502 Bad Gateway with SSL installed

[nilsi]

Hi,

I followed the guide here to setup SSL:
https://voice.kadira.io/meteor-up-let-s-encrypt-based-free-ssl-d17111f69f15

I installed force-ssland deployed with mup. Everything works beside I got 502 Bad Gateway when trying to reach my application but It is still secured with SSL. I wonder if this is a problem with nginx not redirecting as it should? I added a subdomain to my app and the application worked without SSL.

How can I configure nginx or find a solution to this? Thanks.

mup.js

module.exports = {
  servers: {
    one: {
      host: '123.456.665.333',
      username: 'root',
      password: 'pass',
      // pem: './mykey',
    },
  },

  meteor: {
    name: 'app',
    path: './',
    servers: {
      one: {},
    },
    env: {
      ROOT_URL: 'https://app.co',
      MONGO_URL: 'mongodb://localhost/meteor'
    },
    ssl: {
      crt: "./ssl/fullchain.pem", // this is a bundle of certificates
      key: "./ssl/privkey.pem", // this is the private key of the certificate
      port: 443
    },
    deployCheckWaitTime: 60
  },

  enableUploadProgressBar: true,

  mongo: {
    oplog: true,
    port: 27017,
    servers: {
      one: {},
    },
  },
};

Logs from deploying:

mup setup

Started TaskList: Setup Docker
[192.241.174.126] - setup docker
[192.241.174.126] - setup docker: SUCCESS

Started TaskList: Setup Meteor
[192.241.174.126] - Setup Environment

Started TaskList: Setup Mongo
[192.241.174.126] - setup environment
[192.241.174.126] - setup environment: SUCCESS
[192.241.174.126] - copying mongodb.conf
[192.241.174.126] - Setup Environment: SUCCESS
[192.241.174.126] - Copying SSL Certificate Bundle
[192.241.174.126] - copying mongodb.conf: SUCCESS
[192.241.174.126] - Copying SSL Certificate Bundle: SUCCESS
[192.241.174.126] - Copying SSL Private Key
[192.241.174.126] - Copying SSL Private Key: SUCCESS
[192.241.174.126] - Verifying SSL Configurations
[192.241.174.126] - Verifying SSL Configurations: SUCCESS

Started TaskList: Start Mongo
[192.241.174.126] - start mongo
[192.241.174.126] - start mongo: SUCCESS

