We need to provide a very important sidenote here. A step zero, if you want, is always trying to bring the system into a working state by removing recent changes. Websites are software that is infinitely more dynamic than anything we had before. If you deploy weekly, you are actually slower than many of your competitors. So when something happens, the probability of a recent set of changes being the culprit is very high.

It is very important to always hold dearly to the main goal of all your actions during such an event; you are searching for a workaround that will allow the business to go on. You need to bring the operations back as soon as possible and only after that you should start searching for the root cause and inventing a strategy of dealing with it once and for all. One of the great sins of young system administrators, especially with developer background, is premature debugging, which I define as spending resources (even if it is just your mental resources and not company money) on the fix without first implementing a quick and dirty workaround.

One of the easiest ways to work around a new problem is to roll back your software to a previous, working version. Organizations that have a good discipline of change control may even choose to roll back on any failure whether it is caused internally or externally. The hardest part is usually on the application server side of things and you, as being responsible for the stability of the service, may require your development team to implement comprehensive rolling back capabilities. There are several things that you may do yourself on the Nginx level though.

% sudo git checkout 'master@{11 minute ago}' nginx

A highly recommended piece of best practice when investigating a website malfunction is to keep a log or journal of ideas to implement afterwards. This will leave you with a list of things to require from yourself and your colleagues in the development and management departments to prevent any new cases of this particular problem. This is why we will mark each step with things to write down into such a journal. You should dump any crazy or trivial ideas into this journal so that you could free your mind for the urgent task at hand. Even if you reject most of the ideas afterwards, keeping this journal will help you during the process.

So, without further ado, let's start.

Again, what we have is a just vague complaint about a website you are responsible for. Someone said that it was not working.

Load the page yourself. This is not the most effective step, but you will do that anyway, won't you? It is a natural reflex—the important part is not to come to any premature conclusions. If it does not load, you should start with checking your internet connection. See the later text.

If the page works for you, you will feel a false relief. Actually, your problem potentially just got harder. The website works for some people (in this case, it works for you) but may not work for everyone. See the HTTP response traffic section here.

By the way, you may sometimes have the answer right here. For example, you will immediately see expired SSL certificates. See also Certificate test.

Check that your own internet connection is okay by trying to load a reference web page, for example, https://www.google.com.

Why is this a separate test at all? Shouldn't we also talk about electricity or clean air then? Two reasons: if you are a small company in a rented office space even in the most advanced countries of the world, chances are that you will get two–three incidents of ISP failure a year. Also, we need a smooth transition to talk about backup connection kits for sysadmins.

You need to have a backup Internet connection for the rare case of your main connection failure. Nowadays, it is usually a mobile phone with a tethering setup. Fire it up and redo the tests. It is surprisingly unpopular to have a backup connection ready, and we would like to say a few words about it. Traditionally, backups are storage. Your office administrators will mirror the disks; you yourself have a loyal trusted Time Machine setup at home for your kids' photographs and documents. But in this day and age, with all applications moved or moving to the cloud, storage backup systems lose their importance. You won't built anything remotely comparable with what Dropbox has (with the help of Amazon Web Services) yourself. Scale effects buy additional redundancy and talent. But at the same time, the importance of your connection rises.

A modern Chromebook is a fast and cheap workhorse machine right until the WiFi vanishes because the access point power supply brick got scorched or something. Modern IT people feel less pressure with the storage backup and should use the freed resources to ensure connection backups instead. Think about your options and invest in an alternative way to bring back your office online maybe even with less bandwidth. You will be happy when this system helps you. And think of it exactly as you did about your storage backups; these are risk aversion systems. They are not required to ever be used, not even once to still be considered a successful investment.

Look at your general HTTP monitoring graph or at least tail -f the access log. This is the most informative way of knowing what the effects of the incident are, if they exist. You have to have the infrastructure in place, and we will explain a way of establishing one in Chapter 6, Monitoring Nginx. The general HTTP graph will contain a chart of how many HTTP response codes your site generated each minute. You are most interested in the level of 200 responses. There are several possibilities, as follows:

This is a good place to be. Your website is likely serving your visitors in the same way it did. This is the time when you have to involve people from development because right now, these are the ways that the website may still not do what is expected.

% curl -sLI http://google.com/non-existent | fgrep HTTP/
HTTP/1.1 301 Moved Permanently
HTTP/1.1 404 Not Found

% curl -sLI http://live.com/non-existent | fgrep HTTP/
HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
HTTP/1.1 302 Found
HTTP/1.1 200 OK

try_files file1 file2 … uri;

location /get-recommendations {
  try_files static-recs.html empty.html @recommender_engine; 
}
location @recommender_engine {
  proxy_pass http://ml-fuzzy-bigdata-pipeline/compute-personal-recommendations?for=$user;
}

upstream ml-backend {
  server machine-learning1.example.com;
  server machine-learning2.example.com;
  server unix:/var/run/mld.sock backup;
}

location @recommender_engine {
  proxy_pass http://ml-backend/compute;
}

max_fails=$number

fail_timeout=$duration

backup

You probably don't serve your users at all. This is the worst scenario for your business. All your efforts should be not on fixing the problem but on working around it. You will debug and fix the problem the right way later, but now you need to throw everything at bringing the service back up.

One very useful practice in such a situation is to put one of the malfunctioning servers on ice, that is, removing it from production but leaving it alone for the sake of preserving the erroneous state intact. A full disk, a busy waiting process hogging the CPU—let the machine keep doing that until you have enough time for actual thorough debugging. It is only natural to try cleaning up right away, but you may destroy the vital evidence by removing a single core dump or a seemingly archived log. We know that it would be hard to be vaguer than that, but the specifics require knowing your exact configuration and the details of the trouble you are facing. Sometimes, it is enough to remove an IP address from an upstream block in nginx.conf.

