Error 502 >> New Ubuntu 22.04, New IPSconfig, 5 WordPress sites

Hello,

I'm asking for your help to fix frequent Error 502 pages on a new install of ISPConfig (latest ISPConfig on new Ubuntu 22.04, done 4 days ago.)

I've been using ISPConfig for a few years & still learning. I'm not techy, but can follow step-by-step guides from you if you need further info. I replaced some long report text with "..." (2k char limit/post)

Thanks

** Server, Installation, & Error Info **

#1. VPS: 3 CPUs, 2GB RAM, lots of disk space.
Ubuntu server generally is using about 0.62 / 1.93 GB.
Testing several WordPress sites or running WP backup, max RAM: 1.70 GB of 1.93 GB.
#2. Installed Ubuntu 22.04
#3. Used automated install to prep Ubuntu 22.04 with Nginx, MariaDb...
Tutorial: "Perfect Server Automated ...Ubuntu 22.04"
https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
Auto-install command:

Code:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades

#4. Firewall ports as instructed.
#4.b. This new ISPConfig system, I use Directive Snippets by Til:
For NGINX

Code:

client_max_body_size 100M;
location / {
   try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
   expires max;
   log_not_found off;
}

For PHP

Code:

display_errors = On
post_max_size = 99M
upload_max_filesize = 255M
max_execution_time = 220
memory_limit = 256M
max_input_vars = 2000

All WP sites in ISPConfig use above 2 Directive Snippets.

#5. Created 9 new sites with ISPconfig. 5 sites are WP with databases. Restored WP sites that were running on earlier versions of Ubuntu (with NGINX) and latest version of ISPconfig.
Used Duplicator Pro plugin (by Snapcreek).
PHP-FPM, PHP v7.4 on 4 sites. PHP v5.6 on 1 site.
All have LetsEncrypt SSL certs.
#5.a. Some sites, when restored using the Duplicator install.php script showed "Warnings":
.. Warning 1 - Character Set & Collation Support (Continued. I only use English in the sites & no special chars)

Code:

STATUS
character set and collation isn't supported on current  database. "Legacy Character set"  and "Legacy Collation" will be replaced with default values.
DETAILS
This test  checks to  make sure this database can support the character set and collations found in the dup-installer/dup
database_[HASH].sql script.
Character set list
utf8mb4 utf8
Collations  list
GE3
GD
utf8_general_ci           (ID utf8mb4_general_ci           Ge33 utf8mb4_unicode_520_ci (233
utf8mb4_unicode_ci          (e3
The DB where the package was created  has a character set  & collation  that  is not supported on this server. This issue happens when a site is moved from  an newer version of MySQL to  a older version of MySQL. The recommended fix  is to  update MySQL on this server to  support the character set that  is failing below. If this is not  an option  for  your  host,  then  you can continue  the  installation.  Invalid  values will  be replaced  with  the default values.  For more details about this issue and  other
details regarding this issue see the  FAQ link below.
Default charset and setting in  current installation
DB_CHARSET  = utf8mb4
DB_COLLATE = utf8mb4_general_ci

.. Warning 2 - Can't extract files (proceeded with install of backup and websites working correctly)
.. FILE: stats/index.php
.. Message: Error opening /var/www/clients/client1/web8/web/stats/index.php
.. The /stats/index.php file is there, a 3kb file.

** ALL SITES WORK but ERROR 502 is often displayed **
To recreate the ERROR 502:
(A) After REBOOT of Ubuntu v22, ALL sites (WP & Static HTML sites) work OK.
(B) Eventually after page accesses by web browser or running heavy processes (such as a new WP site backup: Duplicator Pro plugin), ALL of the WP sites show ERROR 502 page. But static HTML sites continue to work successfully.
(C) Before reboot (so that ALL sites work again) I run tests:
systemctl status nginx

