DB / HTTP Protocol / Web Servers / 502
CRITICAL

HTTP Protocol / Web Servers Bad Gateway

The server, while acting as a gateway or proxy, received an invalid response from an upstream server it accessed in attempting to fulfill the request. This typically indicates an issue with the backend server or the communication between the proxy and the backend.

Common Causes

  • Backend server (e.g., application server, API service) is down or unresponsive.
  • Backend server is overloaded or experiencing high resource utilization (CPU, memory, I/O).
  • Network connectivity issues between the proxy/load balancer and the backend server.
  • Firewall or security group rules blocking traffic to the backend server's port.
  • Incorrect proxy or load balancer configuration (e.g., wrong backend IP/port, invalid health checks).
  • DNS resolution failures for the upstream backend server.
  • Backend application crashes or returns malformed/unexpected responses.
  • Proxy/Load Balancer timeouts are too short for long-running backend requests.

How to Fix

1 Verify Backend Server Status

Ensure that the upstream backend server (e.g., Node.js app, Python Gunicorn, Java Tomcat, database) is running, healthy, and listening on the expected port. Check its logs for any application-specific errors or crashes.

BASH
$ systemctl status <service_name> docker ps kubectl get pods -n <namespace>

2 Examine Proxy/Load Balancer Logs

Check the error logs of the proxy server (Nginx, Apache, HAProxy, Caddy) or cloud load balancer (AWS ALB/ELB, GCP Load Balancer) for specific messages indicating why the 502 was returned. Look for 'upstream timed out', 'connection refused', 'no live upstream', or similar.

BASH
$ tail -f /var/log/nginx/error.log journalctl -u nginx -f # For cloud logs, use respective cloud provider's logging service (e.g., CloudWatch, Stackdriver)

3 Check Network Connectivity and Firewalls

Confirm that the proxy server can reach the backend server on the specified port. Verify that no firewall rules (OS-level, security groups, network ACLs) are blocking the communication path.

BASH
$ ping <backend_ip_or_hostname> telnet <backend_ip_or_hostname> <backend_port> sudo ufw status verbose # On Ubuntu/Debian sudo firewall-cmd --list-all # On CentOS/RHEL

4 Adjust Proxy Timeouts

If the backend server takes a long time to process requests, the proxy might time out prematurely. Increase the relevant timeout settings on your proxy server (e.g., `proxy_connect_timeout`, `proxy_send_timeout`, `proxy_read_timeout` in Nginx).

BASH
$ Example Nginx configuration snippet: http { proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; send_timeout 60s; # ... other settings }

5 Monitor Backend Server Resources

Investigate the backend server's resource utilization (CPU, memory, disk I/O, network throughput). High resource consumption can lead to unresponsiveness and 502 errors. Scale up, scale out, or optimize the application if necessary.

BASH
$ top htop free -h df -h iostat -xz 1 10