docker-mailman icon indicating copy to clipboard operation
docker-mailman copied to clipboard

Published 20 hours ago verified publisher icon maxking

502 bad gateway on web Server

Open foollefille opened this issue 7 years ago • 13 comments

Hello All ,

Im facing an issue while displaying the web interface "I got 502 Bad Gateway" , it worked before after changing the config of nginx by adding proxy_pass . But now with the new image the same problem . Any help would be appreciated . Here it is my configurations :

**Docker-compose.yaml

version: '2'

services:
  mailman-core:
    image: maxking/mailman-core:0.1
    container_name: mailman-core
    hostname: mailman-core
    volumes:
    - /opt/mailman/core:/opt/mailman/
    links:
    - database:database
    depends_on:
    - database
    environment:
    - DATABASE_URL=postgres://mailman:[email protected]/mailmandb
    - DATABASE_TYPE=postgres
    - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
    - HYPERKITTY_API_KEY=someapikey
    networks:
      mailman:
        ipv4_address: 192.168.250.2

  mailman-web:
    image: maxking/mailman-web:0.1
    container_name: mailman-web
    hostname: mailman-web
    depends_on:
    - database
    links:
    - mailman-core:mailman-core
    - database:database
    volumes:
    - /opt/mailman/web:/opt/mailman-web-data
    environment:
    - DATABASE_TYPE=postgres
    - DATABASE_URL=postgres://mailman:[email protected]/mailmandb
    - HYPERKITTY_API_KEY=someapikey
    networks:
      mailman:
        ipv4_address: 192.168.250.3

  database:
    environment:
      POSTGRES_DB: mailmandb
      POSTGRES_USER: mailman
      POSTGRES_PASSWORD: mailmanpass
    restart: always
    image: postgres:9.6
    volumes:
    - /opt/mailman/database:/var/lib/postgresql/data
    networks:
      mailman:
        ipv4_address: 192.168.250.4

networks:
   mailman:
     driver: bridge
     ipam:
       driver: default
       config:
       -
         subnet: 192.168.250.0/24

** mailman.cfg

[mta]
incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver
lmtp_host: 192.168.250.2
lmtp_port: 8024
smtp_host: 192.168.250.1
smtp_port: 25
configuration: /etc/postfix-mailman.cfg

# [archiver.mhonarc]
# enable: yes

# [archiver.mail_archive]
# enable: yes

# [archiver.prototype]
# enable: yes

[runner.retry]
sleep_time: 10s

[shell]
use_ipython: yes

[webservice]
hostname: mailman-core

[archiver.hyperkitty]
class: mailman_hyperkitty.Archiver
enable: yes
configuration: /opt/mailman/mailman-hyperkitty.cfg

[database]
class: mailman.database.postgresql.PostgreSQLDatabase
url: postgres://mailman:[email protected]/mailmandb

**nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
    server {
        listen       443 ssl default_server;
        listen       [::]:443 ssl default_server;
        server_name  mailman.esi-group.com;

        location /static/ {
             alias /opt/mailman/web/static/;
        }
         ssl_certificate /etc/ssl/ca.crt;
         ssl_certificate_key /etc/ssl/ca.key;
	location / {
                # First attempt to serve request as file, then
                 proxy_pass http://192.168.250.3:8000;
		         uwsgi_read_timeout 300;
			     proxy_set_header Host $host;
			     proxy_set_header X-Forwarded-For $remote_addr; 
        }
}
}

**settings.py

ALLOWED_HOSTS = [
    "localhost",  # Archiving API from Mailman, keep it.
    "mailman.esi-group.com",
    # Add here all production URLs you may have.
    "mailman-web",
    "127.0.0.1",
    "172.16.12.115",
    "192.168.250.1",
    "172.16.12.115",
    "192.168.250.3:8000",
    "192.168.250.3",
    os.environ.get('SERVE_FROM_DOMAIN'),
]

foollefille avatar Jul 27 '17 08:07 foollefille

You should check the logs to see what exactly is going wrong. Most important ones are at /opt/mailman/web/logs/.