macbookpro at nilsi-mac in ~/app/app on master
$ mup deploy
Building App Bundle Locally
ANDROID_HOME=/usr/local/Cellar/android-sdk/24.4.1_1
JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home
:cdvCreateAssetManifest
:preBuild
:preReleaseBuild
:checkReleaseManifest
:CordovaLib:preBuild UP-TO-DATE
:CordovaLib:preReleaseBuild UP-TO-DATE
:CordovaLib:compileReleaseNdk UP-TO-DATE
:CordovaLib:compileLint
:CordovaLib:copyReleaseLint UP-TO-DATE
:CordovaLib:mergeReleaseProguardFiles UP-TO-DATE
:CordovaLib:packageReleaseRenderscript UP-TO-DATE
:CordovaLib:checkReleaseManifest
:CordovaLib:prepareReleaseDependencies
:CordovaLib:compileReleaseRenderscript UP-TO-DATE
:CordovaLib:generateReleaseResValues UP-TO-DATE
:CordovaLib:generateReleaseResources UP-TO-DATE
:CordovaLib:packageReleaseResources UP-TO-DATE
:CordovaLib:compileReleaseAidl UP-TO-DATE
:CordovaLib:generateReleaseBuildConfig UP-TO-DATE
:CordovaLib:generateReleaseAssets UP-TO-DATE
:CordovaLib:mergeReleaseAssets UP-TO-DATE
:CordovaLib:processReleaseManifest UP-TO-DATE
:CordovaLib:processReleaseResources UP-TO-DATE
:CordovaLib:generateReleaseSources UP-TO-DATE
:CordovaLib:compileReleaseJavaWithJavac UP-TO-DATE
:CordovaLib:processReleaseJavaRes UP-TO-DATE
:CordovaLib:transformResourcesWithMergeJavaResForRelease UP-TO-DATE
:CordovaLib:transformClassesAndResourcesWithSyncLibJarsForRelease UP-TO-DATE
:CordovaLib:mergeReleaseJniLibFolders UP-TO-DATE
:CordovaLib:transformNative_libsWithMergeJniLibsForRelease UP-TO-DATE
:CordovaLib:transformNative_libsWithSyncJniLibsForRelease UP-TO-DATE
:CordovaLib:bundleRelease UP-TO-DATE
:prepareAndroidCordovaLibUnspecifiedReleaseLibrary UP-TO-DATE
:prepareReleaseDependencies
:compileReleaseAidl UP-TO-DATE
:compileReleaseRenderscript UP-TO-DATE
:generateReleaseBuildConfig UP-TO-DATE
:generateReleaseAssets UP-TO-DATE
:mergeReleaseAssets
:generateReleaseResValues UP-TO-DATE
:generateReleaseResources UP-TO-DATE
:mergeReleaseResources UP-TO-DATE
:processReleaseManifest UP-TO-DATE
:processReleaseResources
:generateReleaseSources
:compileReleaseJavaWithJavac UP-TO-DATE
:compileReleaseNdk UP-TO-DATE
:compileReleaseSources UP-TO-DATE
:lintVitalRelease
:transformClassesWithDexForRelease UP-TO-DATE
:mergeReleaseJniLibFolders UP-TO-DATE
:transformNative_libsWithMergeJniLibsForRelease UP-TO-DATE
:processReleaseJavaRes UP-TO-DATE
:transformResourcesWithMergeJavaResForRelease UP-TO-DATE
:packageRelease
:assembleRelease
:cdvBuildRelease

BUILD SUCCESSFUL

Total time: 14.64 secs

Started TaskList: Pushing Meteor
[192.241.174.126] - Pushing Meteor App Bundle to The Server
[192.241.174.126] - Pushing Meteor App Bundle to The Server: SUCCESS
[192.241.174.126] - Pushing the Startup Script
[192.241.174.126] - Pushing the Startup Script: SUCCESS

Started TaskList: Configuring  Meteor Environment Variables
[192.241.174.126] - Sending Environment Variables
[192.241.174.126] - Sending Environment Variables: SUCCESS

Started TaskList: Start Meteor
[192.241.174.126] - Start Meteor
[192.241.174.126] - Start Meteor: SUCCESS
[192.241.174.126] - Verifying Deployment
[192.241.174.126] - Verifying Deployment: SUCCESS

Certificate successfully installed:

installed packages:

