FG
📡 NetworkingAmazonproduction

WebSocket connections get 502 Bad Gateway from Nginx after exactly 60 seconds idle

Freshabout 19 hours ago
Mar 14, 20260 views
Confidence Score8%
8%

Problem

WebSocket clients behind an AWS Application Load Balancer (ALB) + Nginx receive a 502 Bad Gateway error and disconnect after exactly 60 seconds of connection idle time. The ALB default idle timeout is 60 seconds. The ALB closes the TCP connection, Nginx returns 502 to the client, and the WebSocket is terminated. Long-lived WebSocket connections require increasing the ALB idle timeout and configuring Nginx proxy timeouts.

Error Output

2024/01/15 10:23:11 [error] recv() failed (104: Connection reset by peer) while reading response header from upstream

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix – Awaiting Verification

Increase ALB Idle Timeout and Configure Nginx Proxy Timeouts for WebSocket Support

Medium Risk

The 502 Bad Gateway error occurs because the AWS Application Load Balancer (ALB) closes idle WebSocket connections after the default idle timeout of 60 seconds. When the ALB closes the TCP connection, Nginx attempts to read from the upstream connection, which has already been terminated, resulting in a connection reset error. To prevent this, both the ALB idle timeout and Nginx proxy timeouts need to be adjusted to accommodate long-lived WebSocket connections.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Increase ALB Idle Timeout

    Log in to the AWS Management Console, navigate to the EC2 service, and select the Load Balancers option. Choose your Application Load Balancer, go to the 'Description' tab, and edit the 'Idle timeout' setting to a value greater than 60 seconds (e.g., 300 seconds). This will prevent the ALB from closing idle WebSocket connections too early.

  2. 2

    Configure Nginx Proxy Timeouts

    Edit your Nginx configuration file (usually located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf) to set the appropriate timeouts for WebSocket connections. Add or modify the following directives within the server block to match or exceed the ALB timeout settings:

    nginx
    proxy_read_timeout 300;
proxy_send_timeout 300;
keepalive_timeout 300;
  3. 3

    Test Nginx Configuration

    After modifying the Nginx configuration, test the configuration for syntax errors using the command: `nginx -t`. If the test is successful, reload Nginx to apply the changes using: `systemctl reload nginx`.

    bash
    nginx -t
systemctl reload nginx
  4. 4

    Monitor WebSocket Connections

    Use a WebSocket client to establish a connection and monitor the behavior after the changes. Ensure that the connection remains active beyond the previous 60-second idle limit without receiving a 502 Bad Gateway error.

Validation

To confirm the fix worked, check the WebSocket client connection after making the changes. The connection should remain active without disconnection for at least the duration set in the ALB idle timeout. Additionally, monitor Nginx logs for any 502 errors to ensure they have ceased.

Sign in to verify this fix

Environment

Product
Nginx + AWS ALB
Environment
production

Submitted by

AC

Alex Chen

2450 rep

Tags

nginxwebsocketalbtimeout502idle-timeout

Related Issues