Duniter Web interface 502 Bad Gateway

Support
1

Hardware

  • Raspberry Pi 2

Now that my domain is accessible, I run into the next problem.
That being that https://duniter-folatt.nohost.me/webui returns 502 Bad Gateway

I’ve also tried accessing the webui after starting duniter webstart with the same result.
I also downloaded and modified the duniter.service file from github to my Yunohost.

/lib/systemd/system/duniter.service

[Unit]
Description=Duniter node
After=network.target
ConditionPathExists=/root/.config/duniter/duniter_default/duniter.db

[Service]
Group=root
User=root
Type=forking
ExecStart=/usr/bin/duniter webstart
ExecReload=/usr/bin/duniter webrestart
ExecStop=/usr/bin/duniter stop
Restart=on-failure

[Install]
WantedBy=multi-user.target

admin@Xroklaus:~ $ sudo systemctl status duniter
● duniter.service - Duniter node
   Loaded: loaded (/lib/systemd/system/duniter.service; enabled)
   Active: active (running) since Sun 2017-10-29 12:55:17 CET; 1min 39s ago
  Process: 709 ExecStart=/usr/bin/duniter webstart (code=exited, status=0/SUCCESS)
 Main PID: 1775 (duniter_default)
   CGroup: /system.slice/duniter.service
           └─1775 duniter_default

Oct 29 12:55:03 Xroklaus duniter[709]: Starting duniter_default daemon...
Oct 29 12:55:17 Xroklaus duniter[709]: duniter_default daemon started. PID: 1775
Oct 29 12:55:17 Xroklaus systemd[1]: Started Duniter node.

/root/.config/duniter/duniter_default/duniter.log

2017-10-29T12:42:43+01:00 - ^[[32minfo^[[39m: Block resolution: 0 potential blocks for root block...
2017-10-29T12:42:44+01:00 - ^[[32minfo^[[39m: Web administration accessible at following address: http://localhost:9220
2017-10-29T12:52:46+01:00 - ^[[32minfo^[[39m: Block resolution: 0 potential blocks for root block...
2017-10-29T12:52:47+01:00 - ^[[32minfo^[[39m: Web administration accessible at following address: http://localhost:9220
2017-10-29T12:55:17+01:00 - ^[[32minfo^[[39m: Block resolution: 0 potential blocks for root block...
2017-10-29T12:55:17+01:00 - ^[[32minfo^[[39m: Web administration accessible at following address: http://localhost:9220

/etc/hosts

::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       Xroklaus

/var/log/nginx/duniter-folatt.nohost.me-error.log

2017/10/29 12:58:19 [error] 1008#0: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 83.163.103.119, server: duniter-folatt.nohost.me, request: "GET /webui HTTP/1.1", upstream: "http://127.0.0.1:9220/", host: "duniter-folatt.nohost.me", referrer: "https://duniter-folatt.nohost.me/yunohost/sso/?r=aHR0cHM6Ly9kdW5pdGVyLWZvbGF0dC5ub2hvc3QubWUvd2VidWk="

/etc/nginx/conf.d/duniter-folatt.nohost.me.d/duniter.conf

location / {
       proxy_set_header        X-Real-IP       $remote_addr;
       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header        Host            $http_host;
       proxy_set_header        X-NginX-Proxy  true;

       proxy_pass             http://127.0.0.1:10901;
       proxy_redirect          off;

       # Socket.io support
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_read_timeout 86400s; 
       proxy_send_timeout 86400s;

	location ~ \.(js|css|woff|woff2|ttf|png) {
		proxy_pass http://127.0.0.1:9220;
		access_by_lua_file /usr/share/ssowat/access.lua;
	}
	
	location /cesium {
		proxy_pass http://127.0.0.1:9220;
		access_by_lua_file /usr/share/ssowat/access.lua;
		# Include SSOWAT user panel.
		include conf.d/yunohost_panel.conf.inc;
	}

	location /webui {
		proxy_pass http://127.0.0.1:9220/;
		access_by_lua_file /usr/share/ssowat/access.lua;
		# Include SSOWAT user panel.
		include conf.d/yunohost_panel.conf.inc;
	}

	location ~ /webmin {
		proxy_pass http://127.0.0.1:9220$uri;
		access_by_lua_file /usr/share/ssowat/access.lua;
	}
	
	location ~ /modules {
		proxy_pass http://127.0.0.1:9220;
		access_by_lua_file /usr/share/ssowat/access.lua;
	}

