nginx: [emerg] “listen” directive is not allowed here in /etc/nginx/sites-enabled/default:80

I have encountered the following error.

Apr 22 02:06:56 ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server... Apr 22 02:06:56 ubuntu nginx[3380]: nginx: [emerg] "listen" directive is not allowed here in /etc/nginx/sites-enabled/default:80 Apr 22 02:06:56 ubuntu nginx[3380]: nginx: configuration file /etc/nginx/nginx.conf test failed Apr 22 02:06:56 ubuntu systemd[1]: nginx.service: Control process exited, code=exited status=1 Apr 22 02:06:56 ubuntu systemd[1]: nginx.service: Failed with result 'exit-code'. Apr 22 02:06:56 ubuntu systemd[1]: Failed to start A high performance web server and a reverse proxy server. 

This is my nginx.conf file:

user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;  events {         worker_connections 768;         # multi_acHTTP on; }  http {      ##     # Basic Settings     ##      sendfile on;     tcp_nopush on;     tcp_nodelay on;     keepalive_timeout 65;     types_hash_max_size 2048;     # server_tokens off;      # server_names_hash_bucket_size 64;     # server_name_in_redirect off;      include /etc/nginx/mime.types;     default_type application/octet-stream;      ##     # SSL Settings     ##      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE     ssl_prefer_server_ciphers on;      ##     # Logging Settings     ##      access_log /var/log/nginx/access.log;     error_log /var/log/nginx/error.log;      ##     # Gzip Settings     ##      gzip on;      ##     # Virtual Host Configs     ##      include /etc/nginx/conf.d/*.conf;     include /etc/nginx/sites-enabled/*; } 

What’s wrong with this?

How do I proxy a docker container with nginx running on the host?

I have nginx running on the host, and a program I want to proxy running in a docker container. How do I configure nginx to redirect traffic from a specific subdomain to that container? I can’t find any examples for that setup, only both on the host or both in docker containers. I’ve used proxy_pass before, but only for both on the host.

Setting up automatic server blocks with nginx for MacOS

I been trying to set up an environment locally on MacOS that allows me to add a new project folder to /var/www/ it will take the project name as the hostname and serve that to port 80 proxied through port 5000.

Currently, going to localhost in a browser goes to the welcome nginx hello default page, but when I try to go to testsite.local.dev I get a connection refusal from the browser ERR_CONNECTION_REFUSED

Here is my nginx.conf and my wildcard.conf config files:

nginx.conf

user <user> staff; worker_processes 1; error_log /var/log/nginx.error.log;  error_log /var/log/nginx.error.log notice; error_log /var/log/nginx.error.log info; pid /var/tmp/nginx.pid; events {    worker_connections 128;  }  http {    include mime.types;    default_type application/octet-stream;   #log_format main '$  remote_addr - $  remote_user [$  time_local] "$  request" ' # '$  status $  body_bytes_sent "$  http_referer" ' # '"$  http_user_agent" "$  http_x_forwarded_for"';   #access_log /var/log/nginx.access.log main;   sendfile on;   #tcp_nopush on;   #keepalive_timeout 0;   keepalive_timeout 65;   #gzip on;   server {      server_name localhost;       #access_log /var/log/nginx.localhost.access.log main;       #error_page 404 /404.html;     # redirect server error pages to the static page /50x.html      error_page 500 502 503 504 /50x.html;      location = /50x.html {          root html;      }      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000     location ~ \.php$   {          try_files $  uri =404;         fastcgi_split_path_info ^(.+\.php)(/.+)$  ;         fastcgi_pass 127.0.0.1:9000;          fastcgi_index index.php;          fastcgi_param SCRIPT_FILENAME $  document_root$  fastcgi_script_name;          fastcgi_buffers 256 128k;          fastcgi_connect_timeout 300s;          fastcgi_send_timeout 300s;          fastcgi_read_timeout 300s;          include fastcgi_params;      }     # deny access to .htaccess files, if Apache's document root      # concurs with nginx's one     location ~ /\.ht {       deny all;      }    }    proxy_buffer_size   128k;   proxy_buffers   4 256k;   proxy_busy_buffers_size   256k;    include /usr/local/etc/nginx/sites-available/*.conf; } 

