Nginx 502 Bad Gateway — Upstream Failure — Incident Report

On October 14, 2025, edge Nginx returned 502 Bad Gateway for 73% of requests to api.example.com during a deployment window. Upstreams pointed to Kubernetes pods whose Node.js process exited immediately: startup validation threw because STRIPE_WEBHOOK_SECRET was absent from the mounted secret api-gateway-secrets v3 (key renamed in Vault but not synced). Rollback to prior ReplicaSet restored traffic in 22 minutes.

Primary: Misconfigured secret — required environment variable missing at container start, causing process exit before listen().

Contributing: Health check probed TCP socket opened by sidecar, not application readiness; deploy marked Ready prematurely.

P1, MTTR 22 min, peak 502 rate 73%.

1. Why 502? → Nginx could not reach upstream.
2. Why unreachable? → Node process not listening.
3. Why? → Process exited on missing env.
4. Why missing? → Secret key rename not propagated to cluster.
5. ROOT CAUSE: No schema validation for required env vars at deploy; readiness probe did not hit HTTP /health on app port.

• Readiness probe hits application /health with dependency checks
• Pre-deploy manifest diff gates required keys
• Synthetic canary hits API route post-deploy before traffic shift

2025/10/14 09:13:18 [error] 1244#1244: *992831 connect() failed (111: Connection refused) while connecting to upstream

Error: STRIPE_WEBHOOK_SECRET is required at startup (config/stripe.ts:42)
[npm] Lifecycle script `start` failed with error code 1

Never trust sidecar-only readiness for application availability.