NGINX Config Help required

mulmer · August 8, 2018, 6:56pm

Hello Folks,

first, I know that their have been alot of threads according to NGINX config issues. But I’m not willing to understand other people’s problem in hope that they will solve mine. So I created a new topic.

I have been troubleshooting this issue now for a while, and I really wanted to figure it out by myself but it takes to long so I decided to post it to you and hope for some quick help.

The error I get from Nginx is:
nginx: [emerg] unexpected end of file, expecting “;” or “}” in /etc/nginx/sites-available/seafile_withSSL.conf:72

I’m trying to get this running for IPv4 and IPv6.
Hope you guys can point out:

the main issue
give advice for things I can remove due to being wrong, old or duplicate.
especialy the ssl_ciphers I would like to keep as few and new and best as possible but I was to afraid to touch that.

Okay enough blabla.
I must say is looks very shitty in this Forum, but here it is:

  server {    
listen 80;
listen [::]:80 ipv6only=on; 
server_name  host.domain.tld;
rewrite ^ https://$http_host$request_uri? permanent;	# force redirect http to https

# Enables or disables emtting nginx version on error pages in the "Server" response header
server_tokens off;

}

server {
listen 443 http2 ssl;
listen [::]:443 http2 ipv6only=on ssl;
server_name host.domain.tld;

	ssl_certificate /etc/letsencrypt/live/host.domain.tld/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/host.domain.tld/privkey.pem; # managed by Certbot
	#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	ssl on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:5m;

	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
	ssl_dhparam /etc/nginx/dhparam.pem;

	# secure settings (A+ at SSL Labs ssltest at time of writing)
	# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:$
	ssl_prefer_server_ciphers on;

proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }
    
location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_request_buffering off;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /home/myname/seafile/seafile-server-latest/seahub;
    }

}

grantthomas · August 8, 2018, 7:39pm

From your error message, your nginx configuration file has syntax errors.

I would look on or around line 72. Failing that, nginx documentation, irc, etc would be a concise help.

grantthomas · August 8, 2018, 7:41pm

I’ll give you a hint though. You seem to have missed closing a string on your ssl_ciphers line.

Correct that, then troubleshoot any other nginx config issues, then test your install.

jobenvil · August 8, 2018, 7:53pm

You miss a ’ on ssl_ciphers…and the dollar symbol

mulmer · August 8, 2018, 8:54pm

Thanks guys alot I look at it tomorrow and compare with online documents. Not quite sure what you mean exactly but I will figure it out. I’m sure you pointed out the right direction. Thanks so far

grantthomas · August 9, 2018, 2:32pm

To be clear.

your comment

The error I get from Nginx is:
nginx: [emerg] unexpected end of file, expecting “;” or “}” in /etc/nginx/sites-available/seafile_withSSL.conf:72

is nginx telling you it thinks the rest of the file has been deleted because it’s not seeing something on line 72.
Your file end on line 72, so that this tells you is that there’s a missing ‘something’ /before/ line 72 (where nginx thinks it should see a special character)

If you look at the ssl_ciphers line, pay attention to the single quote ( ’ ) as jobenvil poitned out.

Your error is a simple one of quoting values.
Look at a sample nginx configuration and compare it agains your ssl_ciphers line. You can find examples that use the ssl_ciphers line in many locations, so they should be readily available.

Cisco · August 9, 2018, 7:53pm

here is the configuration I use with nginx on my server

ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-CCM:AES128-CCM:AES256-CCM8:AES128-CCM8:AES256-SHA256:AES256-SHA:AES128-SHA256:AES128-SHA;";

SSL Report Qualys SSL Server Test (Powered by Qualys SSL Labs)

mulmer · August 9, 2018, 8:01pm

have you done this, like the howto describes?

Generate DH params
(this takes some time)

openssl dhparam 2048 > /etc/nginx/dhparam.pem

Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

    ssl_dhparam /etc/nginx/dhparam.pem;

not sure if its still usefull or outdated ?

additionally what ssl protocols do you use: im going for:

ssl_protocols TLSv1.2;

edit:
got things running:

I’m still far away from a finished solution but with your help: grantthomas, jobenvil, Cisco i made a big step forward.
Thanks alot

PS:
I uploaded a 1 GB test file to my Seafile (avg. 80 MB/sek) and had to wait 15 seconds on my other PC for that it noticed and downloaded (again avg. 80MB/s) the new file. is that normal?

never the less I love this f***** program

Cisco · August 10, 2018, 6:24pm

when you upload a file to your seafile server, it is split into a block of 1 to 2 MB
the bigger the file, the longer the job will take, and it all depends on the power and speed of the server. once this process finish the file can be detected and send to the other pc

When users upload files in the web interface (seahub), file server divides the file into fixed size blocks. Default blocks size for web uploaded files is 1MB. The block size can be set here.

[fileserver]
#Set block size to 2MB
fixed_block_size=2

https://manual.seafile.com/config/seafile-conf.html

the transfer speed depends on the network link between the server and the computers and also the speed of reading the hard disk. 80 MB / s corresponds to a gigabit ethernet link, even if the hard disk is faster you will be limited by ethernet link.
theoretical transfer speed for gigabit 125 MB / s

mulmer · August 10, 2018, 6:53pm

I’m aware of gigbit speed and harddisk performance. My Setup is in a VM but nevertheless I tested it with both the Seafile Client not the Webinterface.
I uploaded 10 Files in total it was 1,4 GB.

Just a bit slower that I’m used to from dropbox but nothing to really complain about.