Slash, 2018-09-02 08:56:59

How to overcome the error: "(104: Connection reset by peer) while reading response header from upstream?

Ubuntu 16, FastCGI (Nginx + PHP-FPM), PHP 7.2.
Since yesterday, the site periodically issues a 502 error, writes to the log:

2018/09/02 08:41:18 [error] 7016#7016: *7584 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: xx.xxx.xxx.xxx, server: site.com, request: "GET /page/url/ HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock:", host: "site.com"

My config:
user www-data;
worker_processes auto;
worker_rlimit_nofile 65000;
timer_resolution 100ms;
worker_priority -5;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections 4096;
  multi_accept on;
  use epoll;

http {
  include      /etc/nginx/mime.types;
  default_type application/octet-stream;

  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
          '$status $body_bytes_sent "$http_referer" '
          '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /var/log/nginx/access.log main;

  sendfile on;
  keepalive_timeout 65;

  reset_timedout_connection on;

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/vhosts/*/*.conf;

  client_body_buffer_size 8m;
  client_max_body_size    128m;

  open_file_cache max=200000 inactive=20s; 
  open_file_cache_valid 30s; 
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  server {
    server_name      localhost;
    disable_symlinks if_not_owner;

    include /etc/nginx/vhosts-includes/*.conf;

    location @fallback {
      error_log /dev/null crit;

      proxy_redirect /;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      access_log off ;

    listen 80;
    listen [::]:80;

And the second config:
server {
  server_name site.com www.site.com;
  charset UTF-8;
  index index.php;
  disable_symlinks if_not_owner from=$root_path;
  include /etc/nginx/vhosts-includes/*.conf;
  include /etc/nginx/vhosts-resources/site.com/*.conf;
  error_log /var/www/httpd-logs/site.com.error.log crit;
  ssi on;
  return 301 https://$host:443$request_uri;
  set $root_path /var/www/www-root/data/www/site.com;
  root $root_path;
  gzip on;
  gzip_comp_level 5;
  gzip_disable "msie6";
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
  error_log /var/www/httpd-logs/site.com.error.log notice;
  location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|ico)$ {
    expires 7d;
  location / {
    try_files $uri /index.php?do=$uri;
    location ~ [^/]\.ph(p\d*|tml)$ {
      try_files /does_not_exists @php;
  location @php {
    fastcgi_index index.php;
    fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
    try_files $uri =404;

    fastcgi_buffers 4 512k;
    fastcgi_busy_buffers_size 512k;
    fastcgi_temp_file_write_size 512k;

    include fastcgi_params;
  access_log off;
  listen default_server;
  listen [2a02:408:7722:54:77:222:63:224]:80 default_server;
server {
  server_name site.com www.site.com;
  ssl_certificate "/var/www/httpd-cert/www-root/site.com_le1.crtca";
  ssl_certificate_key "/var/www/httpd-cert/www-root/site.com_le1.key";
  ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  add_header Strict-Transport-Security "max-age=31536000;";
  ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
  charset UTF-8;
  index index.php;
  disable_symlinks if_not_owner from=$root_path;
  include /etc/nginx/vhosts-includes/*.conf;
  include /etc/nginx/vhosts-resources/site.com/*.conf;
  error_log /var/www/httpd-logs/site.com.error.log crit;
  ssi on;
  set $root_path /var/www/www-root/data/www/site.com;
  root $root_path;
  gzip on;
  gzip_comp_level 5;
  gzip_disable "msie6";
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
  error_log /var/www/httpd-logs/site.com.error.log notice;
  listen [2a02:408:7722:54:77:222:63:224]:443 ssl default_server;
  listen ssl default_server;
  location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|ico)$ {
    expires 7d;
  location / {
    try_files $uri /index.php?do=$uri;
    location ~ [^/]\.ph(p\d*|tml)$ {
      try_files /does_not_exists @php;
  location @php {
    fastcgi_index index.php;
    fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
    try_files $uri =404;

    fastcgi_buffers 4 512k;
    fastcgi_busy_buffers_size 512k;
    fastcgi_temp_file_write_size 512k;

    include fastcgi_params;
  access_log off;

An error can appear at any moment (may not appear) ... From where the legs grow, I don’t understand ...
Tell me where to dig?
Thank you.

1 answer(s)
Slash, 2018-09-04

It seems to have solved the error: https://danfa.net/forum/thread/1649/

