linux troubleshooting guide
Nginx Site Down: A Practical Triage Path
Work from the outside in: DNS answer, TCP listener, Nginx config, service logs, then upstream application behavior.
Problem
The browser says the site is unavailable, users report 502 or 5xx errors, or a deploy changed Nginx behavior. You need to avoid restarting random services until the failure layer is clear.
First rule
Do not reload or restart Nginx until you have checked the current listener, config validity, and recent error logs.
Audience
site owners, developers, junior operators, and hosting support learners
Cert context
Useful for service, networking, log, and web-hosting troubleshooting practice. It is cert-adjacent and unofficial.
quick start
Safe first commands
dig +short example.comcurl -I https://example.com/sudo ss -tulpn | grep ':80\|:443'sudo nginx -tjournalctl -u nginx --since '30 minutes ago' --no-pager
Separate public DNS from server health
A site can look down because clients resolve the wrong address. Test normal DNS, then force a request to the expected server IP when you need to isolate the web server.
dig +short example.comcurl -I https://example.com/curl --resolve example.com:443:203.0.113.10 -I https://example.com/
Confirm something is listening on 80 and 443
A running service is not the same as a listening socket. Use `ss` to prove that a process owns the expected ports on the expected address.
sudo ss -tulpn | grep ':80\|:443'systemctl status nginx --no-pager
Validate config before reload
Nginx config tests are cheap and prevent a typo from becoming a live outage. If the test fails, the output usually names the file and line.
sudo nginx -t
Read recent logs by time window
Recent error lines often distinguish syntax errors, permission denials, missing files, TLS issues, upstream connection refusal, and gateway timeout behavior.
journalctl -u nginx --since '30 minutes ago' --no-pagertail -n 80 /var/log/nginx/error.loggrep -iE 'error|failed|denied|timeout|refused' /var/log/nginx/error.log | tail -40
triage logic
How to read the result
forced `curl --resolve` works but normal curl fails
The server may be healthy while DNS, CDN, or resolver cache is wrong.
Next: Investigate DNS records, TTLs, CDN configuration, and authoritative answers.
ports are not listening
Nginx is stopped, failed, bound differently, or another service owns the port.
Next: Check `systemctl status nginx` and recent journal entries before starting anything.
Nginx returns 502 or 504
Nginx may be up while the upstream application is unavailable or slow.
Next: Check upstream service status, sockets, and app logs.
safety notes
Slow down here
- Avoid blind restart loops; they erase useful timing and may make an outage worse.
- Run `nginx -t` before any reload.
- Keep commands read-only until the failing layer is identified.
Independent study support
These guides are cert-adjacent practice material, not official training, endorsement, exam dumps, or real exam questions.
related lessons
Command cards
- Test Nginx Before Reload
- Show Enabled Nginx Sites
- Find Which Nginx Config Owns a Domain
- List Nginx Listen Directives
- Group Server Errors by URL Path
- Summarize HTTP Status Codes
- Your Site Is Not Down. DNS Might Be Lying.
- Check What Is Actually Listening
- Watch Logs Without Opening the Whole File
- Find Errors Before Reading Every Log Line