Erpnext server behind apache proxy keeps raising error 503 Service Unavailable

Question

i have an erpnext server behind an apache proxy. It often happens that the service fails and a 503 Service Unavailable error is shown

Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Apache/2.4.41 (Ubuntu) Server at erp.example.it Port 443

i am sure that the erpnext server is working since i can access the web page through the ip. I know that the error is given by apache that when it receives no response from the backend server blocks the connection for a few seconds. i tried to set this value (retry=0) in apache host config but it doesn't seem to work.

the server recovers by itself after some time or after a few reboots of the apache machine (acting only on the apache2 service does not seem to work).

the problem only shows up with this apache virtualhost, as the proxy provides multiple websites and the others all work.

<VirtualHost *:80>
    ServerName erp.example.it

    <IfModule mod_proxy.c>
        ProxyPreserveHost On
        ProxyPass / http://10.2.2.3/ retry=0
        ProxyPassReverse / http://10.2.2.3/
    </IfModule>
    ErrorLog ${APACHE_LOG_DIR}/error-erp.example.it.log
    CustomLog ${APACHE_LOG_DIR}/access-erp.example.it.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =erp.example.it
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName erp.example.it

    <IfModule mod_proxy.c>
        ProxyPreserveHost On
        ProxyPass / http://10.2.2.3/ retry=0
        ProxyPassReverse / http://10.2.2.3/
    </IfModule>
    ErrorLog ${APACHE_LOG_DIR}/error-erp.example.it.log
    CustomLog ${APACHE_LOG_DIR}/access-erp.example.it.log combined
SSLCertificateFile /etc/letsencrypt/live/erp.example.it/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/erp.example.it/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

the apache logs tell me this

[Wed May 19 10: 22: 29.684524 2021] [proxy_http: error] [pid 2974: tid 139955418404608] [client 10.2.1.1:49257] AH01114: HTTP: failed to make connection to backend: 10.2.2.3, referer: https: //erp.example.it/

I remain available to provide further information in case someone can help out, Thanks in advance

Answer 1

I faced a similar issue - with no indication of problems initially then started getting the "Service Unavailable" notice and 503 errors for no apparent reason - for an ERPNext site running behind an Apache reverse proxy. It might have been related to setting up the email component in ERPNext.

The Apache system's log had entries like these:

... "GET / HTTP/1.1" 503 299 ... 
... "POST /socket.io/?EIO=3&transport=polling&t=...&sid=... HTTP/1.1" 503 299 ...
... "GET /socket.io/?EIO=3&transport=polling&t=... HTTP/1.1" 503 299 ...

The ERPNext system's /var/log/fail2ban.log had entries like these:

2021-09-21 17:50:18,889 fail2ban.actions [428]: NOTICE  [nginx-proxy] Ban  xxx.xxx.xxx.xxx
2021-09-21 18:00:19,383 fail2ban.actions [428]: NOTICE  [nginx-proxy] Unban xxx.xxx.xxx.xxx

So after 10 minutes it would start working again for a short while (perhaps 4-5 minutes) before again failing.

The reason for fail2ban triggering has not yet been determined but in this particular setup fail2ban isn't needed so it was disabled and that resolved the problem. Most likely you have already resolved your case but certainly for a problem like this fail2ban seems a good place to begin an investigation.