pfSense Gold Subscription

Author Topic: 502 Bad Gateway (nginx) after Update to 2.3  (Read 22097 times)

0 Members and 1 Guest are viewing this topic.

Offline chrcoluk

  • Sr. Member
  • ****
  • Posts: 387
  • Karma: +20/-50
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #60 on: November 22, 2017, 02:50:02 pm »
Posting a patch which should improve the issue. (after applying the patch choose option 16 to restart php-fpm)

The downsides of the changes are that memory consumption will be higher, but on my unit most ram is unused anyway. Stock pfSense seems to be tuned for the very low end stuff.

Code: [Select]
--- /etc/rc.php_ini_setup       2017-07-06 19:35:29.000000000 +0100
+++ /etc/rc.php_ini_setup        2017-11-22 21:05:24.986893000 +0000
@@ -265,10 +265,22 @@
 
 
 PHPFPMMAX=3
+PHPFPMIDLE=30
+PHPFPMSTART=1
+PHPFPMSPARE=2
+PHPFPMREQ=500
 if [ $REALMEM -lt 250 ]; then
        PHPFPMMAX=2
+       PHPFPMIDLE=5
+       PHPFPMSTART=1
+       PHPFPMSPARE=1
+       PHPFPMREQ=500
 elif [ ${REALMEM} -gt 1000 ]; then
-       PHPFPMMAX=4
+       PHPFPMMAX=8
+       PHPFPMIDLE=3600
+       PHPFPMSTART=2
+       PHPFPMSPARE=7
+       PHPFPMREQ=5000
 fi
 
 /bin/cat > /usr/local/lib/php-fpm.conf <<EOF
@@ -305,9 +317,9 @@
        /bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
 
 pm = ondemand
-pm.process_idle_timeout = 5
+pm.process_idle_timeout = $PHPFPMIDLE
 pm.max_children = $PHPFPMMAX
-pm.max_requests = 500
+pm.max_requests = $PHPFPMREQ
 
 EOF
 
@@ -315,12 +327,12 @@
        /bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
 
 pm = dynamic
-pm.process_idle_timeout = 5
+pm.process_idle_timeout = $PHPFPMIDLE
 pm.max_children = $PHPFPMMAX
-pm.start_servers = 1
-pm.max_requests = 500
+pm.start_servers = $PHPFPMSTART
+pm.max_requests = $PHPFPMREQ
 pm.min_spare_servers=1
-pm.max_spare_servers=1
+pm.max_spare_servers= $PHPFPMSPARE
 
 EOF
 else
@@ -329,7 +341,7 @@
 
 pm = static
 pm.max_children = $PHPFPMMAX
-pm.max_requests = 500
+pm.max_requests = $PHPFPMREQ
 
 EOF
 
« Last Edit: November 22, 2017, 03:09:45 pm by chrcoluk »
pfSense 2.4
Qotom Q355G4 or Braswell N3150 with Jetway mini pcie 2x intel i350 lan - 4 gig Kingston 1333 C11 DDR3L
 - 60 gig kingston ssdnow ssd - ISP Sky UK

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #61 on: November 26, 2017, 03:14:37 am »
Chris had asked me to to create a git commit for this and I had not done so, I now have. So if any would like to try his fix here is the patch ID: 2c131b1
« Last Edit: November 29, 2017, 05:22:55 pm by marjohn56 »
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline chrcoluk

  • Sr. Member
  • ****
  • Posts: 387
  • Karma: +20/-50
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #62 on: November 26, 2017, 08:06:22 pm »
Thanks martin.

Quick update here also.

https://forum.pfsense.org/index.php?topic=137103.msg767939#msg767939

Positive feedback from myself.
pfSense 2.4
Qotom Q355G4 or Braswell N3150 with Jetway mini pcie 2x intel i350 lan - 4 gig Kingston 1333 C11 DDR3L
 - 60 gig kingston ssdnow ssd - ISP Sky UK

Offline tward800

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #63 on: November 27, 2017, 11:01:12 pm »
The patch in message #60 worked for me.  After upgrading to 2.4.2 I tried installing PFBlockerNG and started getting non-responsive web interface, ssh sessions and even serial console.   I am pretty new to BSD and  couldn't get the patch to take, but I got the changes in manually and my router is stable again.  Created an account to say, "Thank you!"