}

Port listening check

sudo netstat -tnlp | grep :9220
tcp6       0      0 ::1:9220                :::*                    LISTEN      1775/duniter_defaul
2

I’ve the same issue, more details here: Installation d’un nœud Duniter à l’aide de YunoHost

3

It looks like you have an extra issue, so at least you know now that not being able to run duniter webstart is unrelated to the bad gateway 502 / 111: Connection refused problem.

Can you check if you have 111: Connection refused as well?

4

You should have a dedicated domain name. Does only Duniter is installed on this domain name?

1 Like
5

Yes. Only Duniter is installed on it and duniter-folatt.nohost.me is the dedicated domain name. That is, only duniter is dedicated to the domain name.
I do have another domain name that goes to the same IP address.

I currently have ports 80, 443, 9220, 10901 forwarded to this server.

6

Only this two ports are needed to make works Duniter correctly.

1 Like
7

Okay, dropped those. I still have the same problem.

8

I don’t know from where come from the problem you encounter.
Could you give me more info. Are you using an ARM board?

1 Like
9

Yes. I’m using a Raspberry Pi 2.

I’m getting the feeling that my encounter has a lot to do with https://serverfault.com/questions/317393/connect-failed-111-connection-refused-while-connecting-to-upstream, in particular Quake1TF’s answer.

10

@Lapineige are you also running on a RPi?
You two, are you running the RPi image provided by YunoHost?

It might be possible that the domain name localhost isn’t working fine on RPi image as there are known that IPv6 is not enabled.

Could you please try to change all localhost strings to 127.0.0.1 inside the nginx conf file and reload nginx to see if it works out.

1 Like
11 
127.0.0.1       localhost duniter-folatt.nohost.me

Why do you have that on your hosts file? How did it happen?

1 Like
12

I think I did that myself.

127.0.0.1       duniter-folatt.nohost.me

This was suggested somewhere and I added localhost.

13

That’s a shitty thing.
You should remove it.
It should works now.
Where did found this info?

1 Like
14

Wait a couple of minutes. I need to fix something else.

[update]

Here it is. At that moment I had problems with Let’s Encrypt.

[update #2]

Simply removing the 127.0.0.1 line and rebooting didn’t work. I’ll try replacing localhost with 127.0.0.1 in duniter.conf now. Once that does or doesn’t work, I’ll go to bed.

[update #3]

Same problem. Only difference is that upstream: "http://[::1]:9220/"changed to upstream: "http://127.0.0.1:9220/" in the error log.
Bonne nuit.

15

No, it’s a VPS.
I installed Yunohost from a fresh debian install, not from the official image. (I also did this on my RPi 3, IPv6 enabled, but I have not checked if duniter works here - not enough memory)

IPv6 is enabled on my VPS.

Where should I do that ?

16

Lapineige,

What’s your output of cat /var/log/nginx [domain.tld]-error.log?

17

Yes. It’s becoming clear to me that it’s port 9220 of proxy_pass 127.0.0.1 connection being refused.
I don’t know what a proxy_pass is though. I’m reading that it’s called a reverse proxy.

18

Basically proxy_pass / reverse proxies is saying “I’m the web server (nginx) and somebody wants to access page /toto. But this page is to be generated by a program (Duniter or something), and to ask this page to the program, I should talk to it on 127.0.0.1:9220, it’ll give me the page”

1 Like
19

Thanks for clearing that up for me.

Now I know why port 9220 doesn’t need to be opened to the outside.
And this probably means that Duniter has to have something running that listens to port 9220.

It also looks like installing Duniter has not resulted into a systemd service running Duniter.
I forgot to turn on again after a reboot, but after starting it again, I still get the same error.

20

Problem solved!

I don’t know what exactly I did wrong/right, but the settings were correct all along, so perhaps all that’s needed is the service file.