Response to 502 Bad Gateway in Nginx/1.17.8 (ModSecurity is no longer enabled)

by 永夜 · 2021/03/16

浏览量： 0

1. The content of the Nginx configuration file in response to 200 is as follows.


server {
    listen 82;
    charset utf-8;
    
    root /mcloud/creditshop_back/app/webroot;
    index  index.php;

    location / {
                modsecurity on;
                modsecurity_rules_file /etc/nginx/modsec_includes_lite.conf;
        if (!-e $request_filename) {
            rewrite ^/(.+)$ /index.php?url=$1 last;
            break;
        }
    }

        location /creditf {
                modsecurity on;
                modsecurity_rules_file /etc/nginx/modsec_includes_lite.conf;
                alias /webtv/wangjie/creditshop_back/h5jifen/files;
            index index.html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /mcloud/creditshop_back/app/webroot$fastcgi_script_name;
        include        fastcgi_params;
    }
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }

        location ~ ^/(status|ping)$ {
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
        access_log off;
        allow 127.0.0.1;
        allow 10.42.0.0/16;
        allow 10.244.0.0/8;
        allow 192.168.0.0/8;
        allow 172.17.0.0/8;
        deny all;
    }
}

2. Check the nginx version: nginx version: nginx/1.10.3. as shown in Figure 1

查看 Nginx 版本：nginx version: nginx/1.10.3。

Figure 1


nginx version: nginx/1.10.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --add-module=/data/openresty-1.11.2.3/bundle/ngx_devel_kit-0.3.0 --add-module=/data/openresty-1.11.2.3/bundle/iconv-nginx-module-0.14 --add-module=/data/openresty-1.11.2.3/bundle/echo-nginx-module-0.60 --add-module=/data/openresty-1.11.2.3/bundle/xss-nginx-module-0.05 --add-module=/data/openresty-1.11.2.3/bundle/ngx_coolkit-0.2rc3 --add-module=/data/openresty-1.11.2.3/bundle/set-misc-nginx-module-0.31 --add-module=/data/openresty-1.11.2.3/bundle/form-input-nginx-module-0.12 --add-module=/data/openresty-1.11.2.3/bundle/encrypted-session-nginx-module-0.06 --add-module=/data/openresty-1.11.2.3/bundle/srcache-nginx-module-0.31 --add-module=/data/openresty-1.11.2.3/bundle/ngx_lua-0.10.8 --add-module=/data/openresty-1.11.2.3/bundle/ngx_lua_upstream-0.06 --add-module=/data/openresty-1.11.2.3/bundle/headers-more-nginx-module-0.32 --add-module=/data/openresty-1.11.2.3/bundle/array-var-nginx-module-0.05 --add-module=/data/openresty-1.11.2.3/bundle/memc-nginx-module-0.18 --add-module=/data/openresty-1.11.2.3/bundle/redis2-nginx-module-0.14 --add-module=/data/openresty-1.11.2.3/bundle/redis-nginx-module-0.3.7 --add-module=/data/openresty-1.11.2.3/bundle/rds-json-nginx-module-0.14 --add-module=/data/openresty-1.11.2.3/bundle/rds-csv-nginx-module-0.07 --add-module=/data/ModSecurity-nginx-master --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-pcre

3. Upgrade to nginx version: nginx version: nginx/1.17.8, respond to 502 bad gateway under nginx/1.17.8. as shown in Figure 2

升级至 Nginx 版本：nginx version: nginx/1.17.8，在 nginx/1.17.8 下响应 502 Bad Gateway。

Figure 2


[root@back-7d88c84cdd-xpc6x /]# nginx -V
nginx version: mcloud web server/v1.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --add-module=/data/openresty-1.13.6.2/bundle/ngx_devel_kit-0.3.0 --add-module=/data/openresty-1.13.6.2/bundle/echo-nginx-module-0.61 --add-module=/data/openresty-1.13.6.2/bundle/xss-nginx-module-0.06 --add-module=/data/openresty-1.13.6.2/bundle/ngx_coolkit-0.2rc3 --add-module=/data/openresty-1.13.6.2/bundle/set-misc-nginx-module-0.32 --add-module=/data/openresty-1.13.6.2/bundle/form-input-nginx-module-0.12 --add-module=/data/openresty-1.13.6.2/bundle/encrypted-session-nginx-module-0.08 --add-module=/data/openresty-1.13.6.2/bundle/srcache-nginx-module-0.31 --add-module=/data/openresty-1.13.6.2/bundle/ngx_lua-0.10.13 --add-module=/data/openresty-1.13.6.2/bundle/ngx_lua_upstream-0.07 --add-module=/data/openresty-1.13.6.2/bundle/array-var-nginx-module-0.05 --add-module=/data/openresty-1.13.6.2/bundle/memc-nginx-module-0.19 --add-module=/data/openresty-1.13.6.2/bundle/redis2-nginx-module-0.15 --add-module=/data/openresty-1.13.6.2/bundle/rds-json-nginx-module-0.15 --add-module=/data/openresty-1.13.6.2/bundle/rds-csv-nginx-module-0.09 --add-module=/data/ModSecurity-nginx-master --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-pcre

4. Edit the content of the nginx configuration file as follows. ModSecurity is no longer enabled. Response 200. as shown in Figure 3

编辑 Nginx 配置文件内容如下。不再启用 ModSecurity。响应 200。

Figure 3


server {
    listen 82;
    charset utf-8;
    
    root /mcloud/creditshop_back/app/webroot;
    index index.php;

    location / {
        # modsecurity on;
        # modsecurity_rules_file /etc/nginx/modsec_includes_lite.conf;
        if (!-e $request_filename) {
            rewrite ^/(.+)$ /index.php?url=$1 last;
            break;
        }
    }

    location /creditf {
        # modsecurity on;
        # modsecurity_rules_file /etc/nginx/modsec_includes_lite.conf;
        alias /webtv/wangjie/creditshop_back/h5jifen/files;
        index index.html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /mcloud/creditshop_back/app/webroot$fastcgi_script_name;
        include        fastcgi_params;
    }
    #error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

Response to 502 Bad Gateway in Nginx/1.17.8 (ModSecurity is no longer enabled)

You may also like...

Leave a Reply Cancel reply

Response to 502 Bad Gateway in Nginx/1.17.8 (ModSecurity is no longer enabled)

You may also like...

TortoiseGit detects that the file does not exist, but has been temporarily stored as “Add” or “Modify” in “Index”. The Submit dialog box cannot be handled. Do you want to recover or delete it from the index?

Implementing ccpapi.xxx.cn to apiv2.xxx.cn/ccpapi in Kongga

After the base image of the container is replaced, php core warningYii\Base\ErrorExceptionwith messagemoduleGDalready loaded

Leave a Reply Cancel reply