Welcome! Log In Create A New Profile

Advanced

"server" directive is not allowed here error

Previous Message Next Message
Forum List Message List New Topic Print View
Dino Edwards
June 03, 2017 09:40AM
Hello,

I'm hoping someone can help me with this nginx config issue that I'm having.. I can't seem to figure out what the problem is. If I set with the a location directive "location /" it works fine. However, I seem to be having an issue with modsecurity breaking one of my applications, so I figured I split the nginx config into multiple location directives and disable modsecurity on the location with the broken application that I'm having a problem with and have it enabled on the ones that I don't have a problem with.

So, let me start off with the config that actually works below:

server {
listen 443 ssl;
server_name server.domain.tld;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
keepalive_timeout 70;

ssl_certificate /etc/nginx/ssl/domain.tld.pem;
ssl_certificate_key /etc/nginx/ssl/domain.tld.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
set_real_ip_from 192.xxx.xxx.xxx;
real_ip_header X-Real-IP;
real_ip_recursive on;
modsecurity on;

location / {
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://server.domain.tld:9080;
}

}

Unfortunately, in the config above modsecurity breaks one of my applications under the /web directory, so https://server.domain.tld:9080/web breaks.

So, I setup the following config, where I removed "modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf" from the " location /web" directive..


server {
listen 443 ssl;
server_name server.domain.tld;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
keepalive_timeout 70;

ssl_certificate /etc/nginx/ssl/domain.tld.pem;
ssl_certificate_key /etc/nginx/ssl/domain.tld.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
set_real_ip_from 192.xxx.xxx.xxx;
real_ip_header X-Real-IP;
real_ip_recursive on;
modsecurity on;

location /web {
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://server.domain.tld:9080:9080/web;
}

location /admin {
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://server.domain.tld:9080:9080/admin;
}

location /main {
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://server.domain.tld:9080:9080/main;
}

location /tasks {
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://server.domain.tld:9080:9080/tasks;
}


}


However, the configuration below gives me the following error:

[emerg] 19968#0: "server" directive is not allowed here in /usr/local/nginx/conf/sites-enabled/server.domain.tld-ssl:1

Googling the error, kept bring up results about the server directive being inside an http directive, which I don't obviously have or have a need for. I would appreciate some help on this.

Thank you



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

"server" directive is not allowed here error

Dino Edwards June 03, 2017 09:40AM

RE: "server" directive is not allowed here error

Reinis Rozitis June 03, 2017 02:22PM

RE: "server" directive is not allowed here error

Dino Edwards June 04, 2017 06:30AM

Re: "server" directive is not allowed here error

Anoop Alias June 04, 2017 06:32AM

Re: "server" directive is not allowed here error

Jim Ohlstein June 04, 2017 06:38AM

RE: "server" directive is not allowed here error

Reinis Rozitis June 04, 2017 07:42AM

Re: "server" directive is not allowed here error

pbooth June 04, 2017 09:00AM

Re: "server" directive is not allowed here error

oscaretu . June 04, 2017 09:10AM

Re: "server" directive is not allowed here error

Anoop Alias June 04, 2017 09:16AM

RE: "server" directive is not allowed here error

Reinis Rozitis June 04, 2017 09:46AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

itpp2012
Guests: 131
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready