Print Page - Plesk websites are inaccessible with 504 Gateway Timeout with enabled firewall:

Title: Plesk websites are inaccessible with 504 Gateway Timeout with enabled firewall:
Post by: Suhitha on Nov 29, 2025, 04:13 AM

Question: Plesk websites are inaccessible with 504 Gateway Timeout with enabled firewall: : Connection timed out

Applicable to:

Plesk for Linux

Symptoms

If Nginx is enabled, all sites return the following error:

CONFIG_TEXT: 504 Gateway Timeout error

CONFIG_TEXT: 502 Bad gateway

Fail2ban is not installed or disabled;
Apache and nginx services are running;
There are the following records in /var/log/httpd/error_log:

Code Select

upstream timed out (110: Connection timed out) while reading response header from upstream

Code Select

AH00072: make_sock: could not bind to address 127.0.0.1:7080

There are the following records in /var/www/vhosts/example.com/logs/proxy_error_log:

Code Select

[error] 18625#0: *8 connect() failed (111: Connection refused) while connecting to upstream

Code Select

curl: (28) Failed to connect to 203.0.113.2 port 7081 after 129871 ms: Connection timed out

Cause

Firewall rules block local connection on port 7080 and 7081, or some rules block the server's IP Address, so Nginx is unable to connect to Apache.

Resolution

Check the Plesk firewall or "iptables" utility and remove rules that block access to 7080 or 7081 ports or block access from the server's IP addresses

Manage rules via Plesk Firewall

1.Install Plesk Firewall if it is not installed How to install Plesk Firewall

2.Go to Plesk > Tools & Settings > Firewall > Modify Plesk Firewall Rules >Add Custom Rule and allow 7080/7081 ports for all internal IP addresses for Incoming/Outgoing.

(https://pix.cobrasoft.org/images/2025/11/29/2.png)

Adding rules directly from the server

1.To do this manually, connect to the server via SSH

Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.

2.Add rules using the commands below:

# iptables -A INPUT -s 10.10.10.10 -p tcp -m tcp --dport 7081 -j ACCEPT
# iptables -A INPUT -s 10.10.10.10 -p tcp -m tcp --dport 7080 -j ACCEPT
# iptables -A OUTPUT -s 10.10.10.10 -p tcp -m tcp --sport 7081 -j ACCEPT
# iptables -A OUTPUT -s 10.10.10.10 -p tcp -m tcp --sport 7080 -j ACCEPT

NOTE: In addition, check any other similar tools and extensions installed on the server like Imunify360, DDoS Deflate Interface, or Bitninja for example if there are similar rules forbidding needed ports or blocking the server's IP addresses

Cobra Forum

Plesk Panel => Webserver => Topic started by: Suhitha on Nov 29, 2025, 04:13 AM