Error 502: Bad Gateway from the host (reverse proxy NGINX)

I followed these steps to get my server running with Cloudflare.

So make your Cloudflare account and point your domain to your server, left it proxied. Set ssl/tls to full(strict) and in “Edge Certificates” set “Always Use HTTPS” to On. now set a tight firewall, everything will only pass through cloudflare at this point follow this tutorial: (Don’t mess this up or you’re gonna lose access to ssh and ftp, beware the IPs on the link page aren’t up to date.
`sudo apt-get install ufw
sudo ufw status
sudo ufw disable
sudo ufw reset
sudo ufw allow ssh
sudo ufw allow ftp

The up to date ips but still check on cloudflare linked pages, only allow https
sudo ufw allow etc…
sudo ufw enable
sudo ufw statusok now let's install nginx:sudo apt-get update
sudo apt-get install nginx`

Let’s configure our server: sudo nano /etc/nginx/sites-available/default (or with ftp) put the ngninx config file instead, don’t forget to change your hostname ctrl+x y
server {
if ($host = www.hostname.ltd) {
return 301 https://$host$request_uri;
}
if ($host = hostname.ltd) {
return 301 https://$host$request_uri;
}

listen 80;
server_name hostname.ltd www.hostname.ltd;
return 404;
}

server {
client_max_body_size 100M;

location /robots.txt {
** return 200 "User-agent: ***
Disallow:";
}

location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
real_ip_header CF-Connecting-IP;
client_max_body_size 100M; # max file size for users to upload
}

} sudo systemctl enable nginx
sudo systemctl start nginx

Check for syntax errors:

sudo nginx -t

Now let’s get a ssl certificate with cerbot and cloudflare that auto renew get the latest instructions in there. Go to “wildcard” and follow the steps:

`sudo apt-get update
sudo apt-get install software-properties-common

sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot


sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx

sudo apt-get install python3-certbot-dns-cloudflare get your Global API key in there. Copy the key somewhere and: **sudo mkdir /root/.secrets/**
sudo nano /root/.secrets/cloudflare.ini** Then put your token and past this (change mail and api key) # Cloudflare API credentials used by Certbot
dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = my-super-secret-api-key000000Savesudo chmod 0700 /root/.secrets/
sudo chmod 0400 /root/.secrets/cloudflare.ini** run this to generate the certificate (don't forget to change the hostname): **sudo certbot certonly *
** --dns-cloudflare *

** --dns-cloudflare-credentials /root/.secrets/cloudflare.ini *

** -d hostname.ltd *

** -d www.hostname.ltd** (Note: you are limited to 5 certificate a week per domain by cerbot) set email address and agree to terms It can take some times, be patient. Set automatic renewal: sudo certbot renew --dry-runnow change the nginx config file to use ssl on port 443:sudo nano /etc/nginx/sites-available/default or by ftp **server {**

if ($host = www.hostname.ltd) {
return 301 https://$host$request_uri;
}
if ($host = hostname.ltd) {
return 301 https://$host$request_uri;
}

listen 80;
server_name hostname.ltd www.hostname.ltd;
return 404;
}

server {
listen 443 ssl;
server_name hostname.ltd www.hostname.ltd;
client_max_body_size 100M;

location /robots.txt {
** return 200 "User-agent: ***
Disallow:";
}

location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
real_ip_header CF-Connecting-IP;
client_max_body_size 100M; # max file size for users to upload
}

** ssl_certificate /etc/letsencrypt/live/hostname.ltd/fullchain.pem;**
** ssl_certificate_key /etc/letsencrypt/live/hostname.ltd/privkey.pem;**


**}** Check that everything works: sudo systemctl restart nginx
sudo nginx -tNow run:sudo systemctl start app1` And you should see App1 running on your host name. You can try to reboot to check that App1 start well on boot.

The server keeps dropping the same error, and I already tried to change several times the hostname. Is there something wrong with these steps?

Which 502 error are you getting? Is it one thrown by Cloudflare (see below), or NGINX (also see below)?


Cloudflare:


Nginx:
image

The first one.

Using your public IP (you don’t have to post it here), make sure you can reach NGINX from the outside internet. It doesn’t have to be the web application you want, but just verify that you can see an NGINX 404 error.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.