does anyone have experience with ERPNext in combination with an NGINX server in front of it? I am getting 502 Bad Gateway messages nearly every time i am accessing ERPNext from mobile devices via internet.
My setup
- Multiple sub-domains directed to the public ip-address of my firewall -> 443 packets forwarded to my NGINX server -> NGINX server dealing with the different domains and routing the requests into my local network
- Except for the erpnext proxy_pass all other domains are routed without any issues, not matter if i access from PCs or mobile devices
- NGINX 1.18.0 running on a Ubuntu 20.04.6 LTS
- ERPNext running on a Ubuntu 22.04.4 LTS
What i have troubleshooted so far:
- I can force the 502 Bad Gateway pretty easily by connecting to erpnext from a mobile device, do some stuff within the app and then switch networks from WiFi to 5G and back. Atfer that i immediately get the 502 Bad Gateway.
- Mobile networks are mostly working with IPv6, WiFi in my case 99% IPv4
- When accessing erpnext from local network i am not getting any issues as my dns is directing any client directly to the erpnext host and bypasses the nginx server
- The NGINX error.log shows following message:
2024/03/02 11:06:00 [error] 631#631: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 109.42.xx.xx, server: erp.xx.xx, request: "GET /login HTTP/1.1", upstream: "https://192.168.xxx.xxx:443/", host: "erp.xx.xx", referrer: "https://erp.xx.xx/app/home>
My Nginx config:
http {
##
# Basic Settings
##
more_set_headers 'Server: ';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##buffer policy
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
##end buffer policy
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+>
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascr>
##
# Virtual Host Configs
##
Site-enabled:
server {
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/erp.xx.xx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/erp.xx.xx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_tokens off;
server_name erp.xx.xx;
location / {
proxy_pass https://192.168.xxx.xxx/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
client_max_body_size 0;
}
I hope somebody can help me with this.. Thank you!