- Plesk 12.5 for Linux
- Plesk Onyx for Linux
- Plesk 12.0 for Linux
- nginx as a proxy is enabled for a server;
- Websites are periodically down with the following error from nginx:
PLESK_INFO: 502 Bad Gateway
- Sites are not working and the following error can be found in Domains > example.com > Logs (or in
CONFIG_TEXT: [error] 10485#0: *1947668 connect() failed (111: Connection refused) while connecting to upstream, client: 203.0.113.2, server: , request: "GET / HTTP/1.1", upstream: "http://192.0.2.2:7080/", host: "example.com"
Where 192.0.2.2 is server's IP address.
- The following error can be found in
CONFIG_TEXT: Nov 12 05:59:12 wh01 monit: 'nginx' failed, cannot open a connection to INET[192.0.2.2:80]
- The following entrances can be found in
CONFIG_TEXT: 2017-11-12 05:48:57,699 fail2ban.filter : INFO [plesk-apache-badbot] Found 192.0.2.2
2017-11-12 05:48:57,869 fail2ban.filter : INFO [plesk-apache-badbot] Found 192.0.2.2
2017-11-12 05:48:58,638 fail2ban.actions : NOTICE [plesk-apache-badbot] Ban 192.0.2.2
Fail2Ban blocks server's IP addresses.
The issue with Fail2ban blocking server IPs was caused by a Plesk bug and has been already fixed in Plesk 17.5 Update 19.
Please consider updating your server: Plesk Upgrade Guide
Warning: Even if the latest micro update of Plesk 17.5 is installed, the issue may persist if fail2ban and IP addresses were configured on the server before 19 MU. In this case, apply the 1st and 2nd steps.
In case upgrade to Plesk 17.5 is not possible:
- Log into Plesk.
- Open Tools & Settings > IP Addresses and click Re-read IP button.
Verify if that IPs were added to the trusted list in Tools & Settings > IP Address Banning (Fail2Ban).
- In case IP addresses were not added automatically, add them manually in Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses:
- If the issue persists, connect to the server using SSH and restart
# service iptables restart