wildcard.conf

server {   listen 80;   server_name ~^(?<sname>.+)$  ;   root /var/www/$  sname/html/;    index index.html index.htm index.php;    charset utf-8;    location / {     try_files $  uri $  uri/ /index.php?$  query_string;     proxy_pass         http://127.0.0.1:5000;   }    location = /favicon.ico { access_log off; log_not_found off; }   location = /robots.txt  { access_log off; log_not_found off; }    access_log /var/log/nginx/$  sname-access.log;    error_page 404 /index.php;    sendfile off;    location ~ \.php$   {     fastcgi_split_path_info ^(.+\.php)(/.+)$  ;     fastcgi_pass unix:/var/run/php5-fpm.sock;     fastcgi_index index.php;     include fastcgi_params;   }    location ~ /\.ht {     deny all;   } } 

How to route the first URI segment (after first slash) using NGINX as a reverse-proxy?

I’m trying to construct an architecture/infrastructure on Amazon Web Services. Today I have an EC2 working like a gateway, with NGINX on the background. Btw, I’m new with NGINX.

The last week I had this NGINX config file:

server {     listen 80;      # I put * for hide the real domain name     server_name ******.com.ar www.******.com.ar;      location / {          proxy_set_header   X-Forwarded-For $  remote_addr;          proxy_set_header   Host $  http_host;          proxy_pass         "http://private.ip.1:80/";     } } 

And it worked great! When I go to www.domain.com, I get a redirect to private ip 1 on port 80.

But, nowdays, I need to adjust the config file a bit.

1) First, I need to redirect some paths to private ip 1 (ex. /company, /portfolio, /services, /contact and subsequences: /company/ourvision, /services/software, /contact/workwithus)

2) And if none of the before paths get a match, I need to get the first URI segment as a wildcard (ex. http://domain.com.ar/*) matching only this characters: A-z0-9._ and send to private ip 2 on port 3000, also I need sending the wildcard word too (ex. http://private.ip.2:3000/wildcard-word)

I was only trying to success on my second point, but I couldn’t deal with it.

server {     listen 80;     server_name ******.com.ar www.******.com.ar;      location / {         proxy_set_header   X-Forwarded-For $  remote_addr;         proxy_set_header   Host $  http_host;         proxy_pass         "http://private.ip.1:80/";     }      location ~ ^/(.*)/?$   {          proxy_set_header   X-Forwarded-For $  remote_addr;         proxy_set_header   Host $  http_host;         proxy_pass         "http://private.ip.2:3000/$  1";     } } 

But this isn’t working. When I go to http://example.com I go directly to the private ip 2 on port 3000. Btw, in another scenario, I get the follow error when I use the nginx -t command: “proxy_pass” cannot have URI part in location given by regular expression, or inside named location

So, can anyone help this noob to solve his problem? Thanks in advance. I will let the links that I was reading below:

  • nginx rule for wildcard url
  • nginx location based on uri path
  • How to do URL Redirects with Nginx
  • How to rewrite URI nginx reverse proxy using proxy_pass?
  • Understanding Nginx Server and Location Blocks (DigitalOcean)

OpenVPN behind Nginx reverse proxy

I have an OpenVPN server on a machine that can only be connected to via IPv6, due to my ISP being not too generous with IPv4 addresses.

To resolve this issue, I created a DigitalOcean droplet, installed Nginx on it, with the purpose that I’ll use the droplet to forward any incoming IPv4 traffic to the aforementioned server through IPv6.