$ meteor list
accounts-facebook                 1.0.9  Login service for Facebook accounts
accounts-twitter                  1.0.9  Login service for Twitter accounts
aldeed:collection2                2.9.1  Automatic validation of insert and update operations on the client and server.
audit-argument-checks             1.0.7  Try to detect inadequate input sanitization
blaze-html-templates              1.0.4  Compile HTML templates into reactive UI with Meteor Blaze
browser-policy                    1.0.9  Configure security policies enforced by the browser
check                             1.2.1  Check whether a value matches a pattern
czbaker:apac                      0.0.3  Access to the Amazon Product Advertising API, using the NodeJS 'apac' module.
dburles:collection-helpers        1.0.4  Transform your collections with helpers that you define
ecmascript                        0.4.3  Compiler plugin that supports ES2015+ in all .js files
ejson                             1.0.11  Extended and Extensible JSON library
flemay:less-autoprefixer          1.2.0  The dynamic stylesheet language + Autoprefixer
force-ssl                         1.0.11  Require this application to use HTTPS
http                              1.1.5  Make HTTP calls to remote servers
jquery                            1.11.8  Manipulate the DOM using CSS selectors
juliancwirko:s-alert              3.1.4  Simple and fancy notifications / alerts / errors for Meteor
kadira:blaze-layout               2.3.0  Layout Manager for Blaze (works well with FlowRouter)
kadira:flow-router                2.11.0* Carefully Designed Client Side Router for Meteor
lepozepo:s3                       5.1.7* Upload files to S3. Allows use of Knox Server-Side.
logging                           1.0.12  Logging facility.
meteor-base                       1.0.4  Packages that every Meteor app needs
meteorhacks:kadira                2.28.5  Performance Monitoring for Meteor
meteorhacks:search-source         1.4.2  Reactive Data Source for Search
meteortoys:allthings              2.3.1  Insanely Handy Development Tools
mobile-experience                 1.0.4  Packages for a great mobile user experience
mongo                             1.1.7  Adaptor for using MongoDB and Minimongo over DDP
mrt:smart-publish                 0.2.1  Smart publications with joins and multiple cursors from the same collection
natestrauser:animate-css          3.5.1  Animate.css packaged for meteor
okgrow:router-autoscroll          0.1.8  Smart management of scroll position across route changes for Iron and Flow Router
ongoworks:spiderable              1.0.7  Docker + Port friendly Spiderable package
osv:mongo-counter                 0.2.1  Atomic counters stored in MongoDB
percolate:paginated-subscription  0.2.4  Easily paginate a subscription that takes a limit parameter.
raix:handlebar-helpers            0.2.5  Handlebar helpers
random                            1.0.9  Random number generator and utilities
reactive-var                      1.0.9  Reactive variable
reload                            1.1.8  Reload the page while preserving application state.
semantic:ui                       2.1.8  Official Semantic UI Integration for Meteor
service-configuration             1.0.9  Manage the configuration for third-party services
session                           1.1.5  Session variable
spacebars                         1.0.11  Handlebars-like template language for Meteor
standard-minifier-css             1.0.6  Standard css minifier used with Meteor apps by default.
standard-minifier-js              1.0.6  Standard javascript minifiers used with Meteor apps by default.
tomwasd:flow-router-seo           0.0.3  A simple way to set the title and meta tags for sites using flow router
tracker                           1.0.13  Dependency tracker to allow reactive callbacks
velocityjs:velocityjs             1.2.1  Velocity.js (official) - accelerated JavaScript animation.
zimme:active-route                2.3.2  Active route helpers

Application gives a 502 Bad gateway on root URL.

[nilsi]

I tried to remove SSL. I removed force-ssland the ssl section from mup.js but still getting redirected to https. I even deployed freshly to a new server but still getting redirected when I'm trying with my domain. However, if I use the IP i can reach the site just fine. Im so confused right now.

[indesignlatam]

Hi @nilsi,

Try with the fix mentioned in this issue. Is commonly caused because headers are bigger than the max size allowed by the container with nginx.
meteorhacks/mup-frontend-server#7

If you are able to solve the issue with this fix, please comment and close it.

[nilsi]

@wanchopeblanco thanks!

I saw that issue before but couldn't follow the instruction. Im not sure how I can find the right nginx.conf

Since I removed SSL i no longer have a frontend container.

root@repick:~# docker ps
CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                        NAMES
07da6f2dbd21        mongo                      "/entrypoint.sh mongo"   56 minutes ago      Up 56 minutes       127.0.0.1:27017->27017/tcp   mongodb
fa9d835aa465        meteorhacks/meteord:base   "/bin/sh -c 'bash $ME"   About an hour ago   Up About an hour    0.0.0.0:80->80/tcp           repick
root@repick:~# sudo find / -name nginx.conf
/var/lib/docker/aufs/diff/d6c0156a8c993637bbb38d72be134a6f50a7b647f4f0c563d4248057ede380b8/tmp/lib/nginx.conf
/var/lib/docker/aufs/diff/e3bae94b0a997ad46e6e4370a9df6aacc4dac4613596027a9b2e8cb6799d0a8b/tmp/nginx/nginx-1.8.0/conf/nginx.conf
/var/lib/docker/aufs/diff/e3bae94b0a997ad46e6e4370a9df6aacc4dac4613596027a9b2e8cb6799d0a8b/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/diff/4170e09b624c16af2d0d4eb6ebcfb2c3a2155a06cc8d1f12180992228edd9f2c/opt/nginx/conf/nginx.conf
/root/letsencrypt/letsencrypt-nginx/letsencrypt_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/nginx.conf
/root/letsencrypt/letsencrypt-nginx/letsencrypt_nginx/tests/testdata/etc_nginx/nginx.conf

What am I supposed to edit? I looked in some of them but cant find the right server block.

