kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/svc-prx-openresty/docs/DEBUG.md

2.6 KiB
Raw Permalink Blame History

Debugging OpenResty Configuration

This document provides commands and tips to validate and inspect the OpenResty (Nginx) configuration and the Docker Compose setup.

1. Validate OpenResty / Nginx Configuration

  • Quick syntax check (quiet):

    docker exec {{ openresty_container }} openresty -t -q

    Returns only errors.

  • Detailed syntax check (show warnings):

    docker exec {{ openresty_container }} openresty -t

    or:

    docker exec {{ openresty_container }} nginx -t

2. Dump the Complete Merged Nginx Configuration

To see the full configuration after all include directives are processed:

# Within the running container
docker exec {{ openresty_container }} openresty -T
# or equivalently
docker exec {{ openresty_container }} nginx -T

This outputs every directive from nginx.conf and all files in conf.d in the order Nginx will use them.

3. Inspect the Docker Compose Configuration

To view the final, merged Docker Compose setup (combining all docker-compose.yml files and variable interpolation):

docker-compose -f docker-compose.yml config

If you use a custom project name or multiple override files:

docker-compose -p <project_name> -f docker-compose.yml -f override.yml config

4. Verifying which domains your TLS certificate covers

To see all hostnames (Subject Alternative Names) included in your certificate, you can inspect the issued fullchain.pem file with openssl:

openssl x509 \
  -in /etc/letsencrypt/live/<your-cert-name>/fullchain.pem \
  -noout \
  -text \
| grep -A1 "Subject Alternative Name"

This will print something like:

            X509v3 Subject Alternative Name:
                DNS:example.com, DNS:www.example.com, DNS:api.example.com

Alternatively, you can query the live service directly:

openssl s_client \
  -connect matrix.cymais.cloud:443 \
  -servername matrix.cymais.cloud \
  </dev/null 2>/dev/null \
| openssl x509 -noout -text \
| grep -A1 "Subject Alternative Name"

That way youll see exactly which domains your server is serving and which names are valid in the presented certificate.

::contentReference[oaicite:0]{index=0}

5. Common Troubleshooting Tips

  • Ensure that all volume mounts and file paths match your host layout.

  • Confirm file permissions allow the container to read configuration files.

  • Use -q for a concise error-only check, omit it to see warnings.

  • After fixing issues, reload without downtime:

    docker exec {{ openresty_container }} openresty -s reload