Question

connect() failed (111: Connection refused) while connecting to upstream

Hi all,

Followed this tutorial to get Let’s Encrypt working on my Nest.js/Node server.

Everything works - running sudo nginx -t returns:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

However, accessing my domain gives me a 502 Bad Gateway error. Specifically (from /var/log/nginx):

15004#15004: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 77.98.141.183, server: ww2.zone, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8000/", host: "ww2.zone"

Here is my /etc/nginx/sites-available file:

Default server configuration
server {
    listen 80;
    listen 127.0.01;	
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}
server {
    # Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ww2.zone;

    # Use the Let’s Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem;

    # Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:8000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }
}

And my server is within a git Repo within home/username.

The code to listen on the port is: await app.listen(process.env.PORT || 5000);

This used to be process.env.PORT || 80 but that would throw:

Error: listen EADDRINUSE: address already in use :::80

Any ideas? Pulling my hair out atm.

Show comments

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
August 14, 2019
Accepted Answer

Hello,

You can only have 1 service listening on 1 port. So as you have Nginx listening on port 80 at the moment, you can not have your Node on the same port.

Also as you currently have your Nginx set to work as a reverse proxy for port 8000, what you could do is to just set Node to listen on port 8000.

This would fix your 502 error.

Here is a link to an answer on how to troubleshoot common Nginx problems:

https://www.digitalocean.com/community/questions/how-to-troubleshoot-common-nginx-issues-on-linux-server

Here is also a quick video demo on how to do that:

Hope that this helps! Regards, Bobby

I have the same problem.

I get the errors (I change the name of my ip to the word server for security reasons):

[crit] 21357#0: *15 connect() to 127.0.0.1:5000 failed (13: Permission denied) while connecting to upstream, client: 186.86.225.27, server: server, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "server"
[crit] 21357#0: *15 connect() to [::1]:5000 failed (13: Permission denied) while connecting to upstream, client: 186.86.225.27, server: server, request: "GET / HTTP/1.1", upstream: "http://[::1]:5000/", host: "server"
[error] 21357#0: *15 no live upstreams while connecting to upstream, client: 186.86.225.27, server: server, request: "GET /favicon.ico HTTP/1.1", upstream: "http://localhost/favicon.ico", host: "server", referrer: "server"

The service is running on port 5000 with the command netstat -plant

tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      9046/dotnet
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      19716/nginx: master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1001/sshd
tcp        0   1049 server:22        221.181.185.140:14596   FIN_WAIT1   -
tcp        0   1049 server:22        221.181.185.140:26923   FIN_WAIT1   -
tcp        1      0 127.0.0.1:53162         127.0.0.1:80            CLOSE_WAIT  9864/amplify-agent
tcp        0      0 server:22        186.86.225.27:49672     ESTABLISHED 1747/sshd: root [pr
tcp        0      0 server:22        121.4.85.107:52210      FIN_WAIT2   -
tcp        0   1049 server:22        221.181.185.140:40999   FIN_WAIT1   -
tcp        0     36 server:22        186.86.225.27:65194     ESTABLISHED 1354/sshd: root [pr
tcp        0   1049 server:22        221.181.185.140:52399   FIN_WAIT1   -
tcp        0      0 server:47592     35.155.143.94:443       ESTABLISHED 9864/amplify-agent
tcp        0      0 server:22        186.86.225.27:51921     ESTABLISHED 8789/sshd: root [pr
tcp        0   1048 server:22        221.181.185.159:33491   ESTABLISHED 21120/sshd: [accept
tcp        0      0 server:80        186.86.225.27:61003     FIN_WAIT2   -
tcp        0      0 server:80        186.86.225.27:54720     FIN_WAIT2   -
tcp6       0      0 ::1:5000                :::*                    LISTEN      9046/dotnet
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd
tcp6       0      0 :::22                   :::*                    LISTEN      1001/sshd

nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 8M;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    #include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.*;

    server {
        listen 80;
        server_name _;
        location / {
            proxy_pass http://localhost:5000/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection keep-alive;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}


Hello, looks like I am also facing the same issue. And this has suddenly come up. Haven’t done any changes to server unless DO has done at their end.

Kindly help. The error fron nginx/error.log:

2020/10/12 11:05:44 [error] 915#915: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://127.0.0.1:8000/favicon.ico”, host: “test.uxhack.co”, referrer: “https://test.uxhack.co/” 2020/10/12 11:08:07 [error] 915#915: *4 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET / HTTP/1.1”, upstream: “http://127.0.0.1:8000/”, host: “test.uxhack.co” 2020/10/12 11:08:07 [error] 915#915: *4 connect() failed (111: Connection refused) while connecting to upstream, client: 122.177.172.254, server: test.uxhack.co, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://127.0.0.1:8000/favicon.ico”, host: “test.uxhack.co”, referrer: “https://test.uxhack.co/

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      914/nginx: master p
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      693/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      893/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      914/nginx: master p
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      2165/python3
tcp        0      0 139.59.5.173:80         52.84.150.39:13100      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:16550      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:4970       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:24841      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:40249      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:27163      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:31014      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:40948      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:46110      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:38434      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:17559      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:27500      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:18538      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:51304      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:44313      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:31117      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60028      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:23283      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:39763      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:2837       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:54697      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:28925      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:12038      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:23878      SYN_RECV    -
tcp        0   5140 139.59.5.173:22         122.177.172.254:53190   ESTABLISHED 1132/sshd: root@pts
tcp        0      0 139.59.5.173:80         52.84.150.39:34837      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60232      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:45250      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:24603      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:34587      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:59458      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:160        SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:46887      SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:825        SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:7317       SYN_RECV    -
tcp        0      0 139.59.5.173:80         52.84.150.39:60776      SYN_RECV    -
tcp6       0      0 :::3306                 :::*                    LISTEN      925/mysqld
tcp6       0      0 :::22                   :::*                    LISTEN      893/sshd

Kindly help

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.