How to enable debug log on nginx routers - Useful ...

Report Inappropriate Content · ‎03-31-2017

The following steps can be used to enable debug logging on nginx routers to capture more information. This is useful in troubleshooting issues with 2-Way TLS setup etc.

On the nginx router(s), perform the following steps:

1. Edit file the /opt/nginx/conf/nginx.conf:

Change the line

error_log  /opt/nginx/logs/error.log crit;

to

error_log  /opt/nginx/logs/error.log debug;

2. Edit the file /opt/nginx/conf.d/<orgname>_<envname>_<vhost>.conf (For example: myorg_prod_secure.conf):

Change the line

error_log /opt/apigee/var/log/edge-router/nginx/<orgname>~<envname>.<port>_error_log error;

to

error_log /opt/apigee/var/log/edge-router/nginx/<orgname>~<envname>.<port>_error_log debug;

3. Run nginx reload command

/opt/nginx/scripts/apigee-nginx reload

4. The below 2 files will now capture debug information:

/opt/apigee/var/log/edge-router/nginx/<orgname>~<envname>.<port>_error_log

and

/opt/nginx/logs/error.log

Report Inappropriate Content · ‎05-04-2017

Hi Arjav,

I tried this approach in 16.0108 version. Seems, it is not logging much information. I am looking for more logs to debug SSL handshake issues. Is there any way to log ssl debug logs.

Thanks,

Mula

Report Inappropriate Content · ‎05-05-2017

@mvvbr Last time the above nginx logs and a tcpdump on both client and server helped us troubleshoot a 2-way SSL issue.

frankliu1 · ‎05-08-2017

As @Maruti Chand said, this should work and we have validated it.

If the information in the log are not detailed enough, you can get further info by using the debug build of nginx.

sudo yum install apigee-nginx-debug

sudo vi /etc/sysconfig/apigee-nginx to have NGINX=/opt/nginx/sbin/nginx.debug

sudo /opt/nginx/scripts/apigee-nginx restart

ps -ef | grep nginx should now show nginx.debug process is running. Hopefully you can get what you want now.

How to enable debug log on nginx routers - Useful for TLS troubleshooting etc.