1

Topic: Permission Issues; 502 Bad Gateway

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.2
- Deployed with iRedMail Easy or the downloadable installer? Downloadable Installer
- Linux/BSD distribution name and version: FreeBSD 13.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I just completed an install of iRedMail on a FreeBSD jail. The jail has its own public IP address that isn't used by the host. After installing iRedMail and restarting the jail, I get a 502 Bad Gateway error when trying to visit mail.myserver.com/mail or mail.myserver.com/iredadmin.

I don't think it's a jail networking issue—I have another jail that can run Apache just fine on a different IP (but I shut it off just in case to test this). The nginx log file shows the following:

2021/11/21 00:39:08 [crit] 2403#100617: *24 connect() to 127.0.0.1:7791 failed (13: Permission denied) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: _, request: "GET /iredadmin/ HTTP/2.0", upstream: "uwsgi://127.0.0.1:7791", host: "mail.mydomain.net"

2021/11/21 00:35:34 [crit] 1132#100541: *15 connect() to 127.0.0.1:9999 failed (13: Permission denied) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: _, request: "GET /mail/ HTTP/2.0", upstream: "fastcgi://127.0.0.1:9999", host: "mail.mydomain.net"

I noticed that the 'iredadmin' folder in 'www' was owned by root so I changed it the owner to 'iredadmin,' which was the owner of the 'iRedAdmin-1.5' folder but this didn't resolve anything. I didn't want to experiment with the permissions too much for security reasons so my next step was to reach out here. The 'roundcube' folder also shows that it's owned by root.

In my /usr/local/bin folder uwsgi and uwsgi-3.8 exist. fastcgi_params and uwsgi_params both exist in /usr/local/etc/nginx.

I apologize if I'm overlooking something obvious. This is my first time fiddling with nginx and I'm still learning.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Permission Issues; 502 Bad Gateway

Update: The initial problem looks like it was my fault. The jails are not configured for vnet and on the host system I didn't configure them to use lo0. I added this to /etc/rc.conf and got iredadmin to work:

ifconfig_lo0_alias0="inet xxx.xxx.xxx.xxx netmask 0xffffff00"

So it looks like the problem was that the services that needed to communicate locally, such as postgresql, couldn't reach each other. I figured it out when on the other jail I tried to install my CMS and php couldn't communicate with sql.

However, Roundcube is still not working, but I get a different error.

2021/11/21 21:49:27 [error] 1927#100531: *14 upstream prematurely closed connection while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "GET /mail/ HTTP/2.0", upstream: "fastcgi://127.0.0.1:9999", host: "mail.mydomain.net"

I did change the ownership of 'roundcube' and 'htdocs' (in /usr/local/www/) to www:www but that didn't do it.

I'll do some digging. If I figure it out before someone responds here with the answer, I'll post my results.

3 (edited by plato.phaedrus 2021-11-24 16:35:14)

Re: Permission Issues; 502 Bad Gateway

Update: It turns out it was probably just me screwing up the networking on my jails, although I'm unsure of the reason why. iredadmin was able to communicate just fine with postgres but roundcube was not. Judging by the error, it had something to do with fastcgi, but I never really narrowed it down.

Instead, I changed my jails over from shared IP to VNET jails and this resolved the issue. I'm still figuring out some things—for example, if I run my mailserver jail and my webserver jail at the same time only one will work now—but those issues are outside the purview of this forum and they should be fairly easy to iron out. But if I just run the mailserver jail the mail works when connecting with a client application, roundcube works, and iredadmin works.

Hopefully my experience can be useful to someone in the future.