Plesk 360 login
Free Trial

Knowledge Base

Plesk websites are inaccessible with 504 Gateway Timeout with enabled firewall: : Connection timed out

 
apachebitninjaddosextensionsfail2ban

Symptoms

  • If Nginx is enabled, all sites return the following error:

      504 Gateway Timeout error

      502 Bad gateway

  • Fail2ban is not installed or disabled;
  • Apache and nginx services are running;
  • There are the following records in /var/log/httpd/error_log:

    upstream timed out (110: Connection timed out) while reading response header from upstream

    AH00072: make_sock: could not bind to address 127.0.0.1:7080

  • There are the following records in /var/www/vhosts/example.com/logs/proxy_error_log:

    [error] 18625#0: *8 connect() failed (111: Connection refused) while connecting to upstream

    curl: (28) Failed to connect to 203.0.113.2 port 7081 after 129871 ms: Connection timed out

Cause

Firewall rules block local connection on port 7080 and 7081, or some rules block the server's IP Address, so Nginx is unable to connect to Apache.

Resolution

Check the Plesk firewall or "iptables"  utility and remove rules that block access to 7080 or 7081 ports or block access from the server's IP addresses

Click on a section to expand

Manage rules via Plesk Firewall

  1. Install Plesk Firewall if it is not installed How to install Plesk Firewall
  2. Go to Plesk > Tools & Settings > Firewall > Modify Plesk Firewall Rules >Add Custom Rule and allow 7080/7081 ports for all external IP addresses for Incoming/Outgoing.
    2.png

Click on a section to expand

Adding rules directly from the server

  1. To do this manually, connect to the server via SSH

    Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.

  2. Add rules using the commands below:

    # iptables -A INPUT -s 10.10.10.10 -p tcp -m tcp --dport 7081 -j ACCEPT
    # iptables -A INPUT -s 10.10.10.10 -p tcp -m tcp --dport 7080 -j ACCEPT
    # iptables -A OUTPUT -s 10.10.10.10 -p tcp -m tcp --sport 7081 -j ACCEPT
    # iptables -A OUTPUT -s 10.10.10.10 -p tcp -m tcp --sport 7080 -j ACCEPT

 

NOTE: In addition, check any other similar tools and extensions installed on the server like Imunify360, DDoS Deflate Interface, or Bitninja for example if there are similar rules forbidding needed ports or blocking the server's IP addresses

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

X-twitter Linkedin Youtube Reddit Github

© 2025 WebPros International GmbH

Part of the WebPros®  Family