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #64 on: November 28, 2017, 02:28:09 am »
Odd, I created the patch for Chris's mods and PR'd it for him. Are you saying that Patch ID: 028be76 will not apply for you?

I have just removed it and re-fetched it and re-applied it to my system without any problems.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline tward800

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #65 on: November 28, 2017, 07:18:56 am »
It's probably something i did wrong.  Like I said I'm not familiar with BSD, and only used patch a couple of times.

Saved the patch listed in this thread as rc.php_ini_setup.patch

Here's a recreation of what I did.
Quote
/etc: patch rc.php_ini_setup rc.php_ini_setup.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- /etc/rc.php_ini_setup       2017-07-06 19:35:29.000000000 +0100
|+++ /etc/rc.php_ini_setup        2017-11-22 21:05:24.986893000 +0000
--------------------------
Patching file rc.php_ini_setup using Plan A...
Hunk #1 failed at 265.
Hunk #2 succeeded at 317 with fuzz 1.
Hunk #3 succeeded at 327 with fuzz 1.
Hunk #4 succeeded at 341.
1 out of 4 hunks failed--saving rejects to rc.php_ini_setup.rej
done


-rw-r--r--   1 root  wheel        1366 Nov 28 05:58 rc.php_ini_setup.patch
-rwxr-xr-x   1 root  wheel        9395 Nov 28 05:58 rc.php_ini_setup.orig
-rwxr-xr-x   1 root  wheel        9459 Nov 28 05:59 rc.php_ini_setup
-rw-------   1 root  wheel         456 Nov 28 05:59 rc.php_ini_setup.rej


/etc: cat rc.php_ini_setup.rej
@@ -265,10 +265,22 @@
 
 
 PHPFPMMAX=3
+PHPFPMIDLE=30
+PHPFPMSTART=1
+PHPFPMSPARE=2
+PHPFPMREQ=500
 if [ $REALMEM -lt 250 ]; then
        PHPFPMMAX=2
+       PHPFPMIDLE=5
+       PHPFPMSTART=1
+       PHPFPMSPARE=1
+       PHPFPMREQ=500
 elif [ ${REALMEM} -gt 1000 ]; then
-       PHPFPMMAX=4
+       PHPFPMMAX=8
+       PHPFPMIDLE=3600
+       PHPFPMSTART=2
+       PHPFPMSPARE=7
+       PHPFPMREQ=5000
 fi
 
 /bin/cat > /usr/local/lib/php-fpm.conf <<EOF


/etc: diff rc.php_ini_setup.orig rc.php_ini_setup
308c308
< pm.process_idle_timeout = 5
---
> pm.process_idle_timeout = $PHPFPMIDLE
310c310
< pm.max_requests = 500
---
> pm.max_requests = $PHPFPMREQ
318c318
< pm.process_idle_timeout = 5
---
> pm.process_idle_timeout = $PHPFPMIDLE
320,321c320,321
< pm.start_servers = 1
< pm.max_requests = 500
---
> pm.start_servers = $PHPFPMSTART
> pm.max_requests = $PHPFPMREQ
323c323
< pm.max_spare_servers=1
---
> pm.max_spare_servers= $PHPFPMSPARE
332c332
< pm.max_requests = 500
---
> pm.max_requests = $PHPFPMREQ



After that I just restored the saved copy and just manually make the changes.   Still working great.  I'm using a PC engines apu2c2 and memory usage is about 12 percent  Thanks again.

Offline Grimson

  • Full Member
  • ***
  • Posts: 192
  • Karma: +28/-2
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #66 on: November 28, 2017, 07:32:57 am »
It's probably something i did wrong.  Like I said I'm not familiar with BSD, and only used patch a couple of times.

Saved the patch listed in this thread as rc.php_ini_setup.patch


Use the System_Patches package, makes it a lot easier.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #67 on: November 28, 2017, 07:38:21 am »
Ah, not familiar with the pfSense patch system.  :)

OK, first thing to do is reverse what you have done, put everything back as it was.