[indesignlatam]

It looks like you do have a container with nginx installed. Have you tried to deploy again in to a clean VPS? Did you setup again after removing SSL?

Usually when i have a problem like this i deploy again to a fresh instance.

[nilsi]

Yes I tried a new VPS and I had the same problem. After deployed a few times on that one it looks like this:

 sudo find / -name nginx.conf
/var/lib/docker/aufs/diff/282bf4543daa9a584b287cba9ba0e03f1a500523d864d6a2dedd9d3ada0f0dc6/tmp/nginx/nginx-1.8.0/conf/nginx.conf
/var/lib/docker/aufs/diff/282bf4543daa9a584b287cba9ba0e03f1a500523d864d6a2dedd9d3ada0f0dc6/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/diff/b75779f37df4cffd4831249f53479e47842ec4e7918cba3494610822eba41450/tmp/lib/nginx.conf
/var/lib/docker/aufs/diff/86b79c8b435e1e94bc361e6fd90ea9cfa4db8502f66c4c328c0c6d70235d44e6/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/mnt/d835971bcc2eb31916b53db8896f54ae4663cbe16f7b9b32a4ea4c0cebe0e547/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/mnt/d835971bcc2eb31916b53db8896f54ae4663cbe16f7b9b32a4ea4c0cebe0e547/tmp/nginx/nginx-1.8.0/conf/nginx.conf

It might add another nginx instance every time I run mup deploy or mup setup? I also wonder what those ID's are. According to the link you had it should match docker ps IDs but they don't in my case.

I now found out that if I open my webpage in a browser that I never opened it in before it works with http. But when I try in an old one it still redirects to https and fails. Is this cached in the browser somehow? Incognito does not change anything.

[indesignlatam]

Try flushing your browser cache, that was something that happened to me to
after having issues with the server. Somtimes flushing cache fixed the
issue.

Il venerdì 29 aprile 2016, Nicklas Nilsson [email protected] ha
scritto:

Yes I tried a new VPS and I had the same problem. After deployed a few
times on that one it looks like this:

sudo find / -name nginx.conf
/var/lib/docker/aufs/diff/282bf4543daa9a584b287cba9ba0e03f1a500523d864d6a2dedd9d3ada0f0dc6/tmp/nginx/nginx-1.8.0/conf/nginx.conf
/var/lib/docker/aufs/diff/282bf4543daa9a584b287cba9ba0e03f1a500523d864d6a2dedd9d3ada0f0dc6/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/diff/b75779f37df4cffd4831249f53479e47842ec4e7918cba3494610822eba41450/tmp/lib/nginx.conf
/var/lib/docker/aufs/diff/86b79c8b435e1e94bc361e6fd90ea9cfa4db8502f66c4c328c0c6d70235d44e6/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/mnt/d835971bcc2eb31916b53db8896f54ae4663cbe16f7b9b32a4ea4c0cebe0e547/opt/nginx/conf/nginx.conf
/var/lib/docker/aufs/mnt/d835971bcc2eb31916b53db8896f54ae4663cbe16f7b9b32a4ea4c0cebe0e547/tmp/nginx/nginx-1.8.0/conf/nginx.conf

It might add another nginx instance every time I run mup deploy?

I now found out that if I open my webpage in a browser that I never opened
it in before it works with http. But when I try in an old one it still
redirects to https and fails. Is this cached in the browser somehow?
Incognito does not change anything.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#115 (comment)

[nilsi]

Finally found a way to flush this at least for chrome on desktop. Just wonder if my visitors have the same problem now. I use the answer here to flush it: http://superuser.com/a/881431

I might give it another try to add SSL now again then. But I don't see any reason for it to not to throw the 502 Bad Gateway error again once I do. I maybe should look into increasing that max size for nginx, that could still be it.

