id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 2096 proxy_next_upstream returns 502 Bad Gateway when one of the servers is down pszemus@… "Using `proxy_next_upstream` gives an inconsistent behaviour when one of upstream's server is down. Take this simple configuration: {{{ events {} http { upstream test_upstream { server postman-echo.com; server postman-echo.com; } server { proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_403 http_404; location / { proxy_pass http://test_upstream; } } } }}} Every request to postman-echo.com that returns 500/502/503/504/403/404 is repeated to the other server. Eg. {{{ $ curl -i localhost/status/403 HTTP/1.1 403 Forbidden Server: nginx/1.18.0 [...] }}} In the above example the first server from the upstream's group returned 403 then the second one returned 403 and finally nginx returned 403 to client (`curl`). The same happens with the rest, configured in `proxy_next_upstream`, HTTP codes. But as soon as one of the servers is marked `down` : {{{ upstream test_upstream { server postman-echo.com; server postman-echo.com down; } }}} nginx reports: {{{ 2020/11/16 08:55:18 [error] 559#0: *1 no live upstreams while connecting to upstream, client: 127.0.0.1, server: , request: ""GET /status/403 HTTP/1.1"", upstream: ""http://test_upstream/status/403"", host: ""localhost"" }}} and returns 502 Bad Gateway: {{{ $ curl -i localhost/status/403 HTTP/1.1 502 Bad Gateway Server: nginx/1.18.0 [...] 502 Bad Gateway

502 Bad Gateway


nginx/1.18.0
}}} The `no live upstreams` message is odd because there is a live upstream - the first servers is live. I'd suspect the consistent behaviour to return 403 from the first (available) upstream server." defect closed minor nginx-module 1.18.x fixed ngx_http_proxy_module, proxy_next_upstream Linux pszemus-legion 4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.18.0 built by gcc 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC) built with OpenSSL 1.1.1d FIPS 10 Sep 2019 (running with OpenSSL 1.1.1g FIPS 21 Apr 2020) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'"