Next, go into pfSense and select Package Manager from the System Menu, select 'Available Packages' and find the 'System Patches' package and install it.

You will now have a 'Patches' option in the system menu - Select it.

Click on add new patch.

In the URL/Commit ID enter the patch ID 028be76, give a description in the Description box and press save.

Now click on Test, it should say can be applied cleanly. Now click on Apply.

Job done.



pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline tward800

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #68 on: November 28, 2017, 07:43:06 pm »
Thank you again.  I replaced the original file and re-applied the patch the proper way for pfSense.   Other than some extra spaces I had it correct.
The router continues to be stable with this patch.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #69 on: November 29, 2017, 02:26:39 am »
That's good.

The advantage of using the patch system, apart from saving you a lot of work, is that you have a setting in the patch that allows for it to be automatically re-applied when you update pfSense. It checks to see whether it can be re-applied cleanly and does so. Obviously, if the file(s) the patches are applied against change in a way that means the patch will not cleanly apply then it does not do so, so when you use patches it's advisable to check after an update. For the average user who is not on the beta trail this means only a two or three times a year, beta testers should check every time they update.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline chrcoluk

  • Sr. Member
  • ****
  • Posts: 387
  • Karma: +20/-50
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #70 on: November 30, 2017, 06:51:59 pm »
tward800 thanks for your feedback, even if there is no problems, feedback is good, as it helps developers make a decision on if a patch is safe enough to rollout or not.
pfSense 2.4
Qotom Q355G4 or Braswell N3150 with Jetway mini pcie 2x intel i350 lan - 4 gig Kingston 1333 C11 DDR3L
 - 60 gig kingston ssdnow ssd - ISP Sky UK

Offline sandern

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +2/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #71 on: December 05, 2017, 06:36:52 am »
The patch gives me some errors when I test it:

Quote
/usr/bin/patch --directory=/ -t -p2 -i /var/patches/5a269040d9477.patch --check --forward --ignore-whitespace

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 2c131b10b25db593331048d4f2b28fbf9bf5662e Mon Sep 17 00:00:00 2001
|From: marjohn56
|Date: Wed, 29 Nov 2017 23:18:51 +0000
|Subject: [PATCH] Increase FPM process availability in high ram systems
|
|To reduce chance of nginx gateway error when interacting with FPM backend, this patch does the following, starts up extra FOM server processes at startup, allows more to stay running on standby, increases automatic shutdown time from 5 seconds to one hour.  On systems with a gig or more of ram
|---
| src/etc/rc.php_ini_setup | 29 +++++++++++++++++++++--------
| 1 file changed, 21 insertions(+), 8 deletions(-)
|
|diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup
|index 5ce0ef7a31..03bc1178d9 100755
|--- a/src/etc/rc.php_ini_setup
|+++ b/src/etc/rc.php_ini_setup
--------------------------
Patching file etc/rc.php_ini_setup using Plan A...
Hunk #1 succeeded at 265.
Hunk #2 failed at 317.
Hunk #3 failed at 340.
2 out of 3 hunks failed while patching etc/rc.php_ini_setup
done

I'm using a new Pfsense 2.4.2 install and using the patch manager from the gui.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #72 on: December 05, 2017, 10:37:57 am »
Try patch 2c131b1.

Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

 
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline sandern

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +2/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #73 on: December 05, 2017, 12:15:53 pm »
Try patch 2c131b1.

Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

Exactly the same error, so indeed not for 2.4.2. I'll do the changes manually :)

Offline BeerCan

  • Jr. Member
  • **
  • Posts: 87
  • Karma: +9/-0
    • View Profile
Re: 502 Bad Gateway (nginx) after Update to 2.3
« Reply #74 on: December 05, 2017, 02:28:54 pm »
Try patch 2c131b1.

Yes, I had to re-sync with upstream. In doing so my Github desktop threw one and I had to pull it back and re-do the PR. However, it's against 2.4.3, so it may not work for 2.4.2 now.

I am getting patch fetch failed when I try this