# 502 Bad Gateway on Production (e.g. /api/auth/login) A **502 Bad Gateway** means the reverse proxy (nginx) is running but **cannot get a valid response from the FastAPI backend**. The request never reaches your app, or the app is crashing. ## Quick checks on the production server ### 1. Is the FastAPI backend running? ```bash # Check if anything is listening on port 8001 sudo lsof -i :8001 # or ss -tlnp | grep 8001 ``` If nothing is listed, **start the API**: ```bash cd /path/to/boundary-fastapiandnextjs source venv/bin/activate # or: . venv/bin/activate export $(grep -v '^#' .env | xargs) # load .env uvicorn aumentum_api:app --host 127.0.0.1 --port 8001 ``` Or use your start script: ```bash ./START_API.sh ``` Keep it running (use systemd, screen, or pm2 for production). ### 2. Test the backend directly (on the server) ```bash curl -X POST http://127.0.0.1:8001/auth/login \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "username=admin&password=admin" ``` - If this returns JSON with `access_token` → backend is fine; the issue is nginx or how the app is run in production. - If this fails or hangs → backend is down or crashing (see step 3). ### 3. Why the backend might not be running or might crash - **Missing or wrong .env** Ensure `.env` exists in the project root and has correct production values: - `DB_HOST`, `DB_PORT`, `DB_NAME`, `DB_USER`, `DB_PASSWORD` - `CONTENTSTORE_BASE` (path must exist or be writable) - **Database unreachable** If the app fails on DB connection, it may exit or crash on first request: ```bash mysql -h $DB_HOST -P $DB_PORT -u $DB_USER -p$DB_PASSWORD $DB_NAME -e "SELECT 1" ``` - **Python/env errors** Run the app in the foreground and watch for tracebacks: ```bash cd /path/to/boundary-fastapiandnextjs source venv/bin/activate export $(grep -v '^#' .env | xargs) python -c "from aumentum_api import app; print('OK')" uvicorn aumentum_api:app --host 127.0.0.1 --port 8001 ``` Fix any import or startup errors (e.g. missing `python-dotenv`, wrong DB credentials). - **Wrong bind address** Nginx proxies to `127.0.0.1:8001`. Start uvicorn with: ```bash uvicorn aumentum_api:app --host 127.0.0.1 --port 8001 ``` Do **not** use `--host 0.0.0.0` unless you have a reason; `127.0.0.1` is correct when nginx is on the same host. ### 4. Nginx configuration Your proxy should forward `/api/` to the backend: ```nginx location /api/ { rewrite ^/api/(.*) /$1 break; proxy_pass http://127.0.0.1:8001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 10s; proxy_read_timeout 60s; } ``` Reload nginx after changes: ```bash sudo nginx -t && sudo systemctl reload nginx ``` ### 5. Run the API as a service (recommended for production) Example systemd unit so the API stays up and restarts on failure: **/etc/systemd/system/plagis-api.service** ```ini [Unit] Description=PLAGIS FastAPI Backend After=network.target mysql.service [Service] Type=simple User=www-data WorkingDirectory=/path/to/boundary-fastapiandnextjs EnvironmentFile=/path/to/boundary-fastapiandnextjs/.env ExecStart=/path/to/boundary-fastapiandnextjs/venv/bin/uvicorn aumentum_api:app --host 127.0.0.1 --port 8001 Restart=always RestartSec=5 [Install] WantedBy=multi-user.target ``` Then: ```bash sudo systemctl daemon-reload sudo systemctl enable plagis-api sudo systemctl start plagis-api sudo systemctl status plagis-api ``` ## Summary | Symptom | Likely cause | Action | |--------|----------------|--------| | 502 on `/api/auth/login` | Backend not running on 8001 | Start uvicorn (or systemd service) | | 502 after starting backend | Backend crashes on request | Check .env, DB, and run uvicorn in terminal to see errors | | `curl 127.0.0.1:8001` works, browser 502 | Nginx config or reload | Check `location /api/` and reload nginx | Once the API is running and `curl http://127.0.0.1:8001/auth/login` works, login from the browser at `http://167.99.192.84` should stop returning 502.