GetSRV Notes Static site operations reference

Updated:

TLS fallbacks

A site may pass through several layers: public TLS endpoint, local listener, Nginx, and static web root.
To avoid guessing, check each layer separately.

Main idea: public checks and local checks should produce compatible results.

Layer 1. Public HTTPS

curl -kI https://getsrv.app/

Expected:

HTTP/2 200
content-type: text/html
cache-control: public, must-revalidate

Check TLS:

openssl s_client -connect getsrv.app:443 -servername getsrv.app -alpn h2 -brief

Layer 2. Local Nginx listener

If Nginx listens on a local TLS port, test it directly:

curl -kI --resolve getsrv.app:7443:127.0.0.1 https://getsrv.app:7443/

And with OpenSSL:

openssl s_client -connect 127.0.0.1:7443 -servername getsrv.app -alpn h2 -brief

If the local listener returns the expected result, Nginx and web root are likely healthy.

Layer 3. Web root

Check files:

sudo test -f /var/www/getsrv.app/index.html && echo "index OK"
sudo test -f /var/www/getsrv.app/en/docs/index.html && echo "docs OK"
sudo test -d /var/www/getsrv.app/assets && echo "assets OK"

Check permissions:

namei -l /var/www/getsrv.app/index.html

Layer 4. 404 behavior

A normal 404 should be a controlled site response, not a random server failure.

curl -kI https://getsrv.app/no-such-page

Expected:

HTTP/2 404
cache-control: public, must-revalidate
content-security-policy: ...

How to read results

Public OK, local OK

The basic site is healthy. If the issue appears only in the browser, check browser cache or DevTools.

Public broken, local OK

Nginx and web root are alive. Check the external layer: listener, routing, firewall, SNI routing, upstream path to Nginx.

Public OK, local broken

There may be a mismatch in the local test: wrong port, wrong protocol, wrong --resolve, or the local listener is not TLS.

Public 403

Often means empty web root or missing index.html.

Check:

sudo test -f /var/www/getsrv.app/index.html && echo OK || echo missing

Public 404 on an existing page

Check the matching index.html:

sudo test -f /var/www/getsrv.app/en/docs/cache-control/index.html && echo OK || echo missing

Minimal command set

curl -kI https://getsrv.app/
curl -kI https://getsrv.app/no-such-page

curl -kI --resolve getsrv.app:7443:127.0.0.1 https://getsrv.app:7443/

openssl s_client -connect getsrv.app:443 -servername getsrv.app -alpn h2 -brief
openssl s_client -connect 127.0.0.1:7443 -servername getsrv.app -alpn h2 -brief

sudo ss -lntp | grep -E ':(443|7443)\b'

This is enough to understand whether the issue is in the public layer, local Nginx, certificate, or static files.