I have an Elastic Beanstalk application running on AWS for development purpose. It's running Amazon Linux 2 image which comes with NGINX.
Today I pulled some logs and noticed lots of these in the error logs:
2021/06/24 14:44:52 [error] 10780#10780: *31743 "/usr/share/nginx/html/owa/index.html" is not found (2: No such file or directory), client: 172.XXX.XXX.XXX, server: localhost, request: "GET /owa/ HTTP/1.1", host: "44.XXX.XXX.XXX"
2021/06/24 15:09:50 [error] 10780#10780: *32145 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 172.XXX.XXX.XXX, server: localhost, request: "GET /.env HTTP/1.1", host: "35.XXX.XXX.XXX"
2021/06/24 15:36:11 [error] 10780#10780: *32566 open() "/usr/share/nginx/html/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" failed (2: No such file or directory), client: 172.XXX.XXX.XXX, server: localhost, request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", host: "35.XXX.XXX.XXX"
2021/06/24 13:14:42 [error] 10780#10780: *30267 open() "/usr/share/nginx/html/system_api.php" failed (2: No such file or directory), client: 172.XXX.XXX.XXX, server: localhost, request: "GET /system_api.php HTTP/1.1", host: "35.XXX.XXX.XXX"
What does the 10780#10780: *30267 mean? What are the server, host, and client in this context?
What would be making these GET requests to the these locations? Do NGINX normally have .html, .php, and .env files at these locations, or is it some bot that's just blindly trying to see if I have left sensitive information on the server?
If it's spam, how can I block these?
Thank you.
I use fail2ban (you can search tutorials on the net to install) with the following settings in /etc/fail2ban/jail.local
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
And the following contents in /etc/fail2ban/filter.d/nginx-4xx.conf
[Definition]
failregex = ^<HOST>.*"(GET|HEAD|POST).*" (404|444|403|400|499) .*$
ignoreregex =
This gets rid of all those bots blindly exploring my site. Also fyi, my bantime settings is -1 (ban forever), but that should only be used when you are sure there are no broken links.
Related
I am attempting to deploy a locally developed web application as an aws instance. The application is web based with a node.js back end. I uploaded the application using aws's Elastic Beanstalk which is pretty straightforward and worked well. I received a green health checkmark after the deployment was completed.
However, when I selected the url at the top of the Dashboard to open my newly deployed app, I received a '502 Bad Gateway' error. I did a Google search to identify what the error was and how to correct it without much success. Most of the suggestions were to refresh the page and it would somehow go away 'by itself'. It didn't. I also read through the Elastic Beanstalk war - 502 Bad Gateway stackoverflow question also without much success.
Here is the output of the error.log that I downloaded from aws:
2018/10/11 15:04:24 [error] 2946#0: *231 connect() failed (111:
Connection refused) while connecting to upstream, client: 172.31.88.17,
server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8081/",
host: "sowapp-env.bpcts5p34k.us-east-1.elasticbeanstalk.com"
2018/10/11 15:04:24 [error] 2946#0: *231 connect() failed (111:
Connection refused) while connecting to upstream, client: 172.31.88.17,
server: , request: "GET /favicon.ico HTTP/1.1", upstream:
"http://127.0.0.1:8081/favicon.ico", host: "sowapp-env.bpcts5p34k.us-east-1.elasticbeanstalk.com", referrer: "http://sowapp-env.bpcts5p34k.us-east-1.elasticbeanstalk.com/"
2018/10/11 15:05:13 [error] 2946#0: *231 connect() failed (111: Connection refused) while connecting to upstream, client: 172.31.88.17, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8081/", host: "sowapp-env.bpcts5p34k.us-east-1.elasticbeanstalk.com"
2018/10/11 15:05:13 [error] 2946#0: *231 connect() failed (111: Connection refused) while connecting to upstream, client: 172.31.88.17, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8081/favicon.ico", host: "sowapp-env.bpcts5p34k.us-east-1.elasticbeanstalk.com", referrer: "http://sowapp-env.bpcts5p34k.us-east-1.elasticbeanstalk.com/"
I also downloaded the nodejs.log which seems to indicate that the aws server is not pointing to the startup file, server.js.
