oyvind
By:
oyvind

Nginx (SSL) -> Varnish -> Nginx (backend) - getting error on nginx config test

June 7, 2014 4.8k views
Hi I'm trying to set up my server to handle a site (wordpress) with Nginx as SSL endpoint handing off to Varnish for caching and connecting to Nginx again as backend. I already have a working Nginx+php setup for the site. When trying to change the nginx configuration in order to implement Varnish I get the following error when testing the config: nginx: [emerg] unexpected end of file, expecting ";" or "}" in /etc/nginx/sites-enabled/mysite:203 I've tried to add a } at the end with no sucsess. Looking at the config file over and over again I can't locate the error. Anyone see something wrong?
server {
            listen 80 default_server;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
            server_name domain.net www.domain.net;
       }


# HTTPS endpoint passing to varnish
#

server {
	listen 443 ssl spdy;
	server_name domain.net www.domain.net;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

	# Adjust connection keepalive for SPDY and non-SPDY clients:
    	spdy_keepalive_timeout 300; # up from 180 secs default
    	keepalive_timeout 300; # up from 75 secs default

        ssl on;
        ssl_certificate /etc/nginx/ssl/ssl-united.crt;
        ssl_certificate_key /etc/nginx/ssl/ssl.key;

#       ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aR$
        ssl_prefer_server_ciphers on;
        # ssl_ecdh_curve secp521r1;

        # enable SPDY header compression
        spdy_headers_comp 6;

	fastcgi_param HTTPS on;

	location / {
    	# Pass the request on to Varnish.
    	proxy_pass  http://127.0.0.1:8888;

    	# Pass a bunch of headers to the downstream server, so they'll know what's going on.
    	proxy_set_header Host $host;
    	proxy_set_header X-Real-IP $remote_addr;
    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    	# Most web apps can be configured to read this header and understand that the current session is actually HTTPS.
    	proxy_set_header X-Forwarded-Proto https;

    	# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
    	proxy_redirect     off;
  	}

}


	#backend nginx server
	server {
    	listen 8080;
 
    	server_name domain.net www.domain.net;
    	root /usr/share/nginx/html;
     
    	set_real_ip_from   127.0.0.1;
    	real_ip_header     X-Forwarded-For;
    	real_ip_recursive on;
 
    	access_log /var/log/nginx/varnish.domain.net_access.log;
    	error_log /var/log/nginx/varnish.domain.net_error.log;
	
	root html;
	index index.html index.htm index.php;

	##Help Googlebot etc
	location = /robots.txt {
    	allow all;
    	log_not_found off;
    	access_log off;
  	}

	## Restrictions
	location ~* /(?:uploads|files)/.*\.php$ {deny all;}

	location ~ /\. { access_log off; log_not_found off; deny all; }
	location ~ ~$ { access_log off; log_not_found off; deny all; }

	# Set expires max on static file types (make sure you are using cache busting filenames or query params):
    	location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|eot|mp4|ogg|ogv|webm|pdf)$ {
      	expires max;
      	access_log off;
    	}

	##SQL Buddy
	location ~ /sqlbuddy/.*\.php$ {
    	allow 192.168.1.0/24;
    	allow 127.0.0.1;
	deny all;
    	try_files $uri =404;
    	include fastcgi_params;
    	fastcgi_pass php5-fpm-sock;
    	fastcgi_param HTTPS on;
    	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    	fastcgi_intercept_errors on;                                     
	}


	#General try files
	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	#Error arg
	error_page 404 /404.html;
    	error_page 500 502 503 504 /50x.html;
    	location = /50x.html {
        root /usr/share/nginx/html;
    	}

	#php
    	location ~ \.php$ {
        try_files $uri =404;
	include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS on;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_intercept_errors on;
    	}
	
}
4 Answers
What does the line 203 in /etc/nginx/sites-enabled/mysite do. It is hard to say without the line numbers
The line 203 is the last line of the nginx config file for the site...

But I found the problem:
It was the ssl_ciphers not being correctly put inside " ".
Nice catch. @Vegardmeng, if you know more about nginx, then look here -- https://www.digitalocean.com/community/questions/troubles-with-mulit-node-js-on-nginx-forever-cron
I am trying to use a config similar to yours but I am having problems with varnish using the port 80. How is your config for Varnish?
Have another answer? Share your knowledge.