Also please put the code/configuration inside three ``` so that they are more redable.

maxking avatar Jul 27 '17 08:07 maxking

you can see below the log file

ERROR 2017-07-26 12:11:41,553 70 django.security.DisallowedHost Invalid HTTP_HOST header: '192.168.250.3:8000'. You may need to add u'192.168.250.3' to ALLOWED_HOSTS.

foollefille avatar Jul 27 '17 08:07 foollefille

There you do, you should just remove "192.168.250.3:8000", from your allowed_hosts. ALLOWED_HOSTS doens't need the ports and you have already added "192.168.250.3" .

maxking avatar Jul 27 '17 08:07 maxking

Nothing changed ! take a look to error.log file of nginx

2017/07/27 11:13:05 [crit] 13863#0: *1 connect() to 192.168.250.3:8000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: mailman.esi-group.com, request: "GET / HTTP/1.1", upstream: "http://192.168.250.3:8000/", host: "mailman.esi-group.com"

foollefille avatar Jul 27 '17 09:07 foollefille

Can you also look at /opt/mailman/web/log/uwsgi-error.log and mailmanweb.log at the same location? It might have more explanation about the Permission Denied error.

maxking avatar Jul 27 '17 11:07 maxking

Regarding mailmanweb there is no more error message .

uwsgi-error.log:

*** Starting uWSGI 2.0.15 (64bit) on [Thu Jul 27 10:34:12 2017] ***
compiled with version: 4.9.2 on 25 June 2017 11:53:15
os: Linux-3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016
nodename: mailman-web
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /opt/mailman-web
detected binary path: /usr/local/bin/uwsgi
chdir() to /opt/mailman-web
your memory page size is 4096 bytes
detected max file descriptor number: 65536
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on :8000 fd 11
uwsgi socket 0 bound to TCP address 127.0.0.1:44190 (port auto-assigned) fd 10
Python version: 2.7.13 (default, Jun 21 2017, 18:14:15)  [GCC 4.9.2]
Python main interpreter initialized at 0x14cad50
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 166144 bytes (162 KB) for 2 cores
*** Operational MODE: threaded ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x14cad50 pid: 1 (default app)
*** uWSGI is running in multiple interpreter mode ***
gracefully (RE)spawned uWSGI master process (pid: 1)
spawned uWSGI worker 1 (pid: 476, cores: 2)
spawned uWSGI http 1 (pid: 477)
10:34:13 [Q] INFO Q Cluster-482 starting.
10:34:13 [Q] INFO Process-1:1 ready for work at 490
10:34:13 [Q] INFO Process-1 guarding cluster at 489
10:34:13 [Q] INFO Q Cluster-482 running.
10:34:13 [Q] INFO Process-1:2 ready for work at 491
10:34:13 [Q] INFO Process-1:3 monitoring at 492
10:34:13 [Q] INFO Process-1:4 pushing tasks at 493

foollefille avatar Jul 27 '17 12:07 foollefille

Did you try connecting at http://mailman.esi-group.com ? Because it looks like request never reached uwsgi and your Nginx configuration has emtpy configuration for / in for port 80.

Can you can try the request for https://mailman.esi-group.com ? If it works, you want to set a redirect from http to https.

maxking avatar Jul 27 '17 12:07 maxking

I got the index page of nginx when I tried to connect with http://mailman.esi-group.com

foollefille avatar Jul 27 '17 12:07 foollefille

Did you reload nginx after changing the configuration? It should not be showing the index page as per the configuration that you have given above.

maxking avatar Jul 27 '17 12:07 maxking

yes Strange !! I reload it after any update. You think it is related to the modification of the ip adresses set to 192.168.250.0 ?

foollefille avatar Jul 27 '17 12:07 foollefille

I don't think so that the IP addresses set would be a problem unless you are using the same subnet locally for something else too?

maxking avatar Jul 27 '17 12:07 maxking

no its not used

foollefille avatar Jul 27 '17 13:07 foollefille

@foollefille I would like to pay your attention to some points:

  1. you've called mailman.esi-group.com without https as a result, the default nginx site is the expected behavior concerning your nginx-config
  2. Nginx seems to not have the permission to connect to your mailman-web. Make sure all permissions for Nginx are correct. Maybe this stackoverflow question helps you.
  3. Make sure that the correct settings.py is loaded. May you use the default settings and try setting the request hostname by using the environment variable SERVE_FROM_DOMAIN in your mailman-web service SERVE_FROM_DOMAIN=mailman.esi-group.com

chrros95 avatar Aug 02 '17 21:08 chrros95

This issue has not been updated for more than 1year

github-actions[bot] avatar Nov 22 '22 22:11 github-actions[bot]