I know that the connection between the DO droplet and my server is fine, because I could connect to my home server via SSH and OpenVPN as well from the droplet. My problem is, whenever I’m trying to connect to the home VPN from anywhere, through the DO droplet (as originally planned), it seems like the connection gets lost somewhere, according to the OpenVPN client log Sat Apr 20 23:03:02 2019 read UDP: Unknown error (code=10054).

I also know that the connection between the desired vpn client and the droplet is working, because I can SSH into the droplet machine from that. I also checked the firewall ports and the required port is open with the required protocol.

So in theory, both part of the connection should be fine, but I still get the network connectivity error. I tried lots of different ways to configure nginx, but none seems to work.

TL;DR

I’d like to use a tunnel to forward my IPv4 requests to a server accessible from IPv6 only, but I connection is lost somewhere on the way.

My Nginx config:

stream{     upstream backend {         server [2a02:ab88:5081:7e00:b4b6:fef2:5742:b12f]:1194;     }      server {             listen 1194 udp;             proxy_pass backend;     } } 

nginx gunicorn django 502 worker timeout just on some pages

I configured a django app with gunicorn and nginx all was working perfectly until the installation of SSL certifiate on the server. firstly all pages were served perfectly but after some time some pages were showing 502 Bad gateway while others are still working nicely.

I am not trying to upload a big file or to call a page that has a big loading time. the page should be served instantly. I tried everything but cant find the problem.maybe its a configuration error. Please if you can help me

The error was in error.log of gunicorn

[2019-04-20 14:38:24 +0200] [14828] [CRITICAL] WORKER TIMEOUT (pid:21460) [2019-04-20 12:38:24 +0000] [21460] [INFO] Worker exiting (pid: 21460) [2019-04-20 14:38:24 +0200] [21500] [INFO] Booting worker with pid: 21500 

this is my gunicorn configuration

import multiprocessing  timeout = 120 bind = 'unix:/tmp/gunicorn.sock' workers = multiprocessing.cpu_count() * 2 + 1 reload = True daemon = True accesslog = './access.log' errorlog = './error.log' 

nginx config

user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;  events {         worker_connections 1024;         # multi_accept on; }  http {         fastcgi_buffers 8 16k;         fastcgi_buffer_size 32k;         fastcgi_connect_timeout 300;         fastcgi_send_timeout 300;         fastcgi_read_timeout 300;         ##     # Basic Settings     ##      sendfile on;     tcp_nopush on;     tcp_nodelay on;     keepalive_timeout 65;     types_hash_max_size 2048;     # server_tokens off;      # server_names_hash_bucket_size 64;     # server_name_in_redirect off;      include /etc/nginx/mime.types;     default_type application/octet-stream;      ##     # SSL Settings     ##      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE     ssl_prefer_server_ciphers on;      ##     # Logging Settings     ##      access_log /var/log/nginx/access.log;     error_log /var/log/nginx/error.log;      ##     # Gzip Settings     ##      gzip on;      # gzip_vary on;     # gzip_proxied any;     # gzip_comp_level 6;     # gzip_buffers 16 8k;     # gzip_http_version 1.1;     # gzip_buffers 16 8k;     # gzip_http_version 1.1;     # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;      ##     # Virtual Host Configs     ##      include /etc/nginx/conf.d/*.conf;     include /etc/nginx/sites-enabled/*; }   #mail { #       # See sample authentication script at: #       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # #       # auth_http localhost/auth.php; #       # pop3_capabilities "TOP" "USER"; #       # imap_capabilities "IMAP4rev1" "UIDPLUS"; # #       server { #               listen     localhost:110; #               protocol   pop3; #               proxy      on; #       } # #       server { #               listen     localhost:143; #               protocol   imap; #               proxy      on; #       } #} 

