What is the difference between a 502 and a 504 error?

Both turn on a proxy and its upstream server. A 502 Bad Gateway means the upstream sent back an invalid or empty response. A 504 Gateway Timeout means the upstream sent back nothing at all inside the time limit. Put plainly: 502 is a broken answer, 504 is no answer.

Does a 502 error hurt my SEO?

A short-lived 502 will not dent rankings; crawlers just come back later. The danger is a 502 that drags on for hours or keeps recurring. When a crawler repeatedly hits 5xx errors on your pages, it can throttle crawling and, over time, chip away at indexing, so clear prolonged outages quickly.

Why do I get a 502 error on my WordPress website?

On WordPress the culprit is usually the PHP backend, not the database. PHP-FPM may have crashed or run into a memory limit, a long request may have blown past the proxy timeout, or a plugin or theme may be making PHP fail. Restart PHP-FPM, read the error log, and test by switching off recently added plugins.

Why does Cloudflare show a 502 Bad Gateway?

Cloudflare throws a 502 when it cannot get a valid response from your origin server. Cloudflare branding on the page points at the origin (down, blocking Cloudflare IPs, or DNS misconfigured). A 502 without Cloudflare branding tends to mean an origin compression issue, like a bad gzip content-length header.

Is a 502 error my fault as a visitor?

Almost never. A 502 is server-side, so the fix lives on the website or its host. The rare exceptions are local networking snags: a misbehaving VPN, a proxy, or a stale DNS cache. Reloading, clearing the cache, and disabling a VPN cover those edge cases in seconds.

How long does a 502 error usually last?

Depends. A transient 502 from a quick overload or a restarting service often clears within seconds to a few minutes. One caused by a crashed backend, a bad config, or a blocked firewall sticks around until someone fixes it. Monitoring tells you exactly when it starts and stops.

How can I tell whether the 502 is the proxy or the backend?

From the server, curl the origin directly and skip the proxy and any CDN. If the origin returns an error too, the backend is at fault. If the origin answers normally yet visitors still see a 502, the proxy or CDN configuration is the culprit. The proxy error log usually settles it.

Does refreshing the page fix a 502?

Sometimes it does. When the 502 came from a momentary overload or a service that happened to be restarting, reloading a minute later often goes through. When it keeps coming back, the upstream is still crashed, misconfigured, or blocked, and no amount of refreshing will help. A hard refresh (Ctrl+F5, or Cmd+Shift+R) also clears a cached error page from the picture, but the real fix lives server-side.

What is the difference between a 502 and a 500?

A 500 Internal Server Error is the application breaking while it handles the request, a PHP fatal error or an unhandled exception, with the failure happening inside the app. A 502 Bad Gateway sits one hop earlier: the proxy reached the upstream but got back an invalid or empty response, so the break is in the link between proxy and backend. A 500 sends you to the app log. A 502 sends you to the proxy and upstream logs.

Can a 502 be caused by the database?

Only at one remove. The database never returns a 502 on its own, but a slow or unreachable database can make the PHP or app process crash, hang, or get killed mid-response, and then the proxy sees an invalid or closed connection and answers 502. The tell is an upstream prematurely closed line in the nginx log alongside a database timeout or out-of-memory message in the application log. Clear the database stall and the 502 goes with it.

Why do I get a 502 only under heavy traffic?

The upstream worker pool is saturated. Once every PHP-FPM child or app worker is busy, new requests queue up until the proxy gives up on the connection and returns 502, and one slow endpoint can pin workers long enough to spread that across the whole website. Match the worker count to your traffic and CPU, fix the slow request that ties workers up, and the load-related 502s usually go away.

How do I monitor for 502 errors from outside?

An external uptime check pulls your URL the way a real visitor would and logs the exact status code the proxy or CDN edge returns, so a 502 surfaces the instant the backend stops sending a valid response, not when a customer emails you. Pulsetic checks from 15+ locations every 30 seconds and alerts by email, SMS, voice, Slack, Discord, Telegram, or webhook, with logs marking when the 502 began and when it cleared. It reads availability from the outside, which is why it tells you the website is down and when, while the server logs tell you why.

Does a 502 with no Cloudflare branding mean something different from a branded one?

