28. How to Troubleshoot 'Application is Down' Complaints - Ayushi-srivastav/OCI GitHub Wiki
Steps to Troubleshoot a Down Application
Suppose there are two servers:
one serves as the application server and the other as the user's server
The application server is referred to as Test_Instance, while the user's server is called test2_instance
Application server User's server
In this scenario, the user is attempting to connect to the application server's IP on port 80 but is unable to do so.
To troubleshoot, the OCI Admin will request the result of a Telnet command to verify the IP address and port of the application server the user is trying to reach.
Note - Before starting the steps, we have to look Network path analyzer and check the whether is the problem.
There are three steps to resolve this issue :
Step 1. Check Application Status on a Port
First, we'll verify if the application is running and listening on the port 80.
netstat -plan | grep -i 80
As we can see,
app is not running on port 80
Next, we'll ask the application team to confirm if the application is active.
systemctl status httpd
If it isn't, we'll request them to activate it.
systemctl start httpd
systemctl status httpd
Now, Application is active.
Again we check app is listening on port 80 or not
netstat -plan | grep -i 80
Now, Application is listening on port 80
So, this is the first troubleshooting step
ask the user to run a telnet command to check if the app server's IP is reachable on the specified port.
telnet 10.0.0.152 80
If not, proceed to the next step.
Step 2. Verify Network Firewall Status
Access the subnet's security list and verify whether an ingress rule for port 80 is present
If not, add a rule for the destination port with a subnet source CIDR using the TCP protocol
Add ingress rule in destination and egress rule in source
Rule is added
verify the egress rule as well.
So, this is the Second troubleshooting step
ask the user to run a telnet command to check if the app server's IP is reachable on the specified port.
telnet 10.0.0.152 80
If not, proceed to the next step
Step 3. Review Application Server Firewall
Run below command to check if port 80 is added in the firewall
firewall-cmd --list-ports
As we can see, 80 port is not added
Now, add port 80 to firewall
firewall-cmd --permanent --zone=public --add-port=80/tcp
and restart the firewall
now run command and check ports
firewall-cmd --list-ports
Finally ask the user to run a telnet command
telnet 10.0.0.152 80
Now , user's server is able to connect Destination server's Application