DB / Nginx / Connection Refused
CRITICAL

Nginx ECONNREFUSED

Nginx cannot establish a connection to the upstream server or the configured port is not accepting connections. This typically appears as a 502 Bad Gateway error in client browsers.

Common Causes

  • Upstream server (application server like Node.js, PHP-FPM, etc.) is not running
  • Nginx is configured to use the wrong port for the upstream server
  • Firewall rules are blocking connections between Nginx and the upstream server
  • The upstream service is binding to localhost (127.0.0.1) but Nginx is trying to connect via a different interface
  • Port conflicts where another service is using the same port

How to Fix

1 Check Upstream Service Status

Verify that the application server Nginx is trying to proxy to is actually running and listening on the expected port.

BASH
$ # Check if your upstream service is running (example for Node.js on port 3000) ps aux | grep node # Or check for listening ports sudo netstat -tulpn | grep :3000 # Or using ss command sudo ss -tulpn | grep :3000

2 Test Connection Manually

Use curl or telnet to test if you can connect to the upstream server from the Nginx server.

BASH
$ # Test with curl (adjust port as needed) curl -v http://localhost:3000 # Test with telnet sudo apt-get install telnet # if not installed telnet localhost 3000 # If upstream is on a different server curl -v http://upstream-server-ip:3000

3 Verify Nginx Configuration

Check that Nginx proxy_pass directive points to the correct upstream server address and port.

BASH
$ # Check Nginx configuration syntax sudo nginx -t # Look at your site configuration sudo cat /etc/nginx/sites-available/your-site # Common configuration issue - wrong proxy_pass: # Incorrect: proxy_pass http://localhost:3000/; # Correct: proxy_pass http://127.0.0.1:3000; (or use actual IP)

4 Check Firewall and SELinux

Ensure firewall rules allow traffic between Nginx and the upstream server, and SELinux isn't blocking connections.

BASH
$ # Check firewall rules (UFW example) sudo ufw status # Check if port is open sudo ufw allow 3000/tcp # For CentOS/RHEL firewall sudo firewall-cmd --list-all # Check SELinux (if enabled) getenforce # If enforcing, check logs sudo grep nginx /var/log/audit/audit.log | tail -20

5 Restart Services and Check Logs

Restart both Nginx and the upstream service, then check error logs for detailed information.

BASH
$ # Restart Nginx sudo systemctl restart nginx # Restart your upstream service (example for Node.js with PM2) pm2 restart all # Check Nginx error logs sudo tail -f /var/log/nginx/error.log # Check upstream service logs sudo journalctl -u your-service-name --since "5 minutes ago"