It does, and the branding is a real diagnostic clue. A 502 page wearing Cloudflare branding means Cloudflare could not pull a valid response from your origin, so the origin is down, blocking Cloudflare's IPs, or carrying a misconfigured DNS record. A 502 with no CDN branding leans more toward a compression problem at the origin itself, like gzip served with a wrong content-length, which makes the proxy reject an otherwise complete response. An external check cannot read your gzip headers, but Pulsetic records exactly when the 502 started and cleared from 15+ locations, as real visitors at the edge see it. That gives you the timestamp and scope to pair with your origin and proxy logs and find the why.

502 Bad Gateway

You loaded a page and got 502 Bad Gateway instead. The bad news: something between the proxy and the real server broke. The good news: it is rarely your device, it is almost always the website, and the fix is usually quick once you know where to look.

Updated June 2026 · 6 min read

Written by

Andrian Valeanu Founder of Pulsetic

Andrian Valeanu founded Pulsetic and, before it, Designmodo. Across 15-plus years he has shipped web products, design tools, and monitoring software teams around the world rely on.
Reviewed by

Ionut Caval Technical reviewer

Ionut Caval reviews Pulsetic's technical guides for accuracy. He works hands-on with web servers, networking, and uptime monitoring day to day, and makes sure the causes and fixes here hold up in production.

The short version: A 502 means a gateway or proxy (like Nginx or a CDN) reached the backend server but got back an invalid or empty response. Visiting? Reload and try again in a minute. Running the website? Restart the upstream service, such as PHP-FPM, and check the proxy and error logs.

Key takeaways

A 502 means a gateway or proxy did reach the upstream server, but what came back was invalid or empty. Per RFC 9110 the server received an invalid response from an inbound server while acting on your behalf.
Hold it next to 504: a 502 is a broken answer, a 504 is no answer in time. A 503 is the server refusing on purpose. A 500 is the application's own code crashing.
This is server-side almost every time. As a visitor, give it a minute and reload; the rare local culprit is a misbehaving VPN, a proxy, or a stale DNS cache.
For owners, one cause dwarfs the rest: a crashed or stopped upstream (PHP-FPM, a Node or Python app, a container). Restart that service and most 502s vanish.
The nginx error log names the cause outright. connect() failed means the backend is down, Permission denied means a socket issue, upstream prematurely closed means the backend died mid-response.

Error type: HTTP 5xx server error
Whose side: Almost always the website
Fix difficulty: Moderate (website owner)
Common cause: Upstream returned an invalid response

What does 502 Bad Gateway mean?

A 502 Bad Gateway comes from a server acting as a gateway or proxy: Nginx, a load balancer, or a CDN like Cloudflare. It forwarded your request to the upstream (or origin) server behind it just fine, but the reply it got back was no good. Malformed, empty, or simply something it could not parse. Since the proxy cannot hand that broken reply on to you, it answers with a generic 502 instead.

Picture the request chain and it clicks: your browser talks to the proxy, and the proxy talks to the backend that actually builds the page. A 502 points squarely at that second hop. That is the line between it and a 504 Gateway Timeout, where the backend gives no answer at all and the proxy stops waiting. With a 502, an answer did arrive. It was just garbage. And because the failure lives server-side, fixing it almost always falls to the website owner or host, not the visitor.

The path a request takes from your browser to the website's servers. A 502 Bad Gateway is produced at the highlighted stages.

502: HTTP status code
5xx: Server-side error class
RFC 9110: Spec that defines it

How the 502 Bad Gateway error appears

The wording changes depending on your browser, device, or server. Here is how this error commonly shows up:

502

Bad Gateway

The server received an invalid response from the upstream server.

What a 502 Bad Gateway looks like in the browser. The exact wording varies by browser, device, and server.

502 Bad Gateway
HTTP Error 502 - Bad Gateway
nginx: 502 Bad Gateway
Cloudflare: Bad gateway Error code 502
502 Server Error: The server encountered a temporary error
502 Proxy Error
Temporary Error (502)

502 vs 500, 503 and 504

All four are 5xx server errors, but they fail at different points in the request chain.

