A 502 means a gateway or proxy (Cloudflare, nginx, a load balancer) tried to reach your origin server and got an invalid response — or no response at all. The CDN is up; your origin isn't.
| Code | Meaning | Likely cause |
|---|---|---|
| 502 | Bad Gateway | Origin crashed or returned garbage; proxy can't relay |
| 503 | Service Unavailable | Server knows it's overloaded or in maintenance |
| 504 | Gateway Timeout | Origin responded too slowly; proxy gave up waiting |
| 500 | Internal Server Error | Origin itself crashed with an unhandled error |
| App server crashed | PHP-FPM, Node, Python worker died — restart it, check logs |
| Failed deploy | New code broke the app on startup — roll back immediately |
| Out of memory | App exhausted RAM — check server metrics, scale up |
| Database connection refused | DB down or max connections hit — check DB logs |
| nginx/Apache misconfiguration | proxy_pass pointing to wrong port or dead upstream |
| Cloudflare can't reach origin | Origin IP changed, firewall blocking Cloudflare IPs |
| SSL mismatch at origin | Cloudflare Full SSL but origin has no valid cert |
Look for a CF-RAY header in the 502 response. If present, Cloudflare is up but your origin is down. Try hitting your origin IP directly to confirm.
nginx: /var/log/nginx/error.log — PHP-FPM: /var/log/php-fpm/error.log — Node: PM2 logs or journalctl -u yourapp
502s that appear suddenly after a deployment are almost always a broken deploy. Roll back first, diagnose second.
top, free -h, df -h — CPU pinned at 100%, RAM exhausted, or disk full all cause 502s.
If you're behind Cloudflare or another CDN, the CDN itself is working — your origin is the problem. If there's no CDN in the chain, it could be a network issue between your browser and the server.
Auto-restart daemons (systemd, PM2, Supervisor) can revive a crashed process within seconds. But if it keeps coming back, there's an underlying bug or resource issue causing it.
Run the autopsy above and share the report link. It captures HTTP status, response headers (including CF-RAY), DNS, SSL, timestamp, and a screenshot — everything support needs without asking.