handler that generates Plesk web pages.
In some cases, these services may be stopped manually or failed to start after an update.
If these services are not running or not giving the desired results, bad gateway errors pop up.
Firstly, we check the status of these Plesk services on the server.
We then identify and fix the reason for the service downtime and start the service.
In Linux servers, we start the services using the below commands.
service sw-engine start service sw-cp-server start
2) Configuration issues
We’ve seen cases where the Plesk services are running fine but it may not be properly configured to handle the incoming requests.
As a result, these services can timeout handling the incoming requests. This leads to “bad gateway” errors.
If the service is working fine, but the server logs shows timeout errors, we’ll fine tune the sw-cp-server config parameters like execution time, buffer sizes, timeout settings, etc.
But, these values should not be increased blindly as this can hog server resources.
So, our Hosting Support Specialists adjust the configuration parameters in accordance with the server resources.
Some of the parameters that we adjust in the sw-cp-server config file are :
fastcgi_buffers fastcgi_buffer_size fastcgi_read_timeout fastcgi_send_timeout
3) Port blocks
General Plesk access ports are 8443 for secure or https connections and 8880 for http connections.
These ports can be further changed for security reasons. If the ports are not allowed for connections in the server firewall, the connectivity can fail and lead to bad gateway errors.
Our Hosting Engineers examine the configuration file to identify the correct ports on which the plesk service runs.
We then edit the firewall configuration to allow connections to these ports.
For instance, if the firewall is iptables, then we use the below commands to open the ports 8443 and 8880.
# iptables -I INPUT -p tcp --dport 8443 -m state --state NEW -j ACCEPT # iptables -I INPUT -p tcp --dport 8880 -m state --state NEW -j ACCEPT
4) Fail2ban Firewall
Plesk uses IP address banning(Fail2ban) module to protect the server from brute force attacks.
In Plesk versions 12, 12.5 and Plesk Onyx, there is a bug that causes Fail2ban to block the server IP address itself.
As a result, when users access Plesk, Fail2ban reads all these requests from reverse proxy and interprets it as a hack attempt and blocks the access.
Result is “bad gateway” error.
This bug fix was already done in Plesk version 17.5.
In such cases, our Server Administration Specialists contact the web hosts and schedule a Plesk upgrade at off peak hours to reduce the downtime.
Also, to ensure the smooth flow of this process, we follow a set of pre-checks and post-checks on the server.
In case, an upgrade is not possible, we have an alternate solution.
We manually add the server IP address to Fail2ban’s list of Trusted IP addresses. This can be done from:
Tools&Settings > IP address Banning(Fail2ban) > Trusted IP Addresses
5) Version conflicts
This usually happens after Plesk upgrades.
Sometimes, the Plesk version may not be compatible with the versions of PHP, Mysql, MariaDB, etc. in the server that prompt for this error.
We diagnose the issue by analyzing the server logs and plesk web server logs.
In addition, we analyze the software requirements and re-configure the services to match the required version.
To sum up, plesk bad gateway errors can occur due to service errors, firewall restrictions, version conflicts, etc. Today, we’ve discussed the top 5 reasons for this error and how our Dedicated Support Engineers fix them.