Code:

root@u22:~# systemctl status nginx
● nginx.service - A high performance web server & a reverse proxy server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
    Active: active (running) since Tue 2023-03-28 22:20:21 UTC; 1h 1min ago
      Docs: man:nginx(8)
   Process: 800 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Process: 912 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Process: 4112 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
...
    CGroup: /system.slice/nginx.service
            ├─ 926 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
            ├─4119 "nginx: worker process" "" ... "" ""
            └─4120 "nginx: worker process" "" ... "" ""
Mar 28 22:20:20 u22 systemd[1]: Starting A … proxy server...
...
Mar 28 22:32:02 u22 systemd[1]: Reloaded … proxy server.
root@u22:~#

ps aux | grep php-fpm

Code:

root@u22:~# ps aux | grep php-fpm
root         673  0.0  0.8 189972 16444 ?        Ss   22:20   0:00 php-fpm: master process (/etc/php/5.6/fpm/php-fpm.conf)
root         674  0.0  1.0 189736 20632 ?        Ss   22:20   0:00 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
...
root         680  0.0  0.6 257836 12704 ?        Ss   22:20   0:00 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
root         681  0.0  0.6 254456 13608 ?        Ss   22:20   0:00 php-fpm: master process (/etc/php/8.0/fpm/php-fpm.conf)
root         682  0.0  0.6 259840 12576 ?        Ss   22:20   0:00 php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)
www-data     829  0.0  0.4 259056  8528 ?        S    22:20   0:00 php-fpm: pool www
www-data     830  0.0  0.4 259056  8528 ?        S    22:20   0:00 php-fpm: pool www
ispapps      832  0.0  0.4 259700  8204 ?        S    22:20   0:00 php-fpm: pool apps-{fpm_domain}
web1         833  0.7  2.2 337836 44960 ?        S    22:20   0:29 php-fpm: pool web1
ispapps      835  0.0  0.4 259700  8204 ?        S    22:20   0:00 php-fpm: pool apps-{fpm_domain}
ispconf+     836  0.0  1.0 260804 20436 ?        S    22:20   0:01 php-fpm: pool ispconfig
web1         839  0.7  2.2 337756 44820 ?        S    22:20   0:30 php-fpm: pool web1
...
web6         843  0.4  4.5 338920 92972 ?        S    22:20   0:18 php-fpm: pool web6
…
web9       22232  0.0  1.4 260384 30240 ?        S    23:13   0:00 php-fpm: pool web9
root       27076  0.0  0.0   7004  2008 pts/1    R+   23:25   0:00 grep --color=auto php-fpm
root@u22:~#

cat htf_report.txt | more

Code:

