Question

Nginx (SSL) -> Varnish -> Nginx (backend) - getting error on nginx config test

  • Posted on June 7, 2014
  • oyvindAsked by oyvind

Hi

I’m trying to set up my server to handle a site (wordpress) with Nginx as SSL endpoint handing off to Varnish for caching and connecting to Nginx again as backend. I already have a working Nginx+php setup for the site.

When trying to change the nginx configuration in order to implement Varnish I get the following error when testing the config: nginx: [emerg] unexpected end of file, expecting “;” or “}” in /etc/nginx/sites-enabled/mysite:203

I’ve tried to add a } at the end with no sucsess. Looking at the config file over and over again I can’t locate the error.

Anyone see something wrong? <pre> server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; return 301 https://$host$request_uri; server_name domain.net www.domain.net; }

HTTPS endpoint passing to varnish

server { listen 443 ssl spdy; server_name domain.net www.domain.net; add_header Strict-Transport-Security “max-age=31536000; includeSubDomains”;

# Adjust connection keepalive for SPDY and non-SPDY clients:
	spdy_keepalive_timeout 300; # up from 180 secs default
	keepalive_timeout 300; # up from 75 secs default

    ssl on;
    ssl_certificate /etc/nginx/ssl/ssl-united.crt;
    ssl_certificate_key /etc/nginx/ssl/ssl.key;

ssl_session_timeout 5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aR$
    ssl_prefer_server_ciphers on;
    # ssl_ecdh_curve secp521r1;

    # enable SPDY header compression
    spdy_headers_comp 6;

fastcgi_param HTTPS on;

location / {
	# Pass the request on to Varnish.
	proxy_pass  http://127.0.0.1:8888;

	# Pass a bunch of headers to the downstream server, so they'll know what's going on.
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	# Most web apps can be configured to read this header and understand that the current session is actually HTTPS.
	proxy_set_header X-Forwarded-Proto https;

	# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
	proxy_redirect     off;
}

}

#backend nginx server
server {
	listen 8080;

	server_name domain.net www.domain.net;
	root /usr/share/nginx/html;
 
	set_real_ip_from   127.0.0.1;
	real_ip_header     X-Forwarded-For;
	real_ip_recursive on;

	access_log /var/log/nginx/varnish.domain.net_access.log;
	error_log /var/log/nginx/varnish.domain.net_error.log;

root html;
index index.html index.htm index.php;

##Help Googlebot etc
location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
}

## Restrictions
location ~* /(?:uploads|files)/.*\.php$ {deny all;}

location ~ /\. { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }

# Set expires max on static file types (make sure you are using cache busting filenames or query params):
	location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|eot|mp4|ogg|ogv|webm|pdf)$ {
  	expires max;
  	access_log off;
	}

##SQL Buddy
location ~ /sqlbuddy/.*\.php$ {
	allow 192.168.1.0/24;
	allow 127.0.0.1;
deny all;
	try_files $uri =404;
	include fastcgi_params;
	fastcgi_pass php5-fpm-sock;
	fastcgi_param HTTPS on;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_intercept_errors on;                                     
}


#General try files
location / {
	try_files $uri $uri/ /index.php?$args;
}

#Error arg
error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
    root /usr/share/nginx/html;
	}

#php
	location ~ \.php$ {
    try_files $uri =404;
include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
	}

} </pre>


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I am trying to use a config similar to yours but I am having problems with varnish using the port 80. How is your config for Varnish?

The line 203 is the last line of the nginx config file for the site… <br> <br>But I found the problem: <br>It was the ssl_ciphers not being correctly put inside " ".