Overview
This article provides a structured troubleshooting guide for JetProxy (NGINX-based) installations.
It covers pre-troubleshooting verification steps to confirm optimization settings are correctly applied, followed by resolution procedures for the most common issues.
Each section includes specific commands and expected outputs to help identify and resolve the issue quickly.
Ensure your JetProxy installation is optimized before troubleshooting issues.
If you haven't optimized your installation yet, please complete the JetProxy Optimization Steps.
Optimization Verification Checklist
Confirm the following optimizations have been correctly applied:
| Verification Step | Command | Expected Result |
| SELinux Network Access | getsebool httpd_can_network_connect | on |
| File Descriptor Limit | sysctl fs.file-max | 70000 or higher |
| NGINX Soft Limit | su -s /bin/bash -c 'ulimit -Sn' nginx | 10000 |
| NGINX Hard Limit | su -s /bin/bash -c 'ulimit -Hn' nginx | 30000 |
| NGINX Payload Limit | grep client_max_body_size /etc/nginx/conf.d/intigua.conf | 100M or desired limit |
If all checks pass, proceed to troubleshooting. Resolve any discrepancies first by revisiting the optimization guide.
Validate Nginx Configuration
- Check for syntax errors:
| sudo nginx -t |
- Expected output:
|
syntax is ok test is successful |
- Correct any reported issues and reload Nginx:
| sudo systemctl restart nginx |
502 Bad Gateway
- Possible Causes:
- Backend server unavailable or misconfigured.
- SSL handshake failure.
- Resolution Steps:
- Review Nginx error logs:
| sudo tail -30 /var/log/nginx/error.log |
- Replace invalid SSL certificates/keys. Update paths in Nginx configs.
- Check backend server availability:
| curl -v http://<upstream-server> |
- Restart Nginx:
| sudo systemctl restart nginx |
504 Gateway Timeout
- Possible Causes:
- Slow or unresponsive backend server.
- Insufficient timeout settings in Nginx.
- Firewall blocking backend traffic.
- Resolution Steps:
- Confirm backend server is responsive:
| curl -v http://<upstream-server> |
- Adjust Nginx timeout settings (/etc/nginx/conf.d/timeout.conf):
|
proxy_connect_timeout 900; proxy_send_timeout 600; proxy_read_timeout 600; send_timeout 600; |
- Verify firewall rules:
| sudo firewall-cmd --list-all |
- Reload Nginx:
| sudo systemctl restart nginx |
SELinux Blocking Connections
- Symptoms:
- Connection timeouts in Nginx logs.
- Denials in SELinux audit logs.
- Resolution Steps:
- Identify SELinux denials:
| sudo ausearch -m avc | grep nginx |
- Enable SELinux network access (reapply if needed):
| sudo setsebool -P httpd_can_network_connect 1 |
- If issues persist, switch SELinux to minimal mode: - Edit /etc/selinux/config, set:
| SELINUXTYPE=minimum |
| - Reboot the system: |
| sudo reboot |
Proxy or Redirect Not Accessible
- Resolution Steps:
- Test proxy access internally via browser:
| https://<proxy_internal_IP> |
- Ensure ports HTTP (80), HTTPS (443), WSUS (8530/8531) are open:
| sudo firewall-cmd --list-all |
- Validate proxy configurations in /etc/nginx/conf.d/.
Proxy Script Issues
- Resolution Steps:
- Re-run the proxy script:
| sudo ./proxy_script.sh |
- Check logs to identify and resolve errors.
UI Slowness
- Resolution Steps: If you can see in logs that requests were going to IPv6 (: connect() to [::1]:9090 failed ) instead of IPv4, Kindly Disable IPv6 in /etc/hosts and observe the performance.
Resolution Steps:
If you can see in logs that requests were going to IPv6 (: connect() to [::1]:9090 failed ) instead of IPv4, Kindly Disable IPv6 in /etc/hosts and observe the performance.
|
vi /etc/hosts #comment ::1 line eg: #::1 localhost localhost6 localdomain localdomain6 |
Comments
0 comments
Article is closed for comments.