How do I debug a 502 error (I know very little about http)
curl produces this - but this confirms my problem, not sure how to proceed to a resolution
curl -vvv https://www.transaction-matching.com/ords/_/landing
* Trying 84.8.153.152:443...
* Connected to www.transaction-matching.com (84.8.153.152) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=transaction-matching.com
* start date: Aug 13 04:40:41 2024 GMT
* expire date: Nov 11 04:40:40 2024 GMT
* subjectAltName: host "www.transaction-matching.com" matched cert's "www.transaction-matching.com"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /ords/_/landing HTTP/1.1
> Host: www.transaction-matching.com
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 502 Bad Gateway
< Date: Wed, 21 Aug 2024 06:10:22 GMT
< Content-Type: text/html
< Content-Length: 145
< Connection: keep-alive
<
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center></center>
</body>
</html>
* Connection #0 to host www.transaction-matching.com left intact
Config (please let me know if I have omitted anything that could be relevant)
DNS
GoDaddy
transaction-matching.com = 84.8.153.152
cname apex transaction-matching.com.
cname www transaction-matching.com.
Oracle OCI Load Balancer
Oracle OCI Load Balancer lb_apex23c = 84.8.153.152 (public)
Has certificate
Listener listener_apex23c_ords HTTPS 443 oci-default-ssl-cipher-suite-v1 use SSL=Y
TLS 1.2 & TLS 1.3
No Path route / Routing policy / Rule set
QU: is cipher suite is "best" ?
Backend set
Backend set bes_apex23c_ords
Backend 10.0.0.71 (apex23c-web) 8080
Backend config
[oracle@apex23c-web ~]$ systemctl status ords
● ords.service - Oracle REST Data Services
Loaded: loaded (/etc/systemd/system/ords.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-08-21 05:20:24 GMT; 11min ago
Process: 15093 ExecStop=/usr/bin/bash -c /etc/init.d/ords stop (code=exited, status=0/SUCCESS)
Process: 15166 ExecStart=/usr/bin/bash -c /etc/init.d/ords start (code=exited, status=0/SUCCESS)
Main PID: 15308 (java)
Tasks: 0 (limit: 99892)
Memory: 24.0K
CGroup: /system.slice/ords.service
‣ 15308 java -Doracle.dbtools.cmdline.home=/opt/oracle/ords -Duser.language=en -Duser.region=US -Dfile.encoding=UTF-8 -Djava.awt.headless=true -Dnashorn.args=--no-deprecation-warning -Doracle.dbt>
[oracle@apex23c-web ~]$
[oracle@apex23c-web ~]$ ords --config /etc/ords/config config list
ORDS: Release 24.2 Production on Wed Aug 21 05:32:03 2024
Copyright (c) 2010, 2024, Oracle.
Configuration:
/etc/ords/config
Database pool: default
Setting Value Source
---------------------------------- ------------------------------------------ -----------
database.api.enabled true Global
db.password ****** Pool Wallet
db.username ORDS_PUBLIC_USER3 Pool
db.wallet.zip.path /home/oracle/Wallets/Wallet_APEX23C.zip Pool
db.wallet.zip.service APEX23C_LOW Pool
feature.sdw true Pool
jdbc.InitialLimit 0 Pool
jdbc.MaxLimit 3 Pool
jdbc.MinLimit 0 Pool
plsql.gateway.mode proxied Pool
restEnabledSql.active true Pool
security.requestValidationFunction ords_util.authorize_plsql_gateway Pool
standalone.context.path /ords Global
standalone.doc.root /etc/ords/config/global/doc_root Global
standalone.http.port 8080 Global
standalone.static.context.path /i/24.1.1/ Global
standalone.static.path https://static.oracle.com/cdn/apex/24.1.1/ Global
[opc@apex23c-web ~]$ sudo lsof -i -P -n | fgrep LISTEN | egrep "8443|8080"
java 15308 oracle 8u IPv6 203351 0t0 TCP *:8080 (LISTEN)
Suspect this could appropriate for a number of different forums because (from my simplistic perspective), problem could be LB, ORDS, APEX or even database :(
[ NB I have a similar setup OCI Load Balancer + Custom ORDS 24.1 + APEX 24.1.1 where I can get to landing page - but cannot see any significant differences (to me). I could post config if that helps ].