Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Ligonsker's avatar

502 bad gateway with nginx

I used the sample config file from the docs and changed a few params to match my versions and folder/file names but I get 502 bad gateway from nginx. SO I might have missed something:

events {
  worker_connections  1024;  ## Default: 1024
}
http {
server {
    listen 80;
    listen [::]:80;
    server_name laravel-backend
    root /home/user/www/my-app/laravel-backend/public;
 
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
 
    index index.php;
 
    charset utf-8;
 
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
 
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
 
    error_page 404 /index.php;
 
    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }
 
    location ~ /\.(?!well-known).* {
        deny all;
    }
}
}
0 likes
6 replies
Ligonsker's avatar

@jlrdw none of the above helped but I did check error logs and I get:

connect() to unix:/var/run/php/php8.1-fpm.sock failed (13: Permission denied)

so I got some hint I'll check further

Ligonsker's avatar

@jlrdw I managed to make it work but I don't think it should be like that. I changed the value of listen.mode in /etc/php/8.1/fpm/pool.d/www.conf to 0777:

listen.owner = www-data
listen.group = www-data
listen.mode = 0777

By default it was:

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Why the default values don't work?

thinkverse's avatar

@Ligonsker Adding 0777 will give the owner and group and others full permission to do whatever they want, this should never be used and is highly dangerous.

0660 should be enough, you don't need to go give write and execute permission for all, that will be highly insecure.

Giving the owner and group read and write is enough too, others should only really ever need read permissions, for the .sock file that's not needed.

As @jlrdw said, is the user in nginx.conf set correctly? There should be a line user nginx; or similar in your config, that will be the user nginx uses to run your processes with, that user should have read and write permissions, that's a 6 btw.

1 like
Ligonsker's avatar

@jlrdw @thinkverse you are correct, I was missing the user declaration in the nginx.conf! After adding

user   www-data

it worked!

(Before adding that, it was using a user called nobody 😃)

Please or to participate in this conversation.