nginx.conf file

[Brad Scarborough]

Hi all,

I've set up my seafile server yesterday and it's been very smooth so far, however I want to upload large files (10 - 15GB) and was getting a time_out error 

So I've followed this guide:

http://www.nginxtips.com/504-gateway-time-out-using-nginx/

Then I recieved a Bad_Request error so I'm guessing this has something to do with nginx.conf file 

and found some examples of the nginx.conf file but I wanted to make sure this is correct before restarting nginx

Here's my .conf file

2.2.6              File: nginx.conf

#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

#

#       # auth_http localhost/auth.php;

#       # pop3_capabilities "TOP" "USER";

#       # imap_capabilities "IMAP4rev1" "UIDPLUS";

#

#       server {

#               listen     localhost:110;

#               protocol   pop3;

#               proxy      on;

#       }

#

#       server {

#               listen     localhost:143;

#               protocol   imap;

#               proxy      on;

#       }

#}

My seafile install is found in /home/pi/seafile_installer/seafile-server-3.0.4 this is where I find seahub file and seafile

Really appreciate your help here, thanks,

[Brad Scarborough]

Oops here's my actual full nginx.conf

##
        # nginx-passenger config
        ##
        # Uncomment it if you installed nginx-passenger
        ##

        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        fastcgi_cache  one;
        fastcgi_cache_min_uses 3;
        fastcgi_cache_valid 200 301 302 304 5m;
        fastcgi_cache_key "$request_method|$host|$request_uri";
        fastcgi_param       SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_ignore_client_abort     off;

        client_header_timeout 3000;
        client_body_timeout 3000;
        fastcgi_read_timeout 3000;
        client_max_body_size 0;
        fastcgi_buffers 8 128k;
        fastcgi_buffer_size 128k;
}


    location /seafile {
            fastcgi_pass    127.0.0.1:8000;
            fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
            fastcgi_param   PATH_INFO      $fastcgi_script_name;
            fastcgi_param   SERVER_PROTOCOL    $server_protocol;
            fastcgi_param   QUERY_STRING          $query_string;
            fastcgi_param   REQUEST_METHOD      $request_method;
            fastcgi_param   CONTENT_TYPE          $content_type;
            fastcgi_param   CONTENT_LENGTH      $content_length;
            fastcgi_param   SERVER_ADDR            $server_addr;
            fastcgi_param   SERVER_PORT            $server_port;
            fastcgi_param   SERVER_NAME            $server_name;
            fastcgi_param   HTTPS                            on;

        location /media {
                    rewrite ^/seafile/media(.*)$ /media$1 break;
                    root /home/pi/seafile_installer/seafile-server-3.0.4/seahub;
            expires +30d;
            add_header Cache-Control public;
            }

            location /seafile/http {
                    rewrite ^/seafile/http(.*)$ $1 break;
                    proxy_pass http://127.0.0.1:8082;
                    client_max_body_size 0;
                    proxy_max_temp_file_size 0;
            }
    }

}

#mail {
#       # See sample authentication script at:

[Brad Scarborough]

My Windows client has stopped working now - 'Failed to libraries information. Please try again'

I'm guessing this is something to do with it

On Monday, 21 July 2014 14:54:15 UTC+1, Brad Scarborough wrote:

[Shuai Lin]

Please paste the content of these files:

- ccnet/ccnet.conf
- seafile-data/seafile.conf
- seahub_settings.py

> --
> You received this message because you are subscribed to the Google Groups
> "seafile" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to seafile+u...@googlegroups.com.
> To post to this group, send email to sea...@googlegroups.com.
> Visit this group at http://groups.google.com/group/seafile.
> For more options, visit https://groups.google.com/d/optout.

