"server" directive is not allowed here error

Dino Edwards dino.edwards at mydirectmail.net
Sat Jun 3 13:38:11 UTC 2017 

Hello,

I'm hoping someone can help me with this nginx config issue that I'm having. I can't seem to figure out what the problem is. If I set  with the a location directive "location /" it works fine. However, I seem to be having an issue with modsecurity breaking one of my applications, so I figured I split the nginx config into multiple location directives and disable modsecurity on the location with the broken application that I'm having a problem with and have it enabled on the ones that I don't have a problem with.

So, let me start off with the config that actually works below:

server {
        listen              443 ssl;
        server_name         server.domain.tld;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        keepalive_timeout   70;

        ssl_certificate     /etc/nginx/ssl/domain.tld.pem;
        ssl_certificate_key /etc/nginx/ssl/domain.tld.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        client_max_body_size 4G;
        set_real_ip_from 192.xxx.xxx.xxx;
        real_ip_header X-Real-IP;
        real_ip_recursive on;
        modsecurity on;

location / {
  modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
  proxy_connect_timeout       3600;
  proxy_send_timeout          3600;
  proxy_read_timeout          3600;
  send_timeout                3600;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass https://server.domain.tld:9080;
}

}

Unfortunately, in the config above modsecurity breaks one of my applications under the /web directory, so https://server.domain.tld:9080/web breaks.

So, I setup the following config, where I removed  "modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf" from the " location /web" directive.


server {
        listen              443 ssl;
        server_name         server.domain.tld;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        keepalive_timeout   70;

        ssl_certificate     /etc/nginx/ssl/domain.tld.pem;
        ssl_certificate_key /etc/nginx/ssl/domain.tld.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        client_max_body_size 4G;
        set_real_ip_from 192.xxx.xxx.xxx;
        real_ip_header X-Real-IP;
        real_ip_recursive on;
        modsecurity on;

location /web {
  proxy_connect_timeout       3600;
  proxy_send_timeout          3600;
  proxy_read_timeout          3600;
  send_timeout                3600;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass https://server.domain.tld:9080:9080/web;
}

location /admin {
  modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
  proxy_connect_timeout       3600;
  proxy_send_timeout          3600;
  proxy_read_timeout          3600;
  send_timeout                3600;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass https://server.domain.tld:9080:9080/admin;
}

location /main {
  modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
  proxy_connect_timeout       3600;
  proxy_send_timeout          3600;
  proxy_read_timeout          3600;
  send_timeout                3600;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass https://server.domain.tld:9080:9080/main;
}

location /tasks {
  modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
  proxy_connect_timeout       3600;
  proxy_send_timeout          3600;
  proxy_read_timeout          3600;
  send_timeout                3600;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass https://server.domain.tld:9080:9080/tasks;
}


}


However, the configuration below gives me the following error:

[emerg] 19968#0: "server" directive is not allowed here in /usr/local/nginx/conf/sites-enabled/server.domain.tld-ssl:1

Googling the error, kept bring up results about the server directive being inside an http directive, which I don't obviously have or have a need for. I would appreciate some help on this.

Thank you



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170603/87601430/attachment.html>

More information about the nginx mailing list