Home / 502 Bad Gateway error after upgrading Nginx and/or PHP

502 Bad Gateway error after upgrading Nginx and/or PHP

After doing an upgrade on my Debian virtual server, which upgraded PHP and Nginx, I got a “502 Bad Gateway” error when browsing websites on that server. This post shows how to fix this problem, and the configuration option to prevent it occurring again on reboot. 

tl;dr

Edit /etc/php5/fpm/pool.d/www.conf and uncomment the following:
    listen.owner = www-data
    listen.group = www-data
    listen.mode = 0660

Then run:
    sudo service php5-fpm restart

Longer answer

As well as the error in the browser, I was getting this error in the Nginx error log: 

[crit] 2686#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.50.1, server: [...], request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "[...]"

The problem is caused by the permissions and ownership of the /var/run/php5-fpm.sock file, which after I’d done the upgrade change to something like root:root and 0660, so it couldn’t be accessed by the www-data user which Nginx was running as.

The immediate solution is to change the permissions and/or ownership of the file like so:

chmod 0666 /var/run/php5-fpm.sock

OR

chmod 0660 /var/run/php5-fpm.sock
chown www-data:www-data /var/run/php5-fpm.sock

The only catch is this won’t persist after the server is restarted. To prevent the issue from occurring again, edit the /etc/php5/fpm/pool.d/www.conf file:

sudo nano /etc/php5/fpm/pool.d/www.conf

Locate the following lines and uncomment them:

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

If you already changed the ownership/permissions of the socket file as shown above, then you don’t need to do anything else now. If you didn’t, then run this: 

sudo service php5-fpm restart

This re-creates the socket file with the ownership and permissions as configured in the file.