28. How to Troubleshoot 'Application is Down' Complaints - Ayushi-srivastav/OCI GitHub Wiki

Steps to Troubleshoot a Down Application

Suppose there are two servers:

one serves as the application server and the other as the user's server

The application server is referred to as Test_Instance, while the user's server is called test2_instance

                   Application server                                          User's server

image

In this scenario, the user is attempting to connect to the application server's IP on port 80 but is unable to do so.

To troubleshoot, the OCI Admin will request the result of a Telnet command to verify the IP address and port of the application server the user is trying to reach.

image

Note - Before starting the steps, we have to look Network path analyzer and check the whether is the problem.

There are three steps to resolve this issue :

Step 1. Check Application Status on a Port

First, we'll verify if the application is running and listening on the port 80.

netstat -plan | grep -i 80

As we can see,

app is not running on port 80

image

Next, we'll ask the application team to confirm if the application is active.

systemctl status httpd

image

If it isn't, we'll request them to activate it.

systemctl start httpd

systemctl status httpd

Now, Application is active.

image

Again we check app is listening on port 80 or not

netstat -plan | grep -i 80

Now, Application is listening on port 80

image

So, this is the first troubleshooting step

ask the user to run a telnet command to check if the app server's IP is reachable on the specified port.

telnet 10.0.0.152 80

If not, proceed to the next step.

image

Step 2. Verify Network Firewall Status

Access the subnet's security list and verify whether an ingress rule for port 80 is present

If not, add a rule for the destination port with a subnet source CIDR using the TCP protocol

Add ingress rule in destination and egress rule in source

image

Rule is added

image

verify the egress rule as well.

image

So, this is the Second troubleshooting step

ask the user to run a telnet command to check if the app server's IP is reachable on the specified port.

telnet 10.0.0.152 80

If not, proceed to the next step

image

Step 3. Review Application Server Firewall

Run below command to check if port 80 is added in the firewall

firewall-cmd --list-ports

As we can see, 80 port is not added

image

Now, add port 80 to firewall

firewall-cmd --permanent --zone=public --add-port=80/tcp

image

and restart the firewall

image

now run command and check ports

firewall-cmd --list-ports

image

Finally ask the user to run a telnet command

telnet 10.0.0.152 80

Now , user's server is able to connect Destination server's Application

image