Dear Forum-Member,
I feel bad and ashame for having to ask you guys again about a Nginx problem of mine. I have been struggeling with this a while now and decided to ask you, since alot of you seem to understand Nginx quite well.
Basicly I’m building a new Server based on an running server just with different URL-Name. only difference is that I didn’t install certbot with nginx plugin. Rather I installed Nginx as guided from the official website. Then installed certbot without plugins and used the standalone Parameter to fetch the certificates. That all worked quite fine.
The Error Message is:
nginx: [emerg] unexpected "m" in /etc/nginx/conf.d/seafile.conf:24
I installed Nginx like this:
sudo apt-get install nginx
My Nginx is has the following Details:
nginx version: nginx/1.14.0
built by gcc 7.3.0 (Ubuntu 7.3.0-16ubuntu3)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments:
–prefix=/etc/nginx
–sbin-path=/usr/sbin/nginx
–modules-path=/usr/lib/nginx/modules
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–pid-path=/var/run/nginx.pid
–lock-path=/var/run/nginx.lock
–http-client-body-temp-path=/var/cache/nginx/client_temp
–http-proxy-temp-path=/var/cache/nginx/proxy_temp
–http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
–http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
–http-scgi-temp-path=/var/cache/nginx/scgi_temp
–user=nginx
–group=nginx
–with-compat
–with-file-aio
–with-threads
–with-http_addition_module
–with-http_auth_request_module
–with-http_dav_module
–with-http_flv_module
–with-http_gunzip_module
–with-http_gzip_static_module
–with-http_mp4_module
–with-http_random_index_module
–with-http_realip_module
–with-http_secure_link_module
–with-http_slice_module
–with-http_ssl_module
–with-http_stub_status_module
–with-http_sub_module
–with-http_v2_module
–with-mail
–with-mail_ssl_module
–with-stream
–with-stream_realip_module
–with-stream_ssl_module
–with-stream_ssl_preread_module
–with-cc-opt=’-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.14.0/debian/debuild-base/nginx-1.14.0=. -specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC’
–with-ld-opt=’-Wl,-Bsymbolic-functions -specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro -Wl,-z,now -Wl,–as-needed -pie’
My Nginx config looks like this:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
And most important my Seafile.conf for Nginx saved at: /etc/nginx.conf.d/
line 24 is the line where i have add_header Strict-Transport-Security
server {
listen 80;
listen [::]:80;
server_name host.domain.tld;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name host.domain.tld;
ssl_certificate /etc/letsencrypt/live/host.domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/host.domain.tld/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_protocols TLSv1.2;
#From Cisco:
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
#From Hebers:
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
# Enables or disables emtting nginx version on error pages in the "Server" response header
server_tokens off;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_request_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /home/myname/seafile/seafile-server-latest/seahub;
}
}
Any Help really appreciated !
with kind Regards,
Michael