"return" directive is not allowed here in - nginx

i got "return" directive is not allowed here in error on nginx -t
here is my nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 100000;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
keepalive_requests 100000;
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate ssl/example.pem;
ssl_certificate_key ssl/example.key;
ssl_conf_command Options KTLS;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
root /usr/local/etc/nginx/html;
index index.html index.htm;
charset utf-8;
}
}
}
nginx -t command gives me
"return" directive is not allowed here in /usr/local/etc/nginx/nginx.conf:22
i tried remove conf file and created again, no luck
additional note: if i remove part of config
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
it works
UPDATE :
if you compile nginx from source, if u do not add rewrite module it happens because return directive part of rewrite module

Related

Why nginx selects server block with _ server_name?

My simple nginx.conf:
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /_nginx_logs/access.log;
error_log /_nginx_logs/error.log;
gzip on;
server {
server_name www.example.pro;
listen 80;
listen 443 ssl;
return 301 https://example.pro$request_uri;
ssl_certificate "/etc/letsencrypt/live/www.example.pro/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/www.example.pro/privkey.pem";
}
server {
server_name example.pro
listen 80;
listen 443 ssl;
ssl_certificate "/etc/letsencrypt/live/example.pro/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.pro/privkey.pem";
location / {
proxy_pass http://localhost:3000;
}
location /api {
proxy_pass http://localhost:7500;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
server_name _;
listen 80 default_server;
location / {
root /projects/site-stub;
}
}
}
When I open my site as https://example.pro everything is ok.
When I open my site as http://example.pro, nginx answers from server block with server_name _.
Why? IP and port are the same, server_name value has exact word for Host header, but server_name example.pro not works for http://.
But it works good for https://!

proxy_pass doesn't work in the location area in the NGINX config

I have this nginx config:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
server {
listen 443 default_server ssl;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
location /private/ {
#root /usr/share/nginx/html;
#index index.html;
proxy_pass http://localhost:5001/;
}
location / {
proxy_pass http://localhost:5000/;
}
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_timeout 28h;
ssl_early_data on;
ssl_buffer_size 16k;
http2_chunk_size 8k;
Also I have same python servers on my localhost :
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 549524/python3
tcp 0 0 127.0.0.1:5001 0.0.0.0:* LISTEN 549204/python3
The problem is that
proxy_pass in location / always works, and if I turn off python server on 5000 port, nginx will raise me 504 bad gateway. proxy_pass in the location /private/ doesn't work, and nginx server always raise me 404 not found.
If i turn off my server on 5001 nothing will change. But if i change this area this way:
location /private/ {
root /usr/share/nginx/html;
index index.html;
#proxy_pass http://localhost:5001/;
}
Everything will work and nginx return me index.html.
Why doesn't work proxy_pass in this location area?

nginx doesn't serve "/" path

I have a domain example.com which is registered and working.
I am now trying redirect all requests to example.com and www.example.com to a specific port.
the default config in sites-enabled looks like this:
server{
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
return 301 https://example.com:8081/;
}
}
the above config does not work (when accessing example.com in the browser, i get infinite loading)
While when using this config, example.com/test works.
server{
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location /test {
return 301 https://example.com:8081/;
}
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/sites-enabled/*;
}

Possible NGINX issue with PHPMyAdmin

pulling my hair out with this one!
I can't figure out why PHPMyAdmin is logging in ok and showing menu's, but there is no database information displayed. The left hand database tree is gone and the main window where you would manage a database is also blank (just empty space).
The menus are loading ok so I suspect a frame related issue as when I look at page source, there is just no HTML there.
I have Certbot install a letsencrypt certificate and NGINX 1.20.2. PHP is 8.1.3 and Ubuntu 20. I have tried multiple fresh installs of PHPMyAdmin.
Here are my NGINX configs in case I am missing something there:
sites-enabled/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.php;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
add_header X-Frame-Options "ALLOW-FROM http://site.uk";
add_header X-Frame-Options "ALLOW-FROM http://www.site.uk";
add_header X-Frame-Options "ALLOW-FROM https://site.uk";
add_header X-Frame-Options "ALLOW-FROM https://www.site.uk";
add_header X-XSS-Protection "1";
add_header X-Content-Type-Options nosniff;
}
server {
root /var/www/html;
index index.html index.htm index.php;
server_name _; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fx5.uk/fullchain.pem; # managed by C>
ssl_certificate_key /etc/letsencrypt/live/fx5.uk/privkey.pem; # managed by>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
#changed
if ($host = site.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name _;
return 404; # managed by Certbot
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

How to correctly set a custom 403 ERROR page in Nginx

I can't seem to figure out how to setup a custom 403 error page in Nginx for IPs that are denied. No matter what I do, only the builtin Nginx "Forbidden" page shows up. Below is my nginx.conf file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
autoindex_localtime on;
include ./conf/blockips.conf;
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ./ssl/fullchain.cer;
ssl_certificate_key ./ssl/cert.key;
server_name_in_redirect off;
log_not_found off;
server_name www.mywebsite.com mywebsite.com;
error_page 403 /error403.html;
location = /error403.html {
root html;
allow all;
}
location / {
root /inetpub/wwwroot;
index index.html index.htm;
}
}
}

Resources