I am consistently getting a 502 (Bad Gateway) error on an AWS website which, up until recently, had been running quite reliably for more than three years. I had one episode a month or so ago where I got the 502 for a few hours, and then it went away, not due to anything I did as far as I know. Now I have been getting the 502 consistently for several weeks. The architecture is:
Bitnami WordPress
EC2 (t3a.small) with an Elastic IP
CloudFront
Certificate Manager
R53
S3 (only for W3 Total Cache)
(no Application Load Balancers)
I have reviewed the AWS documentation on this error and tried to investigate. Here are some details on my efforts:
In Chrome DevTools when going to the site I see:
failed to load source map: Could not load content for chrome-extension://gighmmpiobklfepjocnamgkkbiglidom/browser-polyfill.js.map: System error: net::ERR_FILE_NOT_FOUND
I tried going to the domain in Safari and still got the 502.
I tried going to the elastic IP directly, which redirects me to mydomain.org and the 502.
The EC2 instance has been consistently running, no alarms, 2/2 checks passed. I stopped and restarted the EC2 instance and continued getting the 502.
I invalidated the cache for the CloudFront distribution associated with mydomain.org, but continued receiving the 502.
I invalidated the cache for the CloudFront distribution associated with W3 Total Cache, but continued receiving the 502.
One thing at I don't understand is when checking SSL certificate at sslshopper.com, it came back telling me that the domain resolves to an IP I don't recognize:
https://www.sslshopper.com/ssl-checker.html#hostname=www.mydomain.org
www.mydomain.org resolves to 12.34.567.8
Server Type: CloudFront
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate will expire in 324 days.
The hostname (www.mydomain.org) is correctly listed in the certificate.
Going to the above IP (12.34.567.8), I get:
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Request ID: QELc0fvzKvqx58Xrw2S6g3KWMAbkHx66hyxbkDne2Y1GOu7wGb6yGg==
I am able to log in to the apache server on the EC2 instance using SSH using the Mac Terminal app
There I confirmed that MySQL is running
test -d /opt/bitnami/mariadb && echo "MariaDB" || echo "MySQL"
shows MySQL
I stopped and restarted apache
I stopped and restarted all services
I ran the bitnami diagnostic tool (sudo /opt/bitnami/bndiagnostic-tool) and got:
✓ Mysql: No issues found
? Apache: Found possible issues
? Resources: Found possible issues
✓ Php: No issues found
✓ Connectivity: No issues found
[Apache]
Found recent error or warning messages in the Apache error log.
[Sun Nov 06 08:50:26.178264 2022] [authz_core:error] [pid 19192:tid 139683803522816] [client 41.216.183.144:58606] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/scripts
[Sun Nov 06 14:55:55.162136 2022] [authz_core:error] [pid 18963:tid 139684130838272] [client 129.151.230.90:54786] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/index.php
[Tue Nov 08 00:55:34.423247 2022] [authz_core:error] [pid 18962:tid 139683702810368] [client 70.73.26.178:45923] AH01630: client denied by server configuration: /opt/bitnami/apps/phpmyadmin/htdocs/index.php
Please check the following guide to troubleshoot server issues:
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
A high number of incoming requests originate from one or more unique IP addresses. This could indicate a bot attack. The following guide shows how to check for and block suspicious IP addresses.
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
[Resources]
Your instance has little available RAM memory.
total used free shared buff/cache available Mem: 1968 713 192 83 1062 960 Swap: 0 0 0
You could try to increase your instance's memory. Please check your cloud provider's documentation for more information.
You can also enable swap memory to improve performance.
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/
Following up on some of the info from the bitnami diagnostic tool, I disabled pagespeed by commenting out two lines in /opt/bitnami/apache2/conf/httpd.conf
#Include conf/pagespeed.conf
#Include conf/pagespeed_libraries.conf
That did not seem to help or change anything.
Also in the httpd.conf file I saw this:
ServerName mydomain.org:80
and wondered whether that is correct considering that the website is only accessed via HTTPS. Should that perhaps be:
ServerName mydomain.org:443
I can get into phpMyAdmin by creating an SSH tunnel as described here:
https://docs.bitnami.com/aws/faq/get-started/access-phpmyadmin/
Everything looks normal to me in phpMyAdmin.
I have not tried to get help from bitnami yet because it seems like this is an AWS problem?
Thank you, Brettski-AWS, for taking the time to help me!
I assume I can browse directly to the website and bypass CloudFront by going to the CloudFront origin, e.g.
''ec2-12-345-67-89.us-west-2.compute.amazonaws.com''
When I do that, initially I get
''Your connection is not private''
with a link:
''Go to advanced''
When I click "Go to advanced"
I see
''This server could not prove that it is ec2-12-345-67-89.us-west-2.compute.amazonaws.com; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to ec2-12-345-67-89.us-west-2.compute.amazonaws.com (unsafe)''
When I click the "proceed" link, I get
''This site can’t be reached
Check if there is a typo in www.ec2-12-345-67-89.us-west-2.compute.amazonaws.com.
DNS_PROBE_FINISHED_NXDOMAIN''
I'm not sure what else to try beyond that.
The first part of your output is all about the certificate on the web server not matching the hostname. For testing purposes that's ok but it does show that the instance is responding to requests. The "site can't be reached" part is interesting because clearly it can be reached. Your webserver is redirecting you to the host that you reached but is prepending
www
onto the beginning. And that lookup is failing. So check your configuration because I think your webserver is doing a rewrite of the URL, addingwww
to the beginning and that's causing the web browser to fail because that DNS entry doesn't exist.