Code	What it means	Who fixes it
500 Internal Server Error	The application itself errored out while handling the request (a bug, exception, or crash).	Website owner or developer
502 Bad Gateway	A proxy reached the upstream server but got an invalid or empty response back.	Website owner or host
503 Service Unavailable	The server is reachable but deliberately refusing, usually overloaded or in maintenance.	Website owner or host
504 Gateway Timeout	A proxy reached the upstream but got no response in time (it timed out).	Website owner or host

What the nginx error log message tells you

A 502 page is generic, but the matching line in <code>/var/log/nginx/error.log</code> usually names the exact failure.

Log message	Likely cause	First fix to try
`connect() failed (111: Connection refused)`	The upstream service is stopped or not listening on that port	Start or restart the backend; confirm it listens on the expected port
`no such file or directory ... fastcgi_pass`	The FPM socket path the proxy points at does not exist	Fix the `fastcgi_pass` socket path or start PHP-FPM
`connect() ... Permission denied (13)`	The FPM socket exists but nginx cannot read it	Match FPM `listen.owner`/`listen.group` to the web server user
`upstream prematurely closed connection`	The backend crashed or was killed mid-response (often OOM)	Read the app log; raise memory limits or fix the crashing request
`upstream sent too big header`	Response headers exceed the proxy buffer	Increase `fastcgi_buffer_size` / `proxy_buffer_size`

What causes 502 Bad Gateway?

The upstream service crashed or got stopped (PHP-FPM, a Node or Python app, an application container) and never came back, often right after a deploy or an out-of-memory kill.
The proxy is aiming at the wrong place: a proxy_pass or fastcgi_pass pointed at a port or socket the backend is not listening on.
Socket or permission trouble. The FPM socket is there, but the proxy cannot read it, and Nginx logs Permission denied or No such file or directory.
Overload. Every backend worker is busy, requests pile up in the queue, and eventually the proxy abandons them and returns 502.
Something in between is quietly blocking the connection: a firewall, a security rule, or mod_security sitting between the proxy and the origin.
A CDN cannot reach a healthy origin. The origin is down, an origin firewall is dropping the CDN IPs, or DNS for the origin is misconfigured.
A compression bug at the origin, like gzip content served with a wrong content-length header or broken gzip, which leads the proxy to reject the response.

How to find the cause fast

Open the proxy error log first (/var/log/nginx/error.log). The wording does the diagnosis for you: connect() failed means the backend is down, Permission denied means a socket issue, upstream prematurely closed means the backend died mid-response.
From the server itself, curl the origin directly with curl -I http://127.0.0.1:PORT/, skipping the proxy and CDN. If that fails too, the backend is the problem. If it works, the proxy or CDN config is.
Make sure the upstream service is genuinely running and listening. Use systemctl is-active, ps aux | grep, and check the socket or port with ss -lntp.
If a CDN sits out front, take it out of the loop for a moment (pause Cloudflare or query the origin IP). That tells you whether the 502 is coming from the edge or from your origin.

curl -sI https://example.comHTTP/1.1 502 Bad GatewayServer: nginx# the upstream app server returned nothing valid

What a 502 Bad Gateway looks like from the command line. The grey lines starting with # are explanatory comments.

How 502 Bad Gateway looks from the outside

Pulsetic checks your website from 15 or more locations every 30 seconds over HTTP and HTTPS, so a 502 trips an alert the second your backend stops returning a valid response, not when a customer emails you. The checks run from outside your network, which means they see exactly what real visitors see at the CDN or proxy edge. Alerts reach you by email, SMS, voice call, Slack, Discord, Telegram, or webhook within seconds, and the response logs mark when the 502 started and when it cleared. What Pulsetic watches is availability from the outside; it does not read your server CPU or memory. So it tells you the website is down and when, and you read the server logs to learn exactly why.

To confirm the exact code a URL returns, or to re-test several at once after a fix, run them through the free bulk URL status checker.

How to fix 502 Bad Gateway

If you are a visitor

Wait a minute, then reload. A 502 is often a brief server-side blip that clears on its own.
Hard refresh to skip your local cache (Ctrl+F5, or Cmd+Shift+R on Mac).
Open the page in a private or incognito window, or a different browser, to rule out a cached page or an extension.
See whether the website is down for everyone using a service like Pulsetic or a down-detector. If it is down for all, only the owner can fix it.
On the off chance the fault is yours, flush your DNS cache (ipconfig /flushdns on Windows, sudo dscacheutil -flushcache on macOS) and switch off any VPN or proxy.

