Another Nginx Configuration Problem

Dear Forum-Member,

I feel bad and ashame for having to ask you guys again about a Nginx problem of mine. I have been struggeling with this a while now and decided to ask you, since alot of you seem to understand Nginx quite well.
Basicly I’m building a new Server based on an running server just with different URL-Name. only difference is that I didn’t install certbot with nginx plugin. Rather I installed Nginx as guided from the official website. Then installed certbot without plugins and used the standalone Parameter to fetch the certificates. That all worked quite fine.

The Error Message is:
nginx: [emerg] unexpected "m" in /etc/nginx/conf.d/seafile.conf:24

I installed Nginx like this:
sudo apt-get install nginx

My Nginx is has the following Details:
nginx version: nginx/1.14.0
built by gcc 7.3.0 (Ubuntu 7.3.0-16ubuntu3)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments:
–prefix=/etc/nginx
–sbin-path=/usr/sbin/nginx
–modules-path=/usr/lib/nginx/modules
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–pid-path=/var/run/nginx.pid
–lock-path=/var/run/nginx.lock
–http-client-body-temp-path=/var/cache/nginx/client_temp
–http-proxy-temp-path=/var/cache/nginx/proxy_temp
–http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
–http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
–http-scgi-temp-path=/var/cache/nginx/scgi_temp
–user=nginx
–group=nginx
–with-compat
–with-file-aio
–with-threads
–with-http_addition_module
–with-http_auth_request_module
–with-http_dav_module
–with-http_flv_module
–with-http_gunzip_module
–with-http_gzip_static_module
–with-http_mp4_module
–with-http_random_index_module
–with-http_realip_module
–with-http_secure_link_module
–with-http_slice_module
–with-http_ssl_module
–with-http_stub_status_module
–with-http_sub_module
–with-http_v2_module
–with-mail
–with-mail_ssl_module
–with-stream
–with-stream_realip_module
–with-stream_ssl_module
–with-stream_ssl_preread_module
–with-cc-opt=’-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.14.0/debian/debuild-base/nginx-1.14.0=. -specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC’
–with-ld-opt=’-Wl,-Bsymbolic-functions -specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro -Wl,-z,now -Wl,–as-needed -pie’

My Nginx config looks like this:
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

#gzip  on;

include /etc/nginx/conf.d/*.conf;

}

And most important my Seafile.conf for Nginx saved at: /etc/nginx.conf.d/
line 24 is the line where i have add_header Strict-Transport-Security

server {
listen 80;
listen [::]:80;
server_name host.domain.tld;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name host.domain.tld;

    ssl_certificate /etc/letsencrypt/live/host.domain.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/host.domain.tld/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    ssl_protocols TLSv1.2;
    #From Cisco:
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
    #From Hebers:
    #ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/dhparam.pem;

    # Enables or disables emtting nginx version on error pages in the "Server" response header
    server_tokens off;

    proxy_set_header X-Forwarded-For $remote_addr;



    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_request_buffering off;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
                    root /home/myname/seafile/seafile-server-latest/seahub;
                    }

    }

Any Help really appreciated !
with kind Regards,
Michael

From what I can see semicolon is missing at the end of ssl_ciphers line.

1 Like

Karol you are my Man ! you pointed out the correct position of my dumbass copy&paste error.
Seems that copying and pasting between to nano terminals cuts off only what you see doesn’t give you the entire line. I Assume a tipical newbie mistake.

Thanks so much you saved my day !

:beers::clinking_glasses::confetti_ball::tada::weight_lifting_man:

I’m glad I could help. :slight_smile: I forget about semicolon so often, it was the first thing I checked. :wink: