Troubleshooting Nginx 502 Bad Gateway Error: PHP-FPM Connection Refused on Port 9000


2 views

When setting up a LEMP stack on Ubuntu 14.04, a common issue arises when Nginx cannot communicate with PHP-FPM. The error typically appears in Nginx logs as:

[error] connect() failed (111: Connection refused) while connecting to upstream
upstream: "fastcgi://127.0.0.1:9000"

First, confirm if PHP-FPM is actually running:

sudo service php5-fpm status
# Or for newer systems:
sudo systemctl status php7.x-fpm

If the service isn't running, start it with:

sudo service php5-fpm start

Verify which port PHP-FPM is configured to use:

sudo netstat -tulnp | grep php
# Alternative:
sudo lsof -i -P -n | grep php

Examine the PHP-FPM pool configuration (typically in /etc/php5/fpm/pool.d/www.conf):

listen = 127.0.0.1:9000
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Ensure your Nginx server block has the correct FastCGI pass:

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

Check if the port is blocked:

sudo ufw status
sudo iptables -L -n

For SELinux systems:

sudo setsebool -P httpd_can_network_connect 1

Alternatively, you can configure PHP-FPM to use a Unix socket:

listen = /var/run/php/php7.4-fpm.sock

# Corresponding Nginx configuration:
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

To further diagnose connection issues:

# Test if port 9000 is accessible locally
telnet 127.0.0.1 9000

# Check PHP-FPM error logs
tail -f /var/log/php5-fpm.log
# Or for newer versions:
tail -f /var/log/php7.x-fpm.log

Remember to restart services after configuration changes:

sudo service php5-fpm restart
sudo service nginx restart

When setting up a LEMP stack on Ubuntu 14.04, encountering a 502 Bad Gateway error with Nginx reporting "connection refused" to PHP-FPM typically indicates a fundamental communication breakdown between the web server and PHP processor. The key evidence lies in the error log:

[error] 22838#0: *7 connect() failed (111: Connection refused) while connecting to upstream
upstream: "fastcgi://127.0.0.1:9000"

First, let's thoroughly check PHP-FPM's operational status:

sudo service php5-fpm status
# Alternative check:
ps aux | grep php-fpm | grep -v grep

If the service isn't running, start it with:

sudo service php5-fpm start

The listening configuration is crucial. Check the pool configuration file (typically at /etc/php5/fpm/pool.d/www.conf):

grep -E 'listen|listen\.allowed_clients' /etc/php5/fpm/pool.d/www.conf

# Expected output for TCP socket:
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1

# Or for Unix socket:
listen = /var/run/php5-fpm.sock

Test if the port is actually listening:

netstat -tulnp | grep 9000
# Or using ss:
ss -tulnp | grep php

If using TCP socket, test connectivity manually:

telnet 127.0.0.1 9000
# If unavailable:
nc -zv 127.0.0.1 9000

Ensure your Nginx server block matches PHP-FPM's listening method. For TCP:

location ~ \.php$ {
    fastcgi_pass 127.0.0.1:9000;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

For Unix socket:

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    # rest remains same
}

For Unix socket configurations, verify socket file permissions:

ls -la /var/run/php5-fpm.sock
# Ensure www-data (or Nginx user) has access:
sudo chown www-data:www-data /var/run/php5-fpm.sock

Enable detailed PHP-FPM logging in /etc/php5/fpm/php-fpm.conf:

log_level = debug
error_log = /var/log/php5-fpm.log

Restart services to apply changes:

sudo service php5-fpm restart
sudo service nginx restart

Check if local firewall blocks the port:

sudo iptables -L -n | grep 9000
# Temporary allow:
sudo iptables -A INPUT -p tcp --dport 9000 -j ACCEPT