If you run the website

Restart the upstream service that builds pages (sudo systemctl restart php8.2-fpm, or your Node, Python, or app container). A crashed or stopped backend is by far the most common cause.
Read the proxy and backend error logs side by side (/var/log/nginx/error.log and the FPM or app log) to catch the exact failure wording.
Check the proxy target. Confirm proxy_pass or fastcgi_pass points at the host, port, or socket the backend actually listens on, then run nginx -t and reload.
Seeing Permission denied in the Nginx log? Check socket ownership and permissions: the FPM listen.owner and listen.group should match the web server user.
Bump proxy and FastCGI timeouts (proxy_read_timeout, fastcgi_read_timeout) when long requests are getting cut off, and raise FPM worker counts when the pool is saturated under load.
Running a CDN such as Cloudflare? Make sure it can reach a healthy origin: allowlist the CDN IP ranges in your origin firewall and verify the origin DNS record.
When the 502 page carries no CDN branding, suspect compression at the origin and disable gzip compression to confirm.
If your host manages the stack and none of the above fits, contact your hosting provider with the timestamp and the affected URL so they can check the server side.

Still not fixed? Next steps

From the server itself, curl the origin directly: curl -I http://127.0.0.1:PORT/. If that fails too, blame the backend. If it works, the proxy or CDN config is what is broken.
Got a CDN out front? Bypass it. Pause Cloudflare or query the origin IP, and you will know whether the 502 is born at the edge or at your origin.
A backend that keeps dying under load is usually a saturated worker pool or an OOM kill. Raise the worker counts and memory limits, and track down the slow request that pins workers.
When your host manages the stack and the logs point at the server, hand them the affected URL and the exact timestamp. That lets them inspect the upstream from their side.

Code & configuration

Copy-paste starting points. Replace example.com and the paths with your own, and test changes on staging before production.

Nginx upstream and proxy config

upstream backend {
    server 127.0.0.1:8080;
}

server {
    location / {
        proxy_pass http://backend;
        proxy_connect_timeout 90s;
        proxy_read_timeout 90s;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_read_timeout 90s;
    }
}

Check that the PHP-FPM backend is up

# Is the FPM process running?
ps aux | grep php-fpm
systemctl is-active php8.2-fpm.service

# Does the socket the proxy points at exist?
ls -l /run/php/php8.2-fpm.sock

# Hit the origin directly, bypassing the proxy and CDN
curl -I http://127.0.0.1:8080/

Restart services and read the logs

sudo systemctl restart php8.2-fpm.service
sudo nginx -t && sudo systemctl reload nginx

# Look for connect() / upstream / socket errors
sudo tail -n 50 /var/log/nginx/error.log
sudo tail -n 50 /var/log/php8.2-fpm.log

How to prevent 502 Bad Gateway

A 502 can come and go in seconds, which is exactly why it slides past you until a customer reports it. Pulsetic checks your website and key endpoints from multiple locations every 30 seconds and alerts you by email, SMS, voice call, Slack, Discord, and more the moment they start returning 502s or stop responding. It will not tell you which upstream crashed, but it tells you fast that something is wrong, and when it recovers, so you can move before your visitors do.

Learn how Pulsetic's uptime monitoring detects this from the outside, across 15+ locations.

Related errors

Browse all error guides

Frequently asked questions

What is the difference between a 502 and a 504 error?

Both turn on a proxy and its upstream server. A 502 Bad Gateway means the upstream sent back an invalid or empty response. A 504 Gateway Timeout means the upstream sent back nothing at all inside the time limit. Put plainly: 502 is a broken answer, 504 is no answer.
Does a 502 error hurt my SEO?

A short-lived 502 will not dent rankings; crawlers just come back later. The danger is a 502 that drags on for hours or keeps recurring. When a crawler repeatedly hits 5xx errors on your pages, it can throttle crawling and, over time, chip away at indexing, so clear prolonged outages quickly.
Why do I get a 502 error on my WordPress website?

