HTTP 502 Bad Gateway
HTTP 502 Bad Gateway means a server acting as a gateway or proxy received an invalid response from an upstream server. The proxy is working — it accepted your request — but the server behind it returned something the proxy cannot pass to you. You are seeing the proxy's error message, not the origin server's.
Quick reference
| Code | 502 |
|---|---|
| Name | Bad Gateway |
| Category | 5xx Server Errors |
| Specification | RFC 9110 §15.6.3 |
| IANA status | Assigned |
| Cacheable | No |
| Client action | Retry after a short delay. If persistent, contact the server operator. |
| In-depth guide | HTTP 502 full guide → |
What HTTP 502 means
RFC 9110 defines 502 as indicating that a server acting as a gateway or proxy received an invalid response from an inbound server it accessed while attempting to fulfill the request. The "invalid response" can be an empty response, a malformed HTTP response, a connection that dropped before the response was complete, or a response the proxy could not parse.
The architecture matters: a 502 always involves at least two servers. The first is the proxy, gateway, CDN, or load balancer that you are communicating with. The second is the upstream origin server, microservice, or backend that the first server is trying to reach. The 502 is generated by the first server to report the failure of the second.
This is how 502 differs from 500 Internal Server Error: 500 means your application broke. 502 means your application is not responding correctly to the proxy in front of it — or is not running at all.
Common causes
Application server is down or crashed
The most common cause. The origin server — the application running your code — crashed, ran out of memory, was killed by OOM, or was not started at all. The load balancer or reverse proxy (nginx, HAProxy, Cloudflare) tries to connect to it, gets a connection refused or empty response, and returns 502 to the client.
Application server is overloaded
All upstream server workers or connections are in use. New requests queue up at the proxy, and if the proxy's upstream timeout expires before a worker becomes available, the proxy closes the connection and returns 502. This appears as intermittent 502s during traffic spikes.
Upstream timeout
The proxy waited for the upstream to respond but the upstream took too long — past the proxy's configured timeout. This produces a 502 (or sometimes 504, depending on the proxy) and is a symptom of slow database queries, slow downstream APIs, or a blocked worker thread on the upstream server.
Upstream returned an invalid HTTP response
The origin server responded but sent malformed HTTP — a response that starts with non-HTTP data, a missing status line, or corrupted headers. This happens with misconfigured application servers, buggy middleware, or servers that panic and print a stack trace instead of a valid HTTP response.
TLS mismatch between proxy and upstream
If the proxy connects to the upstream over HTTPS and there is a TLS certificate mismatch, expired certificate, or protocol version mismatch, the TLS handshake fails and the proxy returns 502. This is common after certificate renewals on the upstream that are not matched by proxy configuration.
Upstream not listening on the expected port
A configuration change moved the application to a different port, but the proxy is still routing to the old port. Connection refused produces 502.
How to diagnose a 502
- Check if the upstream application is running. SSH to the application server and check if the process is alive:
ps aux | grep <appname>orsystemctl status <service>. A crashed process is the most common cause. - Check the proxy error log. Nginx, HAProxy, and other proxies log the upstream failure reason. The proxy error log will tell you whether it got "connection refused," "upstream timed out," or "invalid response."
- Check the upstream application log. If the application is running, its log may show the error that caused it to return an invalid response or become unresponsive.
- Test the upstream directly. Connect to the upstream server directly (bypassing the proxy) to confirm it responds correctly. If it does, the issue is in the proxy configuration or the proxy-to-upstream network path.
- Check resource exhaustion. Review memory and CPU on the upstream server. OOM kills and CPU throttling both produce 502s from the proxy.
- Correlate with deployments. 502s that started after a deployment are usually the new version crashing on startup, a port change, or a configuration error introduced in the deployment.
502 vs 500 vs 503 vs 504
| Code | Who generated it | Cause | First place to check |
|---|---|---|---|
| 500 | Your application | Unhandled error in application code | Application error log |
| 502 | Proxy/gateway | Invalid or missing response from upstream | Proxy error log + is upstream running? |
| 503 | Server (intentional) | Server deliberately refusing requests | Is the server in maintenance or overloaded? |
| 504 | Proxy/gateway | Upstream timed out | Upstream response time and proxy timeout config |
FAQ
What does HTTP 502 Bad Gateway mean?
HTTP 502 means a proxy or load balancer in front of the origin server received an invalid or no response from the upstream server. The proxy is working; the application behind it is not responding correctly.
Is a 502 my fault or the server's fault?
502 is always a server-side infrastructure problem. The client request was valid. Something in the backend — the application, the upstream service, or the network between the proxy and the origin — failed.
Should I retry after a 502?
Yes, for idempotent requests. A 502 is often transient — the upstream may have restarted, or the overload condition may have cleared. Retry with exponential backoff. Persistent 502s require investigation of the upstream server.
Why do I see 502 in Cloudflare, nginx, or AWS?
These all act as proxies. When they return 502, the problem is always with the origin server they are proxying to — not with Cloudflare, nginx, or AWS themselves. Check whether your application server is running and responding correctly.
Related resources
On this site: HTTP 502 Bad Gateway — full guide · HTTP 500 Internal Server Error · HTTP 503 Service Unavailable · HTTP 504 Gateway Timeout · All 5xx server errors
Comparisons: 500 vs 502 · 502 vs 503 · 502 vs 504
Standards: RFC 9110 §15.6.3 · IANA HTTP Status Code Registry · MDN Web Docs: 502