root@u22:~# wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php
## SCRIPT FINISHED ##
root@u22:~# cat htf_report.txt | more
## SERVER ##
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 22.04
[INFO] uptime:  21:55:56 up 11 min,  2 users,  load average: 0.30, 0.22, 0.16
[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:           1.9Gi       1.6Gi        73Mi       171Mi       225Mi        23Mi
Swap:             0B          0B          0B
[INFO] systemd failed services status:
  UNIT                      LOAD   ACTIVE SUB    DESCRIPTION
● clamav-daemon.service     loaded failed ...Clam AntiVirus userspace daemon
● snap.lxd.activate.service loaded failed ...Service for snap application lxd.activate
LOAD   = Reflects …
ACTIVE = The high-level …
SUB    = The low-leve…
2 loaded units listed.
[INFO] ISPConfig installed.
## ISPCONFIG ##
ISPConfig version is 3.2.9p1
## VERSION CHECK ##
[INFO] php (cli) version is 8.1
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.1
## RUNNING SERVER PROCESSES ##
[INFO] I found the following web server(s):
       Unknown process (nginx:) (PID 924)
…
## LISTENING PORTS ##
(only           ()
Local           (Address)
[localhost]:6379                (682/redis-server)
...
[anywhere]:465          (1525/master)
[localhost]:53          (756/named)
[localhost]:53          (756/named)
[anywhere]:443          (924/nginx:)
...
[anywhere]:80           (924/nginx:)
[anywhere]:25           (1525/master)
[anywhere]:22           (742/sshd:)
[anywhere]:21           (1028/pure-ftpd)
[anywhere]:3306         (816/mariadbd)
...
[anywhere]:8080         (924/nginx:)
[anywhere]:8081         (924/nginx:)
[anywhere]:587          (1525/master)
[localhost]:11211               (664/memcached)
[localhost]:953         (756/named)
[localhost]:953         (756/named)
***.***.***.***:53              (756/named)
***.***.***.***:53              (756/named)
[localhost]:6010                (2627/sshd:)
***.***.***.***:53              (616/systemd-resolve)
[localhost]:10023               (929/postgrey)
***.***.***.***:40110           (1682/pure-ftpd)
...
*:*:*:*::*:53           (756/named)
*:*:*:*::*:53           (756/named)
*:*:*:*::*:6379         (682/redis-server)
*:*:*:*::*:465          (1525/master)
*:*:*:*::*:443          (924/nginx:)
...
*:*:*:*::*:80           (924/nginx:)
*:*:*:*::*:25           (1525/master)
*:*:*:*::*:22           (742/sshd:)
*:*:*:*::*:21           (1028/pure-ftpd)
*:*:*:*::*:3306         (816/mariadbd)
...
*:*:*:*::*:53           (756/named)
*:*:*:*::*:53           (756/named)
*:*:*:*::*:8080         (924/nginx:)
*:*:*:*::*:8081         (924/nginx:)
*:*:*:*::*:587          (1525/master)
*:*:*:*::*:6010         (2627/sshd:)
*:*:*:*::*:10023                (929/postgrey)
*:*:*:*::*184d:e9ff:fe96:53             (756/named)
*:*:*:*::*184d:e9ff:fe96:53             (756/named)
*:*:*:*::*:953          (756/named)
*:*:*:*::*:953          (756/named)
## IPTABLES ##
Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0
...
ufw-track-input  all  --  [anywhere]/0            [anywhere]/0
Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0
ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0
ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0
ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0
ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0
ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0
ufw-before-output  all  --  [anywhere]/0            [anywhere]/0
ufw-after-output  all  --  [anywhere]/0            [anywhere]/0
ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0
ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0
ufw-track-output  all  --  [anywhere]/0            [anywhere]/0
Chain ufw-after-forward (1 references)
target     prot opt source               destination
Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
…
ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target     prot opt source               destination
Chain ufw-after-output (1 references)
target     prot opt source               destination
Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
…
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0
Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  [anywhere]/0            [anywhere]/0
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
…
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  all  --  [anywhere]/0            [anywhere]/0
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  all  --  [anywhere]/0            [anywhere]/0
Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination
Chain ufw-before-logging-input (1 references)
target     prot opt source               destination
Chain ufw-before-logging-output (1 references)
target     prot opt source               destination
Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  [anywhere]/0            [anywhere]/0
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  [anywhere]/0            [anywhere]/0
Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target     prot opt source               destination
…
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       all  --  [anywhere]/0            [anywhere]/0
Chain ufw-reject-forward (1 references)
target     prot opt source               destination
Chain ufw-reject-input (1 references)
...
Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
...
target     prot opt source               destination
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
Chain ufw-user-forward (1 references)
target     prot opt source               destination
Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
…
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLO
CK] "
REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     all  --  [anywhere]/0            [anywhere]/0
Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination
Chain ufw-user-logging-input (0 references)
target     prot opt source               destination
Chain ufw-user-logging-output (0 references)
target     prot opt source               destination
Chain ufw-user-output (1 references)
target     prot opt source               destination

## LET'S ENCRYPT ##
acme.sh is installed in /root/.acme.sh/acme.sh
root@u22:~#

** Summary **
I hope your expertise can be a source of resolution for the continual ERROR 502 pages. I must reboot the server 10++ times per day until this is fixed.

My beliefs:
** New VPS server with 3 CPUs, 2GB RAM & lots of disk space
** Ubuntu 22.04 fresh install, automated NGINX web server install using your "Perfect Server ... ISPconfig for Ubuntu 22.04" (at: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ ) should give a reliable, hi-performance platform to host WP and static HTML sites.

I would expect that you have many such Ubuntu ISPConfig installations and WP should be a common use for ISPConfig systems.

 

Till, Thanks for your solution and link to the Ubuntu Swap File instructions.
After creating a 6GB /swapfile, the system has not shown the Error 502 page.
I will continue to monitor it. So far, so good.

By the way, one of the comments on your https://www.howtoforge.com/ubuntu-swap-file page suggests using "fallocate" instead of "dd". After some research, I see that your recommendation to use the "dd" command is most recommended. the "dd" command creates /swapfile that has no holes (is contiguous) so performance hits are minimized.

Thanks again.