Understanding 500 Internal Server Error: Causes, Debugging, and Prevention

7 min read
5xxServer Error

The 500 Internal Server Error is the catch-all of server errors. Something went wrong, but the server can't tell you exactly what. It's vague by design — and that's what makes it frustrating to debug. Let's break down what causes 500 errors, how to track them down, and how to stop them from happening in the first place.

What Is a 500 Internal Server Error?

A 500 status code means the server encountered an unexpected condition that prevented it from completing the request. It's the generic "something broke" response — used when no more specific error code applies.

The 500 (Internal Server Error) status code indicates that the server encountered an unexpected condition that prevented it from fulfilling the request. — RFC 9110, Section 15.6.1

The key word here is unexpected. A 500 means your server hit a code path it wasn't prepared for. If you know the specific cause, there's usually a better status code to use.

Common Causes

These are the most frequent triggers behind 500 errors:

  1. Unhandled exceptions — A thrown error that no try/catch or error middleware caught
  2. Database connection failures — The database is down, the connection pool is exhausted, or credentials are wrong
  3. Null reference errors — Accessing a property on undefined or null because the data wasn't what you expected
  4. Misconfigured environment — Missing environment variables, wrong file paths, or bad configuration values
  5. Dependency failures — A third-party API or service your code relies on is down or returning unexpected data
  6. Out of memory — The server process exceeded its memory allocation and crashed

How to Diagnose a 500

Check Your Application Logs

500 errors almost always leave a stack trace somewhere. Your first move is finding it.

# Check your application logs
pm2 logs my-app --lines 100
 
# If you're using Docker
docker logs my-container --tail 100
 
# System journal (systemd services)
journalctl -u my-app --since "10 minutes ago"

Look for the Stack Trace

The stack trace tells you exactly where the error occurred. In production, make sure you're logging the full error:

// Express global error handler
app.use((err: Error, req: Request, res: Response, next: NextFunction) => {
  // Log the full error — this is what you'll need for debugging
  console.error("Unhandled error:", {
    message: err.message,
    stack: err.stack,
    url: req.url,
    method: req.method,
    timestamp: new Date().toISOString(),
  });
 
  res.status(500).json({ error: "Internal server error" });
});

Check Recent Deployments

A large percentage of 500 errors appear right after a deployment. If the timing matches:

# Check your recent git history
git log --oneline -10
 
# See what changed in the last deploy
git diff HEAD~1 --stat

Roll back if needed, then investigate with less pressure.

Reproduce It Locally

Once you have the stack trace, try to trigger the same error in your development environment. This lets you step through the code and inspect state without the pressure of a production incident.

# Run your app with debug logging enabled
DEBUG=* node server.js
 
# Replay the failing request with the same parameters
curl -X POST http://localhost:3000/api/orders \
  -H "Content-Type: application/json" \
  -d '{"items": null}'

If you can't reproduce it with the same input, the issue may depend on production state — a specific database record, a race condition under load, or an environment variable that differs locally. In that case, narrow it down by checking the failing commit with git bisect or by adding targeted logging around the suspect code path.

Use Error Tracking Tools

Services like Sentry, Datadog, or Bugsnag capture errors with full context — stack traces, request data, user info, and breadcrumbs leading up to the error. If you're not using one of these in production, you're debugging blind.

// Example: Sentry integration in Node.js
import * as Sentry from "@sentry/node";
 
Sentry.init({ dsn: process.env.SENTRY_DSN });
 
app.use(Sentry.Handlers.requestHandler());
// ... your routes ...
app.use(Sentry.Handlers.errorHandler());

Prevention Strategies

Global Error Handling

The single most effective way to prevent unexpected 500 errors is to make sure every error is caught:

// Catch unhandled promise rejections (Node.js)
process.on("unhandledRejection", (reason, promise) => {
  console.error("Unhandled Rejection:", reason);
  // Log to your error tracker, then exit gracefully
});
 
// Catch uncaught exceptions
process.on("uncaughtException", (error) => {
  console.error("Uncaught Exception:", error);
  // Log, clean up, then exit — don't try to continue
  process.exit(1);
});

Input Validation at the Boundary

Validate incoming data before it reaches your business logic. Most null reference errors come from trusting external input:

app.post("/api/orders", (req, res) => {
  const { items, shippingAddress } = req.body;
 
  if (!items?.length) {
    return res.status(400).json({ error: "Items are required" });
  }
 
  if (!shippingAddress?.street) {
    return res.status(400).json({ error: "Shipping address is required" });
  }
 
  // Now you can safely work with the data
  const order = createOrder(items, shippingAddress);
  res.status(201).json(order);
});

Database Resilience

Don't let a database hiccup take down your entire application:

async function queryWithRetry<T>(
  queryFn: () => Promise<T>,
  retries = 3,
): Promise<T> {
  for (let attempt = 1; attempt <= retries; attempt++) {
    try {
      return await queryFn();
    } catch (error) {
      if (attempt === retries) throw error;
      // Exponential backoff
      await new Promise((r) => setTimeout(r, 100 * Math.pow(2, attempt)));
    }
  }
  throw new Error("Query failed after retries");
}

Health Checks

Expose an endpoint that verifies your critical dependencies are working:

app.get("/health", async (req, res) => {
  const checks = {
    database: false,
    redis: false,
  };
 
  try {
    await db.query("SELECT 1");
    checks.database = true;
  } catch {}
 
  try {
    await redis.ping();
    checks.redis = true;
  } catch {}
 
  const healthy = Object.values(checks).every(Boolean);
  res.status(healthy ? 200 : 503).json({
    status: healthy ? "ok" : "degraded",
    checks,
    uptime: process.uptime(),
  });
});

500 vs. Other 5xx Errors

500 is the generic fallback. If you can identify the specific problem, use a more precise code:

StatusNameWhen to use
500Internal Server ErrorUnexpected errors with no more specific code
502Bad GatewayA proxy received an invalid response from upstream
503Service UnavailableServer is overloaded or under maintenance
504Gateway TimeoutA proxy didn't get a response in time

The rule of thumb: use 500 for unexpected internal failures when a more specific status code doesn't better describe the condition. If the database is down and you're aware of it, 503 is more appropriate. If a downstream service returned garbage, that's a 502. But when your code hits a genuinely unplanned failure — an edge case you didn't account for, a corrupted payload, an impossible state — 500 is the right choice.

Wrapping Up

500 errors are the server's way of saying "I didn't plan for this." The best defense is making sure your application handles failures gracefully — catch errors globally, validate inputs at the boundary, and use structured logging so you can find the root cause quickly when things go wrong.

Don't settle for vague 500s in your API. The more specific your error responses, the easier they are to debug — both for you and for anyone consuming your API.

For more details on related status codes, check out our pages on 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, and 504 Gateway Timeout. You might also find our post on understanding 502 errors helpful.

Back to Blog