/etc/nginx/sites-available/example

upstream your-gunicorn {   server unix:/tmp/gunicorn.sock fail_timeout=0; }  # Catch all requests with an invalid HOST header  server {     server_name "";     listen      80;     return      444; }  server {   listen 80;   server_name example.com www.example.com;   return 301 https://www.example.com$  request_uri; }  server {   listen 443 default ssl;   server_name example.com www.example.com;    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;    client_max_body_size 4G;   keepalive_timeout 70;    access_log /var/log/nginx/example.access_log;   error_log /var/log/nginx/example.error_log warn;    root /var/www/django_projects/example;    location /static/ {     autoindex off;     alias /var/www/django_projects/example/static/;     expires 1M;     access_log off;     add_header Cache-Control "public";     proxy_ignore_headers "Set-Cookie";   }    location @proxy_to_app {     proxy_set_header Host $  host;      proxy_set_header X-Real-IP $  remote_addr;      proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for;      proxy_set_header X-Forwarded-Proto $  scheme;      proxy_pass http://your-gunicorn;      proxy_read_timeout 90;      proxy_redirect http://your-gunicorn https://example.com;   }    location / {     try_files $  uri @proxy_to_app;   }    location /.well-known/acme-challenge/ {     root /var/www/django_projects/example/static/;   }  } 

Nginx peerjs server returns cors error when trying to acess peerserver port

I’m having an issue with a library called peerjs Which worked on my localhost testing server, but had some growing pains working with nginx reverse proxies. Here are some things I did, but I’m still getting a CORS error when trying to access the peerjs server.

  • used “ufw allow 8696″(the port that peerserver uses)
  • used the CORS library with my nodejs server, as recommended by a different stackoverflow post*
  • Altered my nginx config to allow CORS on all paths**

You can see the error yourself at https://jakesandbox.com/ChatPal I’m wondering if there is any way to make my nodejs applications work exactly as they do on my local computer as they do on my server. p.s. I will include any information I neglected to include

*

var path = require('path'); var express = require('express'); var ExpressPeerServer = require('peer').ExpressPeerServer; var routes = require('./routes'); var app = express(); var cors = require('cors'); app.use(cors()); app.set('views', path.join(__dirname, 'views')); app.set('view engine', 'ejs'); app.use(express.static(path.join(__dirname, 'public'))); app.use('/', routes); var server = require('http').createServer(app); var peerserver = ExpressPeerServer(server); app.use('/ChatPal/cpl', peerserver); server.listen(8696); app.listen(6767); console.log('Listening on 6767'); 

**

 set $  cors_origin ""; set $  cors_cred   ""; set $  cors_header ""; set $  cors_method "";  if ($  http_origin ~ '^https?://(localhost|jakesandbox.com\.com)$  ') {         set $  cors_origin $  http_origin;         set $  cors_cred   true;         set $  cors_header $  http_access_control_request_headers;         set $  cors_method $  http_access_control_request_method; }  add_header Access-Control-Allow-Origin      $  cors_origin; add_header Access-Control-Allow-Credentials $  cors_cred; add_header Access-Control-Allow-Headers     $  cors_header; add_header Access-Control-Allow-Methods     $  cors_method; 

nginx will not use apache2 as a proxy

Error Log:

2019/04/20 14:42:12 [error] 13387#13387: *107 connect() failed (111: Connection refused) while connecting to upstream, client: 94.174.93.252, server: dev.exoscape.co.uk, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "dev.exoscape.co.uk", referrer:  "https://dev.exoscape.co.uk/" 

Server Configuration:

server {    server_name dev.exoscape.co.uk;    location / {       proxy_pass http://localhost:8080/;   }      listen 443 ssl; # managed by Certbot     ssl_certificate /etc/letsencrypt/live/dev.exoscape.co.uk/fullchain.pem; # m$       ssl_certificate_key /etc/letsencrypt/live/dev.exoscape.co.uk/privkey.pem; #$       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot  }   server {      if ($  host = dev.exoscape.co.uk) {         return 301 https://$  host$  request_uri;     } # managed by Certbot    server_name dev.exoscape.co.uk;     listen 80;     return 404; # managed by Certbot  } 

I have Apache2 running on port 8080 with my website running. When I visit the page I get 502 Bad Gateway. How can I access my files in /var/www/html through Apache2?

