Created Reverse Proxy Diagnostics Troubleshooting (markdown)

2025-06-26 16:45:52 +00:00 · 2024-03-16 16:43:52 +01:00 · 2024-03-16 16:43:52 +01:00 · 3103cabe2f
commit 3103cabe2f
parent 3053ff9e66
1 changed files with 121 additions and 0 deletions
--- a/Reverse-Proxy-Diagnostics-Troubleshooting.md
+++ b/Reverse-Proxy-Diagnostics-Troubleshooting.md
@ -0,0 +1,121 @@
 See also:
 * Q&A: https://github.com/Kozea/Radicale/discussions/categories/q-a-reverse-proxy
 Precondition "radicale" server is running fine and accessable
 * Wiki: https://github.com/Kozea/Radicale/wiki/Server-Diagnostics---Troubleshooting
 * Q&A: https://github.com/Kozea/Radicale/discussions/categories/q-a-server
 # Listen Status
 Check whether "reverse proxy" is proper running
 ## Webserver "Apache"
 Example
 ```
 netstat -nlpt | grep -E ":(80|443) "
 tcp6       0      0 :::443                  :::*                    LISTEN      1427/httpd          
 tcp6       0      0 :::80                   :::*                    LISTEN      1427/httpd          
 ```
 ## Webserver "nginx"
 Example (no TLS configured so far)
 ```
 netstat -nlpt | grep -E ":(80|443) "
 tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1667/nginx: master  
 tcp6       0      0 :::80                   :::*                    LISTEN      1667/nginx: master  
 ```
 # Proxy connection to "radicale"
 ## SELinux
 In case of SELinux is active and and in "enforcing" mode, SELinux may block connection from "reverse proxy" to "radicale"
 ### Current status of SELinux
 ```
 sestatus | grep -E "(SELinux status|Current mode)"
 SELinux status:                 enabled
 Current mode:                   enforcing
 ```
 ### Check SELinux toggle
 At least supported on Enterprise & Fedora Linux
 Example for prohibited connection from "reverse proxy" to other servers ("radicale" or any other)
 ```
 getsebool httpd_can_network_connect
 httpd_can_network_connect --> off
 ```
 ### Permanent enabling
 Systems not having extra SELinux policy for "radicale"
 ```
 setsebool -P httpd_can_network_connect=1
 getsebool httpd_can_network_connect
 httpd_can_network_connect --> on
 ```
 ## Send request via "reverse proxy"
 ### Webserver "Apache"
 Example for unsuccessful request
 ```
 curl  -I http://localhost:80/radicale/.web/
 HTTP/1.1 503 Service Unavailable
 Date: Sat, 16 Mar 2024 15:41:29 GMT
 Server: Apache/2.4.57 (AlmaLinux) OpenSSL/3.0.7 mod_fcgid/2.3.9 mod_qos/11.74 mod_wsgi/4.7.1 Python/3.9
 Connection: close
 Content-Type: text/html; charset=iso-8859-1
 ```
 Example for successful request
 ```
 curl  -I http://localhost:80/radicale/.web/
 HTTP/1.1 200 OK
 Date: Sat, 16 Mar 2024 15:42:01 GMT
 Server: WSGIServer/0.2 CPython/3.9.18
 Content-Type: text/html; charset=UTF-8
 Last-Modified: Wed, 13 Mar 2024 05:36:47 GMT
 Content-Length: 8091
 ```
 ### Webserver "nginx"
 Example for unsuccessful request
 ```
 curl  -I http://localhost:80/radicale/.web/
 HTTP/1.1 502 Bad Gateway
 Server: nginx/1.20.1
 Date: Sat, 16 Mar 2024 15:30:51 GMT
 Content-Type: text/html
 Content-Length: 3854
 Connection: keep-alive
 ETag: "652d1e3f-f0e"
 ```
 Example for successful request
 ```
 curl  -I http://localhost:80/radicale/.web/
 HTTP/1.1 200 OK
 Server: nginx/1.20.1
 Date: Sat, 16 Mar 2024 15:32:56 GMT
 Content-Type: text/html
 Content-Length: 8091
 Connection: keep-alive
 Last-Modified: Wed, 13 Mar 2024 05:36:47 GMT
 ```