Returning to our example with a heavy backend machine-learning cluster:

upstream ml-backend {
  server machine-learning1.example.com;
  server machine-learning2.example.com;
  server unix:/var/run/mld.sock backup;
}

Removing machine-learning1 from the block and leaving it alone will make further investigations possible after you bring the second host up and start serving users.

First, you check the connectivity to the actual Nginx servers. You run a ping command, leave it in the background for a minute to see the packet loss, and immediately try connecting to the 80 port via a Telnet program. If you see ping bailing out with:

ping: unknown host

... you have likely found the problem.

Your domain expired. This is the most stupid problem to have. People get fired for that. But this still happens a lot which is insane. One of the popular scenarios for smaller shops is when the owner of the business wants to keep ultimate control of the property in their own hands and keeps the credentials to the domain registrar to themselves but does not have time and resources to actually react to all those renewal reminder e-mails. This sounds unprofessional, but it happens frequently.

Currently, you have to demand those credentials or demand that they log in and immediately pay the registrar to keep the domains delegated.

Other bad signs are: ping is hanging, and packet loss is way above zero. This is the time you call your hosting provider support while simultaneously trying to ping from another location. You should have a server or two in a completely different data center from your main operation, so you just ssh to one of them and ping your website from there.

This is a case of some severe packet loss happening between me and Twitter's t.co service. Most of the time, it is a sign of problems on your side, not theirs. But rare things happen, and you should be ready for that:

If ping cannot reach your server from there either, start rebooting your servers.

You should have a way to reboot an otherwise unreachable server; every modern hosting provider has it, whether in the form of a simple menu item Reboot, such as in Amazon EC2 or a whole Intelligent Platform Management Interface (IPMI) console access.

Reboot helps surprisingly often. It may also destroy evidence (for example, if you have a "run-away" process hung on a rare bug that will be killed on reboot), but being online is still more valuable.

If you cannot reboot or it didn't help, you should be talking to your hosting provider already. They may have some kind of connectivity trouble. Otherwise, you might be a victim of DDoS, and your hoster has already initiated its anti-DDoS measures.

You haven't yet found your problem if the server is reachable and your telnet to the 80 port shows the following output:

Nginx is working, but because it is your application that is usually behind Nginx that carries the logic of the business, your website is useless. This is where you switch hats; now you need to bring up the upstream.

There are several ways in which Nginx connects to the upstream application. It may be a rather simple HTTP proxy. This is what historically is called the "reverse proxy" or "web accelerator" mode. It may also use FastCGI or other technology stack-specific protocols, such as WSGI or PSGI.

The HTTP mode is easier to debug, and you should recommend it to your developers although in the end it is their decision which interface to use. Nginx equally supports all of them.

Finding a problem in your application code is also beyond the scope of our book. You may have a database failure or an actual software bug. What you may do now, besides engaging developers, is provide your visitors with a nice humble static page explaining that you have temporary technical problems. A simple way to redirect all requests to a single location is this:

server {
    redirect http://somewhere.on.s3.example.com/status.html 302;
}

This will return a specially crafted HTTP response to all requests. The response will have 302 status code (which is the closest to "temporary redirect") and a Location: header with the value you provide.

If telnet gives you

telnet: Unable to connect to remote host: Connection refused

or hangs on the phase "Trying 392.1.2.3..." then read on.

We are now on one of those steps where hopes are high. Nginx rarely crashes, but no response on the 80 port may be a sign of a crash. Try logging in to the server with ssh. If you fail for whatever reason, reboot your servers and start from there. See information about rebooting the earlier.

Once you are done with it, immediately restart Nginx. The exact commands will depend on the type of OS you use.

On FreeBSD, this is as simple as the following:

% sudo /usr/local/etc/rc.d/nginx restart

On Debian-based Linux distributions, it is either:

% sudo service nginx restart

...for Debian 8.0 and higher or:

% sudo /etc/init.d/nginx restart

Restarting a daemon serving network requests is an important operation. Although this particular failure usually means that it does not serve anything right now, we would like to use the occasion to describe how Nginx authors solved the problem of restarts.

%  sudo service nginx restart
Job for nginx.service failed. See "systemctl status nginx.service" and "journalctl -xe" for details.
% sudo systemctl status nginx.service
nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code)
  Process: 10144 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 10112 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 10297 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 10113 (code=exited, status=0/SUCCESS)
Mar 10 17:59:27 server systemd[1]: Starting A high performance web server and a reverse proxy server...
Mar 10 17:59:27 server nginx[10297]: nginx: [emerg] "listen" directive is not allowed here in /etc/nginx/nginx.conf:75
Mar 10 17:59:27 server nginx[10297]: nginx: configuration file /etc/nginx/nginx.conf test failed

This case seems to be easier on the business and it might be, but it is actually much worse for you because you don't know what is still working and what is not. Maybe you have an electronic bookstore and all your Order now clicks are failing. Everything else works, but you earn only on successful orders. Unfortunately, this is the hardest case of all. On the other side, these are rare.

A common (human) error is letting your HTTPS certificates expire. The parts of your website that are not behind HTTPS will continue to work. Moreover, each browser allows a user to override the expiration warning and go on with the business. Because of this, you will see a number of successful responses in your monitoring and logs, but it will be significantly lower than your usual levels.

Issuing new certificates is easy. You may also try switching https off for a short while in a desperate attempt to serve some more people while you are waiting for your new certificates. We cannot recommend that.

One of the more interesting reasons that you may see lower traffic is performance problems, and we have a whole chapter devoted to performance coming next.