[Brad Scarborough]

My ccnet.conf file:

  GNU nano 2.2.6              File: ccnet.conf

[General]
USER_NAME = tr0n
ID = 3f8a452d72fed0dd4d39431b970af644fbfc064a
NAME = s33d
SERVICE_URL = https://tr0n.dnsdynamic.net:8001

[Network]
PORT = 10001

[Client]
PORT = 13418

seafile.conf

  GNU nano 2.2.6             File: seafile.conf

[network]
port=12001

[httpserver]
port=8082

seahub_settings.py

  GNU nano 2.2.6           File: seahub_settings.py

SECRET_KEY = "ykvbfDe4aUl-c1MxuBjSpA=="
HTTP_SERVER_ROOT = 'https://tr0n.dnsdynamic.net:8001/seafhttp'

[Brad Scarborough]

This is the error after sudo service nginx start

sudo service nginx start
Starting nginx: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/nginx.conf:74
nginx: configuration file /etc/nginx/nginx.conf test failed
Starting nginx: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/nginx.conf:74

On Monday, 21 July 2014 14:54:15 UTC+1, Brad Scarborough wrote:

[Shuai Lin]

1. The block "location /media" should be be nested inside the block "location /seafile" , that's where the nginx error log comes from.

2. The value of HTTP_SERVER_ROOT is set to  'https://tr0n.dnsdynamic.net:8001/seafhttp' in seahub_settings.py, but from the nginx conf I think it should be "https://tr0n.dnsdynamic.net:8001/seafile/http"

--

[Brad Scarborough]

Okay thank you I changed to:

http://gyazo.com/f34bb72abaf9dc6c415d86366b88ef89

But still get this error:

sudo service nginx start
Starting nginx: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/nginx.conf:74
nginx: configuration file /etc/nginx/nginx.conf test failed

On Monday, 21 July 2014 14:54:15 UTC+1, Brad Scarborough wrote:

[Shuai Lin]

The error message says there is an error in /etc/ngninx/nginx.conf, line 74. What's the full content of nginx.conf file?

--

[Brad Scarborough]

I have edited the file it looks like this now...

/etc/nginx/nginx.conf

        ##
        # nginx-passenger config
        ##
        # Uncomment it if you installed nginx-passenger
        ##

        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d

/*.conf;
        include /etc/nginx/sites-enabled/*;

http {

location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        fastcgi_cache  one;
        fastcgi_cache_min_uses 3;
        fastcgi_cache_valid 200 301 302 304 5m;
        fastcgi_cache_key "$request_method|$host|$request_uri";
        fastcgi_param       SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_ignore_client_abort     off;

        client_header_timeout 3000;
        client_body_timeout 3000;
        fastcgi_read_timeout 3000;
        client_max_body_size 0;
        fastcgi_buffers 8 128k;
        fastcgi_buffer_size 128k;

server {
    listen 80;
    server_name tr0n.dnsdynamic.net:8001;
    rewrite ^/(.*) https://$server_name/$1 permanent;   # force redirect http to https
}

server {
    listen 443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/seahub.crt;
    ssl_certificate_key /etc/nginx/ssl/seahub.key;
    server_name tr0n.dnsdynamic.net:8001

    location / {

        fastcgi_pass    127.0.0.1:8000;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;

        fastcgi_param   HTTPS on;

        fastcgi_param   HTTP_SCHEME https;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;

    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;

        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
    }

    location /media {
        root /home/pi/seafile_installer/seafile-server-latest/seahub;
    }
  }

}

[Brad Scarborough]

Now when I start nginx service I get this error:


Starting nginx: nginx: [emerg] unknown directive "server" in /etc/nginx/sites-enabled/default:20

nginx: configuration file /etc/nginx/nginx.conf test failed

the default file looks like this:

server {
        #listen   80; ## listen for ipv4; this line is default and implied
        #listen   [::]:80 default_server ipv6only=on; ## listen for ipv6

        root /usr/share/nginx/www;
        index index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.html;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                allow ::1;
                deny all;
        }

        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        #location /RequestDenied {
        #       proxy_pass http://127.0.0.1:8080;
        #}

        #error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page 500 502 503 504 /50x.html;
        #location = /50x.html {
        #       root /usr/share/nginx/www;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php5-fpm:
        #       fastcgi_pass unix:/var/run/php5-fpm.sock;
        #       fastcgi_index index.php;
        #       include fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1;

        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php5-fpm:
        #       fastcgi_pass unix:/var/run/php5-fpm.sock;
        #       fastcgi_index index.php;
        #       include fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1;
#       ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}
Enter code here...