[indesignlatam]

Did you tried to do the fix i suggested using the ssl? Only users that
opened the site when the 502 error was thrown will still get the error
until the browser updates its cache.

I suggest you try again with ssl, but first try it on a subdomain so you
dont affect your users, when you have it working just update your dns
settings to point to the ssl server ip.

Il venerdì 29 aprile 2016, Nicklas Nilsson [email protected] ha
scritto:

Finally found a way to flush this at least for chrome on desktop. Just
wonder if my visitors have the same problem now. I use the answer here to
flush it: http://superuser.com/a/881431

I might give it a try to add SSL now again then. But I don't see any
reason for it to not throw the 502 Bad Gateway error again once I do.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#115 (comment)

[nilsi]

Thanks for all the help. No haven't tried yet but will do on a different domain now. Be right back.

[indesignlatam]

Theres no problem. Happy to help.

Il venerdì 29 aprile 2016, Nicklas Nilsson [email protected] ha
scritto:

Thanks for all the help. No haven't tried yet but will do on a different
domain now. Be right back.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#115 (comment)

[nilsi]

WOW! it worked!! Finally!!

Do you have any idea how I change this permanently? It seems like your pull request is not merged yet and this will be overridden on my next mup deploy I think.

Thanks again.

[indesignlatam]

Not posible for now, i did a pull request to fix it. But it havent being
merged. But its a simple fix. Just 5 minutes more of work.

Il venerdì 29 aprile 2016, Nicklas Nilsson [email protected] ha
scritto:

WOW! it worked!! Finally!!

Do you have any idea how I change this permanently? It seems like your
pull request is not merged yet and this will be overridden on my next mup
deploy I think.

Thanks again.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#115 (comment)

[jnanendraveer]

I have getting same issue.
I have tried to multiple thoughts. But still waiting for right solution.
If you guys know please share your thought.

Thanks

[ivanthemeh]

@jnanendraveer were you ever able to get this resolved? It looks like Im having an issue with the ids too, when I try to run docker ps and check the ids with the ones in /var/lib/docker/aufs/mnt/ none of them are matching up so I tried to go into it and change the proxy_buffer size for all of them and it still didnt work.

[slam310]

Hi,

I just went through this issue for while and I want to share with you what was the problem for me ...
My context : Meteor 1.3.3.1 / ssl cert / mupx for deploying my app on an EC2 instance
The issue : 502 Bad Gateaway error message ( but everything works like a charm without the ssl setup http ).

My solution : Taking out the Browser Policy package !!! I didn't investigate more for now but if someone could point me why and how I can keep this package anyway, I would be nice of you .

Hope it helps some of you !

[jnanendraveer]

@ivanthemeh , I have got the issue. But don't know where is problem. I have setup everything again. Now working fine last 10 days. I suggest you please reinstall again.

Thanks

[indesignlatam]

Hi @slam310,

Try with the fix mentioned in this issue. Is commonly caused because headers are bigger than the max size allowed by the container with nginx.
meteorhacks/mup-frontend-server#7

[fisherman818]

@nilsi can I know what is your final working fix to the problem? thanks

[nilsi]

Since this is almost a year ago I dont completely remember but it works fine now. I think I might changed to kadirahq/meteor-up. I remember I had to change the docker image for it to work with meteor 1.4. Like someone is mentioning in the issue previously linked here:
meteorhacks/mup-frontend-server#7

[sunlee-newyork]

FYI I reduced the amount of domains in my browser-policy config (specifically BrowserPolicy.content.allowOriginForAll()) and that resolved the 502 error.

[enzolutions]

@sunlee-newyork so you install that package in your application and where did you setup that? thanks in advance

[sunlee-newyork]

@enzolutions I have server.js that imports each serverside initialization files in its separate Meteor.startup wrapper - importing SSL package before BrowserPolicy