0

I'm now going to deploy my node.js app on Google Compute Engine via nginx, but after all the configurations are done, I hit the wall with "502 Bad Gateway" error.

Then, after digging out for so many hours, I finally found that the proxy_pass field in /etc/nginx/sites-available/server.conf should be your actual internal IP address displayed in GCE's console, instead of http://127.0.0.1. The conf file is the following (some values are just for the illustration purposes only):

server {
    listen 80;
    listen 443 ssl;
    server_name example.com;
    ssl_certificate        /etc/nginx/ssl/example.crt;
    ssl_certificate_key    /etc/nginx/ssl/example.key;

    location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://10.102.24.152:8888;
    }
}

However, all the tutorials I followed set the value at proxy_pass to http://127.0.0.1. But in my case it didn't work at all. The example of the tutorials are as follows:

So I now wonder if it is the correct way to make the server working. Or does this lead to something prone to be valnurable in security? Or maybe 127.0.0.1 is the correct figure and there are other problems on my side?

Blaszard
  • 352
  • 2
  • 6
  • 14

1 Answers1

1

Yes, putting in the instance IP address is a reasonable thing to do.

You should be careful not to use the public IP, as you may get charged bandwidth charges. I'm not familiar with GCE, but in AWS you have an external IP that's routable on the internet and an internal IP within your network. There may be differences here between AWS and GCE, someone may correct me.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • Thanks. Then do you have any guesses on why these linked posts use the `127.0.0.1` and otherwise don't mention changing the address altogether? For me it sounds awkward if the `127.0.0.1` doesn't work but the authers still keep it unchanged... Usually in tech community these authors kindly note it, as far as I know... – Blaszard Feb 03 '17 at 03:12
  • My best guesses (which probably isn't that good) are that 1) for some reason 127.0.0.1 isn't resolving properly on your machine or 2) whatever you're proxying to is bound to the IP address not the localhost IP. I'm not a network guy though. – Tim Feb 03 '17 at 03:17
  • So usually, both the localhost IP and internal IP work properly? Then which one do you recommend? – Blaszard Feb 03 '17 at 03:30
  • I recommend using the private network IP address over the public address, but beyond that whatever works seems fine. – Tim Feb 03 '17 at 03:36
  • Is the "private network IP address" an internal IP and "the public address" an external IP, right? – Blaszard Feb 03 '17 at 03:53
  • Yes, that's right. You want to avoid proxying to the public IP, but any internal IP that works is fine. It might be on GCE that using the public IP is fine, but your service should be bound to an internal IP not an external. Again, I'm not a network guy, so I'm happy for others to chime in and correct me. – Tim Feb 03 '17 at 04:25