NGINX Troubleshooting Toolkit
Debug reverse-proxy and upstream errors, TLS, location-block precedence, rate limiting, and 502/504s with prompts and an nginx.conf validator.
Top NGINX errors
Start with the most common production issues and troubleshooting paths.
could not build server_names_hash
Fix the NGINX 'could not build server_names_hash' startup error by tuning server_names_hash_bucket_size and server_names_hash_m…
no live upstreams while connecting to upstream
Fix the NGINX no live upstreams error when every upstream block member is ejected by max_fails and fail_timeout passive health…
(13: Permission denied) while connecting to upstream
Fix NGINX 13 Permission denied connecting to upstream caused by SELinux on RHEL/Rocky/Alma using httpd_can_network_connect and…
recv() failed (104: Connection reset by peer)
Fix NGINX recv() failed (104: Connection reset by peer) while reading response header from upstream, caused by backend crashes…
rewrite or internal redirection cycle
Fix the NGINX 'rewrite or internal redirection cycle while internally redirecting' 500 caused by looping try_files, rewrite, er…
SSL_do_handshake() failed
Fix NGINX SSL_do_handshake() failed errors caused by TLS protocol version and cipher mismatches, no shared cipher, and wrong ve…
(24: Too many open files)
Fix NGINX 24 Too many open files by raising worker_rlimit_nofile and the systemd LimitNOFILE override that caps the file descri…
upstream sent no valid HTTP/1.0 header
Fix the NGINX 'upstream sent no valid HTTP/1.0 header' error when your backend returns a malformed or non-HTTP response to the…
Best NGINX prompts
Use these prompts to turn symptoms, logs, and config into a structured troubleshooting plan.
Configure NGINX TLS, HSTS & OCSP Stapling
Build a modern, A-grade NGINX TLS configuration with correct protocol/cipher selection, OCSP stapling, session settings, and a safe HSTS rollout, then verify it against a real handshake.
Debug NGINX 502/504 Upstream Errors
Diagnose why NGINX returns 502 Bad Gateway or 504 Gateway Timeout from an upstream by correlating the error log, the proxy block, and upstream health into a ranked root-cause list with fixes.
Design NGINX Rate Limiting with limit_req & limit_conn
Design layered NGINX rate limiting using limit_req (request rate + burst) and limit_conn (concurrency) to absorb abuse and bursts without throttling legitimate users, with the right key and shared-memory sizing.
Fix NGINX Location Block Precedence
Untangle why the wrong NGINX location block is matching a request by tracing prefix vs regex vs exact-match precedence, then reorder/rewrite the blocks so each URL hits the intended handler.
Free NGINX tools
Validate, troubleshoot, or analyze your configuration before production changes.
NGINX config validator
Structural nginx.conf checks: unbalanced braces, directives missing a semicolon, and well-known footguns.
Open validatorNGINX runbook
Use a repeatable checklist for production troubleshooting.
A checklist for a proxy that’s 502/504-ing, mis-routing, or failing TLS.
- 1 Validate the config (nginx -t) and reload safely
- 2 Check upstream health and connectivity
- 3 Review location-block precedence and rewrites
- 4 Inspect TLS certificates, chain, and SNI
- 5 Read error_log and access_log for the failing request