oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity

Created Reverse Proxy Diagnostics Troubleshooting (markdown)

Peter Bieringer 2024-03-16 16:43:52 +01:00
parent 3053ff9e66
commit 3103cabe2f
1 changed files with 121 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

121
Reverse-Proxy-Diagnostics-Troubleshooting.md Normal file

@ -0,0 +1,121 @@
See also:
* Q&A: https://github.com/Kozea/Radicale/discussions/categories/q-a-reverse-proxy
Precondition "radicale" server is running fine and accessable
* Wiki: https://github.com/Kozea/Radicale/wiki/Server-Diagnostics---Troubleshooting
* Q&A: https://github.com/Kozea/Radicale/discussions/categories/q-a-server
# Listen Status
Check whether "reverse proxy" is proper running
## Webserver "Apache"
Example
```
netstat -nlpt | grep -E ":(80|443) "
tcp6 0 0 :::443 :::* LISTEN 1427/httpd
tcp6 0 0 :::80 :::* LISTEN 1427/httpd
```
## Webserver "nginx"
Example (no TLS configured so far)
```
netstat -nlpt | grep -E ":(80|443) "
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1667/nginx: master
tcp6 0 0 :::80 :::* LISTEN 1667/nginx: master
```
# Proxy connection to "radicale"
## SELinux
In case of SELinux is active and and in "enforcing" mode, SELinux may block connection from "reverse proxy" to "radicale"
### Current status of SELinux
```
sestatus | grep -E "(SELinux status|Current mode)"
SELinux status: enabled
Current mode: enforcing
```
### Check SELinux toggle
At least supported on Enterprise & Fedora Linux
Example for prohibited connection from "reverse proxy" to other servers ("radicale" or any other)
```
getsebool httpd_can_network_connect
httpd_can_network_connect --> off
```
### Permanent enabling
Systems not having extra SELinux policy for "radicale"
```
setsebool -P httpd_can_network_connect=1
getsebool httpd_can_network_connect
httpd_can_network_connect --> on
```
## Send request via "reverse proxy"
### Webserver "Apache"
Example for unsuccessful request
```
curl -I http://localhost:80/radicale/.web/
HTTP/1.1 503 Service Unavailable
Date: Sat, 16 Mar 2024 15:41:29 GMT
Server: Apache/2.4.57 (AlmaLinux) OpenSSL/3.0.7 mod_fcgid/2.3.9 mod_qos/11.74 mod_wsgi/4.7.1 Python/3.9
Connection: close
Content-Type: text/html; charset=iso-8859-1
```
Example for successful request
```
curl -I http://localhost:80/radicale/.web/
HTTP/1.1 200 OK
Date: Sat, 16 Mar 2024 15:42:01 GMT
Server: WSGIServer/0.2 CPython/3.9.18
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 13 Mar 2024 05:36:47 GMT
Content-Length: 8091
```
### Webserver "nginx"
Example for unsuccessful request
```
curl -I http://localhost:80/radicale/.web/
HTTP/1.1 502 Bad Gateway
Server: nginx/1.20.1
Date: Sat, 16 Mar 2024 15:30:51 GMT
Content-Type: text/html
Content-Length: 3854
Connection: keep-alive
ETag: "652d1e3f-f0e"
```
Example for successful request
```
curl -I http://localhost:80/radicale/.web/
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 16 Mar 2024 15:32:56 GMT
Content-Type: text/html
Content-Length: 8091
Connection: keep-alive
Last-Modified: Wed, 13 Mar 2024 05:36:47 GMT
```