nginx duplicate location "/"

[m1ne]

Hey all.

I'm trying to set up nginx within Plesk 12. Using the "Additional nginx directives" in Plesk, I add this,

server {
    listen   [::]:80;
    server_name  example.com www.example.com;
    root   /var/www/example.com;
    index  index.html index.htm index.php;
    access_log  /var/www/logs/example.com.access.log; 

    location / {
        try_files $uri $uri/ /index.php?$uri&$args;
    }

    location ~ /(internal_data|library) {
         internal;
    }

    location ~ \.php$ {
        fastcgi_pass   unix:/tmp/php.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
    }  
}

and get this error:

Invalid nginx configuration: nginx: [emerg] duplicate location "/" in /var/www/vhosts/system/example.com/conf/vhost_nginx.conf:1 nginx: configuration file /etc/nginx/nginx.conf test failed

Any idea? Thanks.

 

[SneakyDave]

See if you have another nginx configuration file in that directory that it is loading, maybe something from nginx.conf or some other xxxx.conf file.

 

[m1ne]

There is nginx.conf which states the following,

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

 

[SneakyDave]

Well, then don't change that, lol. I'm not familiar with what Plesk does with nginx configuration files, but the error message is basically telling you that you've specified the "/" location more than once.

 

[SneakyDave]

Mine looks like this, but this is for SSL specifically.

server {
  server_name mysite.com www.mysite.com;
  return 301 https://mysite.com$request_uri;
}

server {

   listen 443 ssl spdy;
  server_name mysite.com;
  ssl_certificate      /usr/local/nginx/conf/ssl/ssl-unified.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/mysite.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache      shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_ciphers [list a bunch of ciphers here]
  ssl_prefer_server_ciphers   on;
  add_header Alternate-Protocol  443:npn-spdy/3;

  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
  spdy_headers_comp 0;
  ssl_buffer_size 4k;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/ssl-trusted.crt;

  access_log /home/nginx/sites/mysite.com/log/access.log combined buffer=32k;
  error_log /home/nginx/sites/mysite.com/log/error.log;
  root /home/nginx/sites/mysite.com/public;

  ## redirect https://www to https://non-www
  if ($host = 'www.mysite.com') {
     return 302 https://$server_name$request_uri;
  }

  location / {

    root /home/nginx/sites/mysite.com/public;

    ## redirect https://www to https://non-www
    if ($host = 'www.mysite.com') {
       return 302 https://$server_name$request_uri;
    }

  location / {

     index index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$uri&$args;

  }

  location /data/manhandle/ {
        open_file_cache off;
        include /usr/local/nginx/conf/staticfiles.conf;
  }
  location /internal_data/ {
        internal;
        allow 127.0.0.1;
        deny all;
  }

  location /library/ {
        internal;
        allow 127.0.0.1;
        deny all;
  }
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;

}

 

[m1ne]

Actually, I see nginx_ip_default.conf too which has location / specified. It also tells me not to edit it as well. It includes vhost_nginx.conf at the end, which is where I should make my changes.

 

[m1ne]

I've asked for support at the Parallels forums, will post the solution when/if I get one.

 

[m1ne]

Product expert at Parallels says this,

Be aware that the definition "try_files $uri $uri/ /index.php?$uri&$args;" is a very common definition, which gives the possibilty to perform malware code if users are able to upload files.

What do you think about that?

 

[MattW]

This is mine:

        location / {
                limit_req zone=one burst=5;
                try_files $uri $uri/ /index.php?$uri&$args;
                location /internal_data {
                        location ~ \.(data|html|php)$ {
                                internal;
                        }
                        internal;
                }
                location /library {
                        location ~ \.(default|html|php|txt|xml)$ {
                                internal;
                        }
                        internal;
                }
        }

 

[SneakyDave]

What do you think about that?

Yes, that could be a problem if your application, like XenForo, was compromised in some way.

It would be a problem with any application that uses index.php as the main MVC script in an application.

Not sure what his point there is.