Nginx (SSL) -> Varnish -> Nginx (backend) - getting error on nginx config test
Hi
I'm trying to set up my server to handle a site (wordpress) with Nginx as SSL endpoint handing off to Varnish for caching and connecting to Nginx again as backend. I already have a working Nginx+php setup for the site.
When trying to change the nginx configuration in order to implement Varnish I get the following error when testing the config:
nginx: [emerg] unexpected end of file, expecting ";" or "}" in /etc/nginx/sites-enabled/mysite:203
I've tried to add a } at the end with no sucsess.
Looking at the config file over and over again I can't locate the error.
Anyone see something wrong?
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
server_name domain.net www.domain.net;
}
# HTTPS endpoint passing to varnish
#
server {
listen 443 ssl spdy;
server_name domain.net www.domain.net;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Adjust connection keepalive for SPDY and non-SPDY clients:
spdy_keepalive_timeout 300; # up from 180 secs default
keepalive_timeout 300; # up from 75 secs default
ssl on;
ssl_certificate /etc/nginx/ssl/ssl-united.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
# ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aR$
ssl_prefer_server_ciphers on;
# ssl_ecdh_curve secp521r1;
# enable SPDY header compression
spdy_headers_comp 6;
fastcgi_param HTTPS on;
location / {
# Pass the request on to Varnish.
proxy_pass http://127.0.0.1:8888;
# Pass a bunch of headers to the downstream server, so they'll know what's going on.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Most web apps can be configured to read this header and understand that the current session is actually HTTPS.
proxy_set_header X-Forwarded-Proto https;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
#backend nginx server
server {
listen 8080;
server_name domain.net www.domain.net;
root /usr/share/nginx/html;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
access_log /var/log/nginx/varnish.domain.net_access.log;
error_log /var/log/nginx/varnish.domain.net_error.log;
root html;
index index.html index.htm index.php;
##Help Googlebot etc
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Restrictions
location ~* /(?:uploads|files)/.*\.php$ {deny all;}
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
# Set expires max on static file types (make sure you are using cache busting filenames or query params):
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|eot|mp4|ogg|ogv|webm|pdf)$ {
expires max;
access_log off;
}
##SQL Buddy
location ~ /sqlbuddy/.*\.php$ {
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php5-fpm-sock;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
#General try files
location / {
try_files $uri $uri/ /index.php?$args;
}
#Error arg
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
#php
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
Log In to Comment