502 Bad Gateway

aws
error
firewall

#1

I visit my wiki, and I get the error message 502 Bad Gateway

What does this mean? Why is my wiki down?


#2

This error will occur only on AWS, in combination with an external load balancer (ELB) in front of your wiki.

The external load balancer constantly checks the wiki for a “heartbeat”. During a deployment, the platform firewall will prevent the external load balancer (and your users) from reaching the wiki. Since the ELB can’t hear the heartbeat, it thinks the backend is dead and doesn’t know what to do with requests. Your web browser calls it a Bad Gateway. This condition will cure itself once the deploy is finished, since the platform turns off it’s internal firewall at the end of the deploy.

As a work-around, you could create a more elaborate deploy where you’re able to provide some backends to the ELB while updating others.

Fixing this
AWS does not allow you to assign an IP address to the ELB. Since Meza works by identifying hosts by IP, it can’t add rules to it’s firewall to allow the ELB in. The best way to avoid this is to not use an ELB at AWS. Meza already supplies both HAProxy for a proxy front-end (aka load balancer) as well as firewalld for a firewall. These are both industry-leading infrastructure components, so there isn’t much benefit, if any, in using something else.

There is a task for making the internal firewall optional. If this task is implemented, then it would solve the problem as well.