📘 Table of Contents

Overview
Quick Reference Table
Debugging by Category
Application-Level Debugging
Infrastructure-Level Debugging
Best Practices
Common curl -vk Scenarios
Command Summary

🧩 Overview

Use curl -vk and curl -I to quickly understand where the request is failing:

Layer	What It Tells You
Client	TLS, DNS, headers
ALB/WAF	Blocking, routing, redirect issues
Ingress	Host/path rule mismatch
Service	Routing / ports issues
Pod/App	Logic errors, crashes

⚡ Quick Reference Table

Category	Code Range	Meaning	Tools
1xx	100–199	Informational	`curl -v`, logs
2xx	200–299	Success	`curl`, application logs
3xx	300–399	Redirect	`curl -I`, check `Location` header
4xx	400–499	Client Error	WAF, auth, ingress
5xx	500–599	Server Error	backend, containers, infra

🧠 Debugging by Category

🟦 1xx — Informational

curl -v https://{{TEST_DOMAIN}}

For WebSockets:

curl -i -H "Connection: Upgrade" -H "Upgrade: websocket" https://{{TEST_DOMAIN}}

🟩 2xx — Success

Check details:

curl -i https://{{TEST_DOMAIN}}/api/resource

Minimal code check:

curl -s -o /dev/null -w "%{http_code}\n" https://{{TEST_DOMAIN}}

🟨 3xx — Redirect

Check redirect chain:

curl -IL https://{{TEST_DOMAIN}}

Check HTTP → HTTPS rule:

curl -I http://{{TEST_DOMAIN}}

🟥 4xx — Client Errors

400 Bad Request

curl -v -X POST -H "Content-Type: application/json" -d '{"broken":123' https://{{TEST_DOMAIN}}/api

401 Unauthorized

curl -v -H "Authorization: Bearer {{TOKEN}}" https://{{TEST_DOMAIN}}/secure

403 Forbidden

curl -v https://{{TEST_DOMAIN}}

Check WAF, IP allow list, RBAC.

404 Not Found

curl -I https://{{TEST_DOMAIN}}/wrongpath

405 Method Not Allowed

curl -X PUT https://{{TEST_DOMAIN}}/api/resource

408 Timeout

curl -m 60 -v https://{{TEST_DOMAIN}}

⛔ 5xx — Server Errors

500 Internal Server Error

curl -v https://{{TEST_DOMAIN}}
kubectl logs {{POD_NAME}} | tail -n 50

502 Bad Gateway

Check via bypass:

curl -vk https://{{ALB_DNS_NAME}}

503 Service Unavailable

kubectl get pods -A | grep {{SERVICE_NAME}}

504 Gateway Timeout

Backend too slow:

curl -m 5 -v https://{{TEST_DOMAIN}}

🧱 Application-Level Debugging

Logs:

tail -f /var/log/{{APP_NAME}}.log

Environment:

printenv | grep {{APP_NAME}}

☁️ Infrastructure-Level Debugging

Pods:

kubectl get pods -A
kubectl logs {{POD_NAME}} --tail=100

DNS:

dig {{TEST_DOMAIN}}

Security Groups:

aws ec2 describe-security-groups --region {{AWS_REGION}}

🧩 Best Practices (Always start here)

curl -v https://{{SERVICE_DOMAIN_UAT}}

Bypass DNS:

curl -k -H "Host: {{SERVICE_DOMAIN_UAT}}" https://{{ALB_DNS_NAME}}

🌐 cURL Deep Debug: Host Header Test

Use when DNS is wrong or propagation pending:

curl -vk -H "Host: {{SERVICE_DOMAIN}}" https://{{ALB_DNS_NAME}}

🔍 Breakdown

Flag	Meaning
`-k`	Ignore SSL verification
`-H "Host: {{SERVICE_DOMAIN}}"`	Overrides Host header
`https://{{ALB_DNS_NAME}}`	Connect directly to ALB

🧠 Expected Outputs & Meanings

Output	Meaning	Fix
200 OK	All good	—
301/302	Redirect	check base URLs
400	malformed request	JSON, headers
403	WAF block	check Web ACL
404	ingress path missing	update Ingress rules
502	ALB can't talk to backend	check target group
503	no healthy pods	fix deployment
504	backend slow	fix DB/API slowness

🧾 Example Response — Sanitized

200 OK

* Connected to {{ALB_DNS_NAME}}
> Host: {{SERVICE_DOMAIN}}
< HTTP/2 200
< content-type: application/json

403 Forbidden (WAF)

< HTTP/1.1 403 Forbidden
< x-amzn-waf-action: BLOCK

404 Ingress Misconfiguration

< HTTP/1.1 404 Not Found
< server: awselb/2.0

⚙️ Command Summary

Purpose	Command
Test endpoint	`curl -vk https://{{TEST_DOMAIN}}`
DNS bypass	`curl -k -H "Host: {{SERVICE_DOMAIN}}" https://{{ALB_DNS_NAME}}`
Headers only	`curl -I https://{{TEST_DOMAIN}}`
Follow redirect	`curl -L https://{{TEST_DOMAIN}}`
DNS check	`dig {{TEST_DOMAIN}}`
Pod logs	`kubectl logs {{POD_NAME}}`
Infra logs	`journalctl -xe`
Nginx reload	`sudo nginx -t && sudo systemctl reload nginx`

Terminal Prompt Port