On WordPress the culprit is usually the PHP backend, not the database. PHP-FPM may have crashed or run into a memory limit, a long request may have blown past the proxy timeout, or a plugin or theme may be making PHP fail. Restart PHP-FPM, read the error log, and test by switching off recently added plugins.
Why does Cloudflare show a 502 Bad Gateway?

Cloudflare throws a 502 when it cannot get a valid response from your origin server. Cloudflare branding on the page points at the origin (down, blocking Cloudflare IPs, or DNS misconfigured). A 502 without Cloudflare branding tends to mean an origin compression issue, like a bad gzip content-length header.
Is a 502 error my fault as a visitor?

Almost never. A 502 is server-side, so the fix lives on the website or its host. The rare exceptions are local networking snags: a misbehaving VPN, a proxy, or a stale DNS cache. Reloading, clearing the cache, and disabling a VPN cover those edge cases in seconds.
How long does a 502 error usually last?

Depends. A transient 502 from a quick overload or a restarting service often clears within seconds to a few minutes. One caused by a crashed backend, a bad config, or a blocked firewall sticks around until someone fixes it. Monitoring tells you exactly when it starts and stops.
How can I tell whether the 502 is the proxy or the backend?

From the server, curl the origin directly and skip the proxy and any CDN. If the origin returns an error too, the backend is at fault. If the origin answers normally yet visitors still see a 502, the proxy or CDN configuration is the culprit. The proxy error log usually settles it.
Does refreshing the page fix a 502?

Sometimes it does. When the 502 came from a momentary overload or a service that happened to be restarting, reloading a minute later often goes through. When it keeps coming back, the upstream is still crashed, misconfigured, or blocked, and no amount of refreshing will help. A hard refresh (Ctrl+F5, or Cmd+Shift+R) also clears a cached error page from the picture, but the real fix lives server-side.
What is the difference between a 502 and a 500?

A 500 Internal Server Error is the application breaking while it handles the request, a PHP fatal error or an unhandled exception, with the failure happening inside the app. A 502 Bad Gateway sits one hop earlier: the proxy reached the upstream but got back an invalid or empty response, so the break is in the link between proxy and backend. A 500 sends you to the app log. A 502 sends you to the proxy and upstream logs.
Can a 502 be caused by the database?

Only at one remove. The database never returns a 502 on its own, but a slow or unreachable database can make the PHP or app process crash, hang, or get killed mid-response, and then the proxy sees an invalid or closed connection and answers 502. The tell is an upstream prematurely closed line in the nginx log alongside a database timeout or out-of-memory message in the application log. Clear the database stall and the 502 goes with it.
Why do I get a 502 only under heavy traffic?

The upstream worker pool is saturated. Once every PHP-FPM child or app worker is busy, new requests queue up until the proxy gives up on the connection and returns 502, and one slow endpoint can pin workers long enough to spread that across the whole website. Match the worker count to your traffic and CPU, fix the slow request that ties workers up, and the load-related 502s usually go away.
How do I monitor for 502 errors from outside?

An external uptime check pulls your URL the way a real visitor would and logs the exact status code the proxy or CDN edge returns, so a 502 surfaces the instant the backend stops sending a valid response, not when a customer emails you. Pulsetic checks from 15+ locations every 30 seconds and alerts by email, SMS, voice, Slack, Discord, Telegram, or webhook, with logs marking when the 502 began and when it cleared. It reads availability from the outside, which is why it tells you the website is down and when, while the server logs tell you why.
Does a 502 with no Cloudflare branding mean something different from a branded one?

It does, and the branding is a real diagnostic clue. A 502 page wearing Cloudflare branding means Cloudflare could not pull a valid response from your origin, so the origin is down, blocking Cloudflare's IPs, or carrying a misconfigured DNS record. A 502 with no CDN branding leans more toward a compression problem at the origin itself, like gzip served with a wrong content-length, which makes the proxy reject an otherwise complete response. An external check cannot read your gzip headers, but Pulsetic records exactly when the 502 started and cleared from 15+ locations, as real visitors at the edge see it. That gives you the timestamp and scope to pair with your origin and proxy logs and find the why.

Catch the next outage before your visitors do.

2-minute setup · Cancel any time
Create Free Account

Your Dashboard

No credit card needed