[Florian Diepold]

Do you still have the line 74 Error? I havent seen any issues there but in line 50, behind the:

server_name tr0n.dnsdynamic.net:8001

must be a ";" like this:

server_name tr0n.dnsdynamic.net:8001; 

[Florian Diepold]

That was for the nginx.conf...

And in your /etc/nginx/sites-enabled/default file, it looks like there is a "}" too much its around line 118 or below....between the commented HTTPS servers there is one } without a hashtag in frint of it, put one # in front and try again.

[Brad Scarborough]

Hi Florian

Yes I am having some issues to get this working still. I want to use fast-cgi, php5-fqm and HTTPS in conjunction with seafile. I think I have set up seafile to use port 8001 and nginx is using port 8000


Here's my /sites-enabled/default file presently:

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

I have looked in /usr/share/doc/nginx-doc/examples/ but this is not there.

Currently when I run 'sudo service nginx start' I get

[Florian Diepold]

As i said before, in your /etc/nginx/sites-enabled/default ...line 138 there seems to be an unnessesary bracket } delete it or put a # in front of it then try to restart nginx again.

Also make sure, that you fixed your nginx.conf by putting the missing semicolon behind "server_name tr0n.dnsdynamic.net:8001" in the server {             listen 443;  part of the config file.

[Brad Scarborough]

Hi Florian

Thanks for your tip but I'm still getting:

Starting nginx: nginx: [emerg] unknown directive "server" in /etc/nginx/sites-enabled/

default:20
nginx: configuration file /etc/nginx/nginx.conf test failed

[Florian Diepold]

Okay,

then take a look at your nginx.conf again...seems like you inserted some stuff in the wrong places and malformatted it a bit.

The nginx.conf you posted is it the complete file? cause it looks like there is something missing in the beginning and sth. in the end. But for now try following:

Do you see the lines

        include /etc/nginx/conf.d/*.conf;

        include /etc/nginx/sites-enabled/*;

they are malformatted in your conf.

Aaaand just below that there it the

http  { 

the above mentioned include lines have to be inside (below) the http { thats why he doesnt recognize the server directive.

If there is still an error after that, plz post the whole nginx.conf.

P.S. I'm not a pro or seafile employee so there is no guarantee ;-)

On Monday, July 28, 2014 3:19:58 PM UTC+2, Brad Scarborough wrote:

Hi Florian

[Brad Scarborough]

Hi again Florian - no problem I am grateful for your help here! Thank you, my nginx.conf currently in full:

http {

location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        fastcgi_cache  one;
        fastcgi_cache_min_uses 3;
        fastcgi_cache_valid 200 301 302 304 5m;
        fastcgi_cache_key "$request_method|$host|$request_uri";
        fastcgi_param       SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_ignore_client_abort     off;

        client_header_timeout 3000;
        client_body_timeout 3000;
        fastcgi_read_timeout 3000;
        client_max_body_size 0;
        fastcgi_buffers 8 128k;
        fastcgi_buffer_size 128k;

       include /etc/nginx/conf.d/*.conf;
       include /etc/nginx/sites-enabled/*;

Now when I run sudo service nginx start I get:

Restarting nginx: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/nginx.conf:18

[Florian Diepold]

Yeah, I'm not sure about that "location ~ \.php$" directive, did you add that? looks like thats just some standard nginx stuff. Try to comment it out or remove it temporarily....everything untill you reach the include /etc/nginx/conf.d line. Keep this line and all following ones.

But try to find some standard nginx.conf file for someone who used it for seafile....i think there was even one standard one in the seafile wiki somewhere. I think it was under deploy seafile with nginx (but not the HTTPS version).

