Can't use port 8000 except as NGinx upstream. What am I missing?

I am trying to set up staging and production on the same server, but in two fully distinct ‘bench’ instances.

supervisor.conf and nginx.conf both show that the first one defined uses port 8000 and the second one defined uses port 8001…

upstream frappe-bench-PYPW-frappe {
	server 127.0.0.1:8000 fail_timeout=0;
}
upstream frappe-bench-DYPW-frappe {
	server 127.0.0.1:8001 fail_timeout=0;
}

I cannot get the port 8001 site to work — but that isn’t my immediate question.

Trying to track down the reason, I attempted to connect to port 8001 directly. It refused the connection.
I then attempted to connect to port 8000. It also refused the connection.

I don’t understand!

How can a port be available and useable as an NGinx upstream, but not be useable when called directly. What else do I have to do?

hasan@Toshy:~$ curl -sL 'https://erp.yourpublic.work/api/resource/User/Administrator' \
  --header 'Authorization: token 4174f2bf6ecode1:afa005a3c2dead7' | jq -r .
{
  "data": {
    "name": "Administrator",
    "owner": "Administrator",
        :                      :                     : 

With firewall disabled and NGinx stopped:

hasan@Toshy:~$ curl -sL 'http://193.x.x.43:8000/api/resource/User/Administrator' /
 --header 'Authorization: token 4174f2bf6ecode1:afa005a3c2dead7'
curl: (7) Failed to connect to 193.182.16.43 port 8000: Connection refused

Directly on the server:

erpdev@erpserver:~$ curl 'http://127.0.0.1:8000/api/resource/User/Administrator' /
 --header 'Authorization: token 4174f2bf6ecode1:afa005a3c2dead7';
curl: (52) Empty reply from server
erpdev@erpserver:~$ curl 'http://127.0.0.1:8000/api/resource/User' /
 --header 'Authorization: token 4174f2bf6ecode1:afa005a3c2dead7';
curl: (52) Empty reply from server
erpdev@erpserver:~$ curl 'http://127.0.0.1:8000/api/resource/User';
curl: (52) Empty reply from server
erpdev@erpserver:~$ curl 'http://127.0.0.1:8000'; # api/resource/User';
curl: (52) Empty reply from server
erpdev@erpserver:~$ curl 'http://Administrator:NoBigSecret@127.0.0.1:8000';
curl: (52) Empty reply from server

Oh, yeah. Environment:

erpdev@erpserver:~/frappe-bench-PYPW$ bench --version
5.1.0
erpdev@erpserver:~/frappe-bench-PYPW$ bench version
erpnext 13.0.0-beta.3
frappe 13.0.0-beta.3
erpdev@erpserver:~/frappe-bench-PYPW$ lsb_release -d
Description:	Ubuntu 20.04.1 LTS
erpdev@erpserver:~/frappe-bench-PYPW$

And, finally, in case anyone has any suggestions, here’s my NGinx log when attempting to connect to the second (8001) site, and receiving the " Don’t panic. It’s not you, it’s us." message:

erpdev@erpserver:/etc/nginx/sites-available$ sudo -A tail -fn 3 /var/log/nginx/error.log 
2020/07/25 15:32:12 [notice] 6306#6306: signal process started
2020/07/25 15:32:26 [error] 6309#6309: *145 upstream prematurely closed connection while reading response header from upstream, client: 67.193.35.107, server: dev.yourpublic.work, request: "GET /desk HTTP/1.1", upstream: "http://127.0.0.1:8001/desk", host: "dev.yourpublic.work"
2020/07/25 15:32:26 [error] 6309#6309: *145 upstream prematurely closed connection while reading response header from upstream, client: 67.193.35.107, server: dev.yourpublic.work, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8001/favicon.ico", host: "dev.yourpublic.work", referrer: "https://dev.yourpublic.work/desk"

What does bench setup nginx report?

Sorry, I don’t see the relevance.

I have my own alterations that I do to NGinx server blocks, so although I run bench nginx setup, I delete the symlinks in /et/nginx/conf.d and link to my own in sites-available where they belong.

I do use them as reference from time to time and they are the foundation of my own configuration files. As stated, the site works perfectly well when proxied through NGinx with SSL on port 443.

Meanwhile, my question is about how interact with ERPNext on port 8000 with NGinx turned off.

My apologies, I didn’t understand what you were trying to do.

Is netstat of any use for something like this?

OK!

I figured this out!

In production mode, with supervisorctl controlling restarting ERPNext, it is vital always to refer to the site by its exact name. There is no site localhost nor 127.0.0.1 so it won’t work.

To avoid connecting outside the machine you merely need to register the host name in /etc/hosts:

erpdev@erpserver:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 erpserver

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.0.1   erp.yourpublic.work
127.0.0.1   dev.yourpublic.work
erpdev@erpserver:~$ 

Then make your call specifying the correct site name:

erpdev@erpserver:~$ curl -s 'http://erp.yourpublic.work:8000/api/resource/User/Administrator' --header 'Authorization: token 0784b9727f13bb1:a1c7ae585888075' | jq -r .data.email;
admin@example.com
erpdev@erpserver:~$ 

I am not sure if this is also required in development mode when frappe-bench/sites/currentsite.txt correctly specifies the site.