Why did upgrading to PHP 8.2 suddenly cause 502 upstream errors that never happened on PHP 8.1?

PHP 8.2 enforces stricter type handling and deprecates more implicit coercions than 8.1. Code that silently cast a string to int in 8.1 now throws a fatal TypeError in 8.2, which kills the FPM worker immediately with zero bytes written to the socket. Nginx receives the closed connection and logs the 502. Check /var/log/php8.2-fpm.log with 'catch_workers_output = yes' enabled to see the exact fatal error from the dead worker.

What is the correct relationship between fastcgi_read_timeout in Nginx and request_terminate_timeout in PHP-FPM?

fastcgi_read_timeout (Nginx) must always be set higher than request_terminate_timeout (PHP-FPM). The intended behavior is: FPM terminates the long-running worker cleanly and returns an error response to Nginx before Nginx's own timeout fires. If Nginx times out first, it closes the connection from its side, which can cause different error states. A safe rule: set request_terminate_timeout to N seconds and fastcgi_read_timeout to N+10 or higher.

How do I tell if the 502 is caused by pool exhaustion versus a PHP fatal error versus an OOM kill?

Run three checks: (1) OOM kill — 'sudo dmesg | grep -i killed | grep php' — if you see entries here, increase server RAM or lower pm.max_children to reduce per-worker memory footprint. (2) PHP fatal — enable 'catch_workers_output = yes' in php-fpm.conf and check the FPM error log for TypeError or other fatal messages. (3) Pool exhaustion — run 'curl http://127.0.0.1/fpm-status?full' and compare 'active processes' to 'max children' — if they are equal, all workers are busy and new requests are being rejected immediately.

How to Fix Nginx 502 'Upstream Prematurely Closed Connection' with PHP 8.2 FPM

Threat/Impact Level: HIGH | Downtime Risk: HIGH | Time to Fix: 15–45 mins depending on root cause

TL;DR

What broke: PHP-FPM 8.2 worker died, timed out, or was OOM-killed mid-request before sending a single response header byte to Nginx, causing Nginx to emit a 502.
How to fix it: Align fastcgi_read_timeout in Nginx with request_terminate_timeout in FPM, tune pm worker settings to prevent pool exhaustion, and audit PHP 8.2 fatal errors in /var/log/php-fpm/www-error.log.
Shortcut: Use our Client-Side Sandbox below to paste your nginx.conf and www.conf — it auto-detects the timeout mismatch and refactors both files locally without sending your config anywhere.

The Incident (What Does the Error Mean?)

You will see this in /var/log/nginx/error.log:

2024/01/15 03:42:17 [error] 1234#1234: *5678 upstream prematurely closed connection
while reading upstream response header from upstream,
client: 10.0.1.45, server: app.example.com,
request: "POST /api/process HTTP/1.1",
upstream: "fastcgi://unix:/run/php/php8.2-fpm.sock",
host: "app.example.com"

Immediate consequence: Every request hitting that FPM worker returns a hard 502. If the pool is exhausted or the crash is recurring, your entire application is down. Load balancers mark the instance unhealthy. Auto-scaling triggers but new instances inherit the same broken config.

The Attack Vector / Blast Radius

This is a cascading failure vector, not a one-off crash. Here is the kill chain:

PHP-FPM worker dies (OOM kill, uncaught exception in PHP 8.2 strict typing, or request_terminate_timeout fires) mid-execution.
The Unix socket or TCP connection to Nginx is closed with zero bytes written — no status line, no headers.
Nginx, still waiting on fastcgi_read_timeout (default: 60s), receives the socket close event and logs the 502.
If pm = dynamic and pm.max_children is undersized, all workers pile up on slow DB queries or external API calls. New requests queue, then fail immediately with 502 because no workers are free to even start processing.
PHP 8.2 introduced stricter type coercion — code that silently worked on 8.1 now throws TypeError fatals. These kill the worker with no HTTP output, making this error far more common on 8.2 upgrades.

Secondary blast radius: Any upstream service your PHP app calls (Redis, MySQL, external APIs) may hold open connections from dead workers, exhausting connection pools on those services simultaneously.

How to Fix It

Step 1 — Identify the Actual Root Cause

Before touching config, check these in order:

# 1. Check for OOM kills
sudo dmesg | grep -i 'killed process' | grep php

# 2. Check PHP-FPM worker crash logs
sudo tail -n 100 /var/log/php8.2-fpm.log
sudo tail -n 100 /var/log/nginx/error.log | grep upstream

# 3. Check pool status (if pm.status_path is enabled)
curl http://127.0.0.1/fpm-status?full

# 4. Check active worker count vs max_children
ps aux | grep php-fpm | wc -l

Basic Fix — Timeout Alignment

The most common cause: fastcgi_read_timeout in Nginx is shorter than the actual PHP execution time, or request_terminate_timeout in FPM kills the worker before Nginx gives up.