I'm gonna add my anonymized nginx.conf but it's a little bit messy and i did some additional stuff to improve the SSL connections and encryption so i'd not recommend you to copy it until you know what the stuff does but maybe you can see what belongs where.

user www-data;

worker_processes 4;

pid /var/run/nginx.pid;

events {

worker_connections 768;

# multi_accept on;

}

http {

#ssl_dhparam /etc/ssl/certs/dhparam.pem;

## nginx hardening

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

## SSL stapling

#ssl_stapling on;

#ssl_stapling_verify on;

#ssl_trusted_certificate /path/to/certificate/ssl.crt;

#resolver 8.8.8.8 8.8.4.4 valid=300s;

#resolver_timeout 10s;

##

# Basic Settings

##

sendfile on;

tcp_nopush on;

tcp_nodelay on;

##some SSL performance tuning

keepalive_timeout 70;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 10m;

types_hash_max_size 2048;

server_tokens off; #sending no detailed nginx version info out

# server_names_hash_bucket_size 64;

# server_name_in_redirect off;

include /etc/nginx/mime.types;

default_type application/octet-stream;

##

# Logging Settings

##

access_log /var/log/nginx/access.log;

error_log /var/log/nginx/error.log;

##

# Gzip Settings

##

gzip on;

gzip_disable "msie6";

# gzip_vary on;

# gzip_proxied any;

# gzip_comp_level 6;

# gzip_buffers 16 8k;

# gzip_http_version 1.1;

# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

##

# nginx-naxsi config

##

# Uncomment it if you installed nginx-naxsi

##

#include /etc/nginx/naxsi_core.rules;

##

# nginx-passenger config

##

# Uncomment it if you installed nginx-passenger

##

#passenger_root /usr;

#passenger_ruby /usr/bin/ruby;

##

# Virtual Host Configs

##

include /etc/nginx/conf.d/*.conf;

include /etc/nginx/sites-enabled/*;

server {

   listen 80;

   server_name <yourservername>;

   ## send all http requests automatically to https and make browser cache that decision for one year

   add_header "Cache-Control" "public, max-age=31536000";

   rewrite ^ https://<yourservername>$request_uri? permanent; # force redirect http to https

   }

  server {

      listen 443;

      ssl on;

      ssl_certificate /<some_directory>/cacert.pem;           # path to your cacert.pem

      ssl_certificate_key /<somedirectory>/privkey.pem;       # path to your privkey.pem

     

add_header Strict-Transport-Security max-age=31536000; #enable HFTS

ssl_dhparam /etc/ssl/certs/dhparam.pem;   #enable stronger DHE

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #allow only TLS enrcyption

## allow only specific cipher suites and disallow RC4 etc.

ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

## make the server chiphers default

ssl_prefer_server_ciphers on;

server_name <yourservername>;

      location / {

 fastcgi_pass    127.0.0.1:8000;

          fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;

          fastcgi_param   PATH_INFO           $fastcgi_script_name;

          fastcgi_param   SERVER_PROTOCOL       $server_protocol;

          fastcgi_param   QUERY_STRING        $query_string;

          fastcgi_param   REQUEST_METHOD      $request_method;

          fastcgi_param   CONTENT_TYPE        $content_type;

          fastcgi_param   CONTENT_LENGTH      $content_length;

          fastcgi_param   SERVER_ADDR         $server_addr;

          fastcgi_param   SERVER_PORT         $server_port;

          fastcgi_param   SERVER_NAME         $server_name;

          fastcgi_param   HTTPS               on;

          fastcgi_param   HTTP_SCHEME         https;

          access_log      /var/log/nginx/seahub.access.log;

            error_log       /var/log/nginx/seahub.error.log;

      }

          location /seafhttp {

                rewrite ^/seafhttp(.*)$ $1 break;

                proxy_pass http://127.0.0.1:8082;

                client_max_body_size 0;

                }

          location /media {

                 root /home/<yourusername>/seafile/seafile-server-latest/seahub;

                 }

        }

}

#mail {

# # See sample authentication script at:

# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# 

# # auth_http localhost/auth.php;

# # pop3_capabilities "TOP" "USER";

# # imap_capabilities "IMAP4rev1" "UIDPLUS";

# 

# server {

# listen     localhost:110;

# protocol   pop3;

# proxy      on;

# }

# 

# server {

# listen     localhost:143;

# protocol   imap;

# proxy      on;

# }

#}