What are common Nginx problems? How to troubleshoot?

What are common Nginx problems? How to troubleshoot?

Nginx may encounter various problems during operation. Mastering troubleshooting methods is crucial for quickly resolving issues.

Common Problems and Solutions:

1. 502 Bad Gateway

Cause: Backend service unavailable or connection timeout

Troubleshooting Steps:

bash
# Check backend service status
systemctl status php-fpm
systemctl status nginx

# Check backend service port
netstat -tlnp | grep :9000

# Check Nginx error log
tail -f /var/log/nginx/error.log

# Check backend service log
tail -f /var/log/php-fpm/error.log

Solution:

nginx
# Increase timeout
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;

# Check backend service configuration
fastcgi_connect_timeout 60s;
fastcgi_send_timeout 60s;
fastcgi_read_timeout 60s;

2. 504 Gateway Timeout

Cause: Backend service processing time too long

Troubleshooting Steps:

bash
# Check backend service performance
top -u nginx
htop

# Check database connections
mysql -u root -p -e "SHOW PROCESSLIST;"

# Check slow query log
tail -f /var/log/mysql/slow.log

Solution:

nginx
# Increase timeout
proxy_read_timeout 300s;
fastcgi_read_timeout 300s;

# Optimize backend service performance
# Optimize database queries
# Add caching

3. 403 Forbidden

Cause: Insufficient permissions or access control restrictions

Troubleshooting Steps:

bash
# Check file permissions
ls -la /var/www/html

# Check Nginx user
ps aux | grep nginx

# Check SELinux status
getenforce

# Check firewall rules
iptables -L -n

Solution:

bash
# Modify file permissions
chown -R nginx:nginx /var/www/html
chmod -R 755 /var/www/html

# Temporarily disable SELinux
setenforce 0

# Add firewall rules
firewall-cmd --add-service=http --permanent
firewall-cmd --reload

4. 404 Not Found

Cause: File doesn't exist or path configuration error

Troubleshooting Steps:

bash
# Check if file exists
ls -la /var/www/html

# Check Nginx configuration
nginx -T | grep root

# Check symbolic links
readlink -f /var/www/html

Solution:

nginx
# Check root configuration
server {
    listen 80;
    server_name example.com;
    root /var/www/html;
    index index.html index.php;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

5. 413 Request Entity Too Large

Cause: Uploaded file exceeds limit

Solution:

nginx
# Increase client_max_body_size
client_max_body_size 100m;

# PHP configuration
# /etc/php.ini
upload_max_filesize = 100M
post_max_size = 100M

6. Insufficient Connections

Cause: worker_connections set too small

Troubleshooting Steps:

bash
# Check current connections
netstat -an | grep :80 | wc -l

# Check Nginx status
curl http://localhost/nginx_status

# Check system limits
ulimit -n

Solution:

nginx
# Increase connections
events {
    worker_connections 10240;
}

# Increase file descriptor limit
worker_rlimit_nofile 65535;

Diagnostic Tools:

1. Configuration Testing

bash
# Test configuration file
nginx -t

# Display configuration
nginx -T

# Check configuration syntax
nginx -c /etc/nginx/nginx.conf -t

2. Status Monitoring

nginx
# Enable status page
location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
}

3. Log Analysis

bash
# Real-time error log viewing
tail -f /var/log/nginx/error.log

# View last 100 lines of errors
tail -n 100 /var/log/nginx/error.log

# Search for specific errors
grep "502" /var/log/nginx/error.log

# Count errors
awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -rn

4. Performance Analysis

bash
# Use strace to trace system calls
strace -p $(pidof nginx)

# Use tcpdump to capture packets
tcpdump -i eth0 port 80 -w nginx.pcap

# Use netstat to view connections
netstat -an | grep :80 | awk '{print $6}' | sort | uniq -c

Performance Problem Troubleshooting:

1. High CPU Usage

bash
# Check CPU usage
top -p $(pidof nginx)

# Check worker process count
ps aux | grep nginx | wc -l

# Check CPU affinity
taskset -cp $(pidof nginx)

Solution:

nginx
# Adjust worker_processes
worker_processes auto;

# Bind CPU cores
worker_cpu_affinity auto;

# Enable efficient file transfer
sendfile on;
tcp_nopush on;

2. High Memory Usage

bash
# Check memory usage
free -m

# Check process memory
ps aux | grep nginx | awk '{print $6}' | awk '{sum+=$1} END {print sum}'

# Check memory leaks
valgrind --leak-check=full nginx

Solution:

nginx
# Reduce buffer sizes
client_body_buffer_size 128k;
client_header_buffer_size 1k;

# Optimize connections
worker_connections 4096;

# Enable file caching
open_file_cache max=100000 inactive=20s;

3. Slow Response

bash
# Check response time
curl -w "@curl-format.txt" -o /dev/null -s http://example.com

# Check network latency
ping example.com

# Check DNS resolution
nslookup example.com

Solution:

nginx
# Enable Gzip compression
gzip on;
gzip_min_length 1024;

# Enable caching
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache:10m;

# Optimize TCP parameters
tcp_nodelay on;
tcp_nopush on;

Security Problem Troubleshooting:

1. DDoS Attacks

bash
# Check abnormal connections
netstat -an | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn

# Check request frequency
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -20

Solution:

nginx
# Enable rate limiting
limit_req_zone $binary_remote_addr zone=limit:10m rate=10r/s;
limit_req zone=limit burst=20 nodelay;

# Limit connections
limit_conn_zone $binary_remote_addr zone=conn:10m;
limit_conn conn 10;

2. Malicious Access

bash
# Check suspicious User-Agents
grep "bot" /var/log/nginx/access.log

# Check SQL injection attempts
grep "union.*select" /var/log/nginx/access.log

Solution:

nginx
# Block malicious User-Agents
if ($http_user_agent ~* (bot|crawl|spider)) {
    return 403;
}

# Prevent SQL injection
if ($args ~* "union.*select.*\(") {
    return 403;
}

Monitoring and Alerting:

1. System Monitoring

bash
# Use Prometheus + Grafana
# Use Zabbix
# Use Nagios

2. Log Monitoring

bash
# Use ELK Stack
# Use Graylog
# Use Fluentd

3. Automatic Alerting

bash
# Use Alertmanager
# Use PagerDuty
# Use Slack integration

Best Practices:

1. Regular configuration backups: Backup Nginx configuration files
2. Monitor logs: Real-time monitoring of error logs
3. Performance testing: Regular stress testing
4. Documentation: Record common problems and solutions
5. Automated deployment: Use configuration management tools
6. Version control: Use Git to manage configuration files
7. Regular updates: Keep Nginx version up to date
8. Security audits: Regular security checks

Troubleshooting Workflow:

shell
1. Confirm problem symptoms
   ↓
2. Check Nginx status
   ↓
3. View error logs
   ↓
4. Check configuration files
   ↓
5. Check backend services
   ↓
6. Check system resources
   ↓
7. Apply solution
   ↓
8. Verify fix
   ↓
9. Document problem and solution