Error: Cannot find module '/var/app/current/system.js'
at Function.Module._resolveFilename (module.js:476:15)
at Function.Module._load (module.js:424:25)
at Module.runMain (module.js:611:10)
at run (bootstrap_node.js:394:7)
at startup (bootstrap_node.js:160:9)
at bootstrap_node.js:507:3
module.js:478
throw err;
Suggestions are appreciated.
Thanks...
I would try this.
Set up a folder in your source your uploading to elastic beanstalk called .ebextensions
Create the files here to set your source and setup your application.
An example is creating a file called node-settings.config
(to run any npm commands your application needs to initialize) Example \/ from the link:
option_settings:
aws:elasticbeanstalk:container:nodejs:
NodeCommand: "npm start"
ProxyServer: apache
GzipCompression: true
aws:elasticbeanstalk:container:nodejs:staticfiles:
/images: myimages
Here is the link to show what you can set as Platform Specific Options in this file (nodejs):
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-specific.html
In my case, I tried changing the node.js port to 8081 and committed on local branch. Thereafter doing eb deploy from command line deployment solved my problem.
I have created a new server redash in aws Region us-west-2.
after a setup superset in server but error. I reboot server instance in aws and redash don't active.
Bad Gateway: The proxy server received an invalid response from an
upstream server HTTP Error 502 - Bad Gateway
check error in cat /var/log/nginx/error.log I see:
2018/09/27 17:33:06 [error] 1192#1192: *16 recv() failed (104:
Connection reset by peer) while reading response header from upstream,
client: 210.245.121.234, server: , request: "GET / HTTP/1.1",
upstream: "http://127.0.0.1:5000/", host: "54.191.135.96" 2018/09/27
17:33:06 [error] 1192#1192: *16 connect() failed (111: Connection
refused) while connecting to upstream, client: 210.245.121.234,
server: , request: "GET /favicon.ico HTTP/1.1", upstream:
"http://127.0.0.1:5000/favicon.ico", host: "54.191.135.96", referrer:
"http://54.191.135.96/"
Did you add your redash start command in your /etc/init.d/ configuration ?
A simple installation on a Ec2 Server will not do that for you, you have to ask your ec2 to launch redash on startup process
There is multiple ways to do that, AWS User data is one of them, try this out?
(If not, please provide us more information about your system and how you launch your redash)
I am following this link to https://www.linode.com/docs/websites/nginx/deploy-django-applications-using-uwsgi-and-nginx-on-ubuntu-14-04 to host django application on nginx server. I followed all steps mention in link but it show error while browsing site :502 Bad gateway.
I checked nginx error log file, it displays below error:
2017/03/04 07:09:21 [crit] 5131#0: *1 connect() to
unix:/pathToMyProjectFolder/sample.sock failed (2: No such file or
directory) while connecting to upstream, client: 127.0.0.1, server:
localhost, request: "GET / HTTP/1.1", upstream:
"uwsgi://unix:/pathToMyProjectFolder/sample.sock:", host:
"localhost:8087"
And sample.sock file is not actually present in my project folder. I don't understand how this file will get created.
I've used this tutorial for deploying rails app to aws http://www.sitepoint.com/deploy-your-rails-app-to-aws/
But when I try to open it in browser nginx says
2015/10/18 13:05:00 [crit] 11945#0: *1 connect() to unix:/home/deploy/app_name/shared/tmp/sockets/puma.sock failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://unix:/home/deploy/app_name/shared/tmp/sockets/puma.sock:/", host: "localhost"
What could be the problem? I've re-checked all the steps - seems like everything is correct.
Pro-guys, could you please review this tutorial and let me know why I have this error?
Thanks!
the issue was in my app. I have ElasticSearch usage in my models and elastic search wasn't installed. After installing it puma server started successfully
I am deploying a django webapp on digitalocean and I am using Nginx and Gunicorn.
And when I open my url, it shows 502 bad gateway.
In the nginx_errors.log, I find the following error message:
[error] 12229#0: *1 connect() to unix:/home/demo/webapps/hello/run/gunicorn.sock failed (111: Connection refused) while connecting to upstream, client: 123.45.6.78, server: demohello.com, request: "GET / HTTP/1.1", upstream: "http://unix:/home/demo/webapps/hello/run/gunicorn.sock:/", host: "demohello.com"
Is it because my nginx configuration is wrong? How to fix it?
You need to set the configurations for gunicorn correctly which is in /etc/init/gunicorn.conf.
Be careful with:
--name=django_project \
--pythonpath=django_project \
django_project.wsgi:application