404 Response from NGINX when trying to setup mediawiki short urls

I have NGINX setup to serve content over localhost with HTTPS. Using the following location block, I can serve mediawiki just fine (it is in the /w folder)

location ~ /w/(.*)(\.php)?$   {   index index.php index.html;   try_files $  uri $  uri.php /w/index.php =404;   fastcgi_pass 127.0.0.1:9000;   include fastcgi_params;   fastcgi_param SCRIPT_FILENAME $  document_root$  fastcgi_script_name;   fastcgi_param SCRIPT_NAME $  fastcgi_script_name; } 

However, when I try to setup short urls (https://localhost/wiki/Some_Page for example) using this guide, I always get 404 file not found. I’m using PHP-FPM as the upstream, for reference. Here is the full configuration I’m using with NGINX to achieve short URLs

worker_processes 1;  events {   worker_connections 1024; }  http {   include mime.types;   default_type application/octet-stream;   sendfile on;   keepalive_timeout 65;   gzip on;    log_format compression '$  time_local - "$  uri" $  status "$  http_referer" $  request_filename';   access_log /Users/nicholas.chambers/log/nginx/access.log compression;   error_log /Users/nicholas.chambers/log/nginx/error.log;    server {     listen 80;     server_name localhost;     return 301 https://$  host$  request_uri;   }    server {     listen 443 ssl http2;     server_name localhost;      ssl_certificate /Users/nicholas.chambers/nginx/ssl/cert.pem;     ssl_certificate_key /Users/nicholas.chambers/nginx/ssl/private.key;     ssl_session_timeout 1d;     ssl_session_cache shared:SSL:50m;     ssl_session_tickets off;      ssl_protocols TLSv1.2;     ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';     ssl_prefer_server_ciphers on;     ssl_trusted_certificate /Users/nicholas.chambers/ca/intermediate/certs/chain.pem;      root /Users/nicholas.chambers;      allow 127.0.0.0/8;     deny all;      location ~ /wordpress/(.*)(\.php)?$   {       index index.php index.html;       try_files $  uri $  uri.php /wordpress/$  1/index.php /wordpress/index.php =404;       fastcgi_pass 127.0.0.1:9000;       include fastcgi_params;       fastcgi_param SCRIPT_FILENAME $  document_root$  fastcgi_script_name;       fastcgi_param SCRIPT_NAME $  fastcgi_script_name;     }      location ~ ^/w/(index|load|api|thumb|opensearch_desc)\.php$   {       include fastcgi_params;       fastcgi_param SCRIPT_FILENAME $  document_root/w/$  fastcgi_script_name;       fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on     }      location /w/images {     }      location /w/images/deleted {       deny all;     }      location ~ ^/w/resources/(assets|lib|src) {       try_files $  uri 404;       add_header Cache-Control "public";       expires 7d;     }      location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg)$   {       try_files $  uri 404;       add_header Cache-Control "public";       expires 7d;     }      location = /favicon.ico {       alias /w/images/6/64/Favicon.ico;       add_header Cache-Control "public";       expires 7d;     }      location /wiki/ {       rewrite ^/wiki/(?<pagename>.*)$   /w/index.php;       include fastcgi_params;       fastcgi_param SCRIPT_FILENAME $  document_root/w/index.php;       fastcgi_param PATH_INFO $  pagename;       fastcgi_param QUERY_STRING $  query_string;       fastcgi_pass 127.0.0.1:9000;     }      location = /robots.txt {     }   } } 

I haven’t made any changes to my LocalSettings.php, except for adding the following data

$  wgScriptPath = "/w"; $  wgScriptExtension = ".php"; $  wgArticlePath = "/wiki/$  1"; $  wgUsePathInfo = true; 

Thanks in advance!