Taking a Terraform Enterprise backup with the API gives "502 Bad Gateway" error

Avatar
Daniela Lavric
  • Updated

Problem

When attempting to create a backup of Terraform Enterprise using the backup API, the request fails and returns a 502 Bad Gateway error.

First, you initiate the backup with the following command.

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --request POST \
  --data @payload.json \
  --output backup.blob \
  https://<TFE HOSTNAME>/_backup/api/v1/backup

When you inspect the output file, it contains an error message.

$ cat backup.blob

The contents of backup.blob show the 502 Bad Gateway response.

<html>
  <head>
    <title>502 Bad Gateway</title>
  </head>
  <body>
    <center>
      <h1>502 Bad Gateway</h1>
    </center>
    <hr>
    <center>nginx</center>
  </body>
</html>

Cause

This error can occur if the s3_endpoint attribute in the Terraform Enterprise application configuration is set incorrectly. This attribute should only be defined when using a VPC endpoint or an S3-compatible object storage service, such as Minio. For standard AWS S3 usage, this value should be left blank.

To verify the current configuration, run the following command on the Terraform Enterprise instance.

$ replicatedctl app-config export --hidden

An incorrect configuration may look similar to this example.

https://<bucket-name>.s3.eu-west-1.amazonaws.com

Solution

To resolve this issue, you must reset the s3_endpoint configuration value to an empty string and restart the Terraform Enterprise application.

  1. Reset the s3_endpoint value. The command differs based on your installation type.

    • For an active-active installation, run the following command.
    $ tfe-admin app-config -k s3_endpoint -v ''
    • For a standalone installation, run the following command.
    $ replicatedctl app-config set s3_endpoint --value ''

  2. Restart the Terraform Enterprise application for the change to take effect.

    $ replicatedctl app stop
## App is stopping

$ replicatedctl app start
## App is starting

$ replicatedctl app status

Outcome

After restarting the application, the backup API call should complete successfully. You can now retry the backup process.

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --request POST \
  --data @payload.json \
  --output backup.blob \
  https://<TFE HOSTNAME>/_backup/api/v1/backup

Note: The $TOKEN variable should contain the value of the backup_token from the application configuration.

Additional Information

Articles in this section

See more

Related articles