# /etc/nginx/sites-available/app.conf

 location ~ \.php$ {
     fastcgi_pass unix:/run/php/php8.2-fpm.sock;
     fastcgi_index index.php;
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_read_timeout 60;
-    fastcgi_send_timeout 60;
-    fastcgi_connect_timeout 60;
+    fastcgi_read_timeout 300;
+    fastcgi_send_timeout 300;
+    fastcgi_connect_timeout 10;
+    fastcgi_buffers 16 16k;
+    fastcgi_buffer_size 32k;
 }

# /etc/php/8.2/fpm/pool.d/www.conf

- request_terminate_timeout = 0
+ request_terminate_timeout = 290
+ request_slowlog_timeout = 10s
+ slowlog = /var/log/php8.2-fpm-slow.log

- pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 3
+ pm = dynamic
+ pm.max_children = 50
+ pm.start_servers = 10
+ pm.min_spare_servers = 5
+ pm.max_spare_servers = 20
+ pm.max_requests = 500

Rule: fastcgi_read_timeout (Nginx) must always be greater than request_terminate_timeout (FPM). FPM should terminate the worker first, cleanly, before Nginx gives up and 502s.

Enterprise Best Practice — Layered Hardening

# /etc/php/8.2/fpm/pool.d/www.conf

+ ; Prevent runaway workers from holding connections indefinitely
+ request_terminate_timeout = 290
+
 + ; PHP 8.2 — explicitly set memory limit per pool, not just php.ini
 + php_admin_value[memory_limit] = 256M
+
 + ; Catch worker crashes and restart automatically
 + emergency_restart_threshold = 10
 + emergency_restart_interval = 1m
 + process_control_timeout = 10s
+
 + ; Enable status endpoint for monitoring
 + pm.status_path = /fpm-status
 + ping.path = /fpm-ping

# /etc/php/8.2/fpm/php-fpm.conf

- error_log = /var/log/php8.2-fpm.log
- log_level = notice
+ error_log = /var/log/php8.2-fpm.log
+ log_level = warning
+ log_limit = 8192
+ ; Critical for PHP 8.2 TypeError fatals showing full stack
+ catch_workers_output = yes
+ decorate_workers_output = yes

For PHP 8.2 specifically — audit code for deprecated implicit type coercions:

- function processOrder(int $id) {
-     $result = fetchFromDB("SELECT * FROM orders WHERE id = " . $id);
+ function processOrder(int $id): array {
+     if (!is_int($id)) throw new \InvalidArgumentException('ID must be integer');
+     $result = fetchFromDB("SELECT * FROM orders WHERE id = " . $id);

💡 Tired of pasting proprietary configs into ChatGPT? Generic AI tools log your company's ARNs, DB strings, and private keys. StackEngine is a zero-backend, pure Client-Side WASM utility. Drop your failing config into the sandbox above. We redact your secrets locally in the browser and auto-generate the refactored code using your own API key.

Prevention in CI/CD

1. Validate FPM/Nginx Config in Pipeline

# Add to your CI pipeline (GitHub Actions / GitLab CI)
- name: Validate Nginx Config
  run: |
    docker run --rm -v $(pwd)/nginx:/etc/nginx nginx:stable nginx -t

- name: Validate PHP-FPM Config
  run: |
    php-fpm8.2 --test -y /etc/php/8.2/fpm/php-fpm.conf

2. Enforce Timeout Consistency with a Shell Guard

#!/bin/bash
# ci/check-timeout-alignment.sh
NGINX_TIMEOUT=$(grep fastcgi_read_timeout nginx/app.conf | grep -oP '\d+')
FPM_TIMEOUT=$(grep request_terminate_timeout fpm/www.conf | grep -oP '\d+')

if [ "$NGINX_TIMEOUT" -le "$FPM_TIMEOUT" ]; then
  echo "FATAL: fastcgi_read_timeout ($NGINX_TIMEOUT) must be > request_terminate_timeout ($FPM_TIMEOUT)"
  exit 1
fi
echo "Timeout alignment OK: Nginx=$NGINX_TIMEOUT FPM=$FPM_TIMEOUT"

3. Monitor with Prometheus + Alert Before 502s Start

# prometheus/alerts/php-fpm.yml
groups:
  - name: php-fpm
    rules:
      - alert: FPMPoolNearlyExhausted
        expr: phpfpm_active_processes / phpfpm_max_children > 0.85
        for: 2m
        labels:
          severity: warning
        annotations:
          summary: "PHP-FPM pool at {{ $value | humanizePercentage }} capacity — 502s imminent"

4. Checkov / OPA Policy for Infrastructure-as-Code

If you manage FPM config via Ansible or Terraform:

# checkov custom check — enforce pm.max_children >= 20
from checkov.common.models.enums import CheckResult
from checkov.ansible.checks.base_ansible_check import BaseAnsibleCheck

class CheckFPMMaxChildren(BaseAnsibleCheck):
    def __init__(self):
        self.id = "CKV_ANSIBLE_FPM_001"
        self.name = "Ensure PHP-FPM pm.max_children is adequately sized"

    def check_resource_config(self, conf):
        max_children = conf.get("pm.max_children", 0)
        return CheckResult.PASSED if int(max_children) >= 20 else CheckResult.FAILED