Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"location" directive is not allowed here in /etc/nginx/sites-enabled/example.mydomain.com.conf:2 #1271

Closed
danquack opened this issue Oct 27, 2018 · 4 comments
Closed

"location" directive is not allowed here in /etc/nginx/sites-enabled/example.mydomain.com.conf:2 #1271

danquack opened this issue Oct 27, 2018 · 4 comments

Comments

@danquack
Copy link

danquack commented Oct 27, 2018
edited
Loading

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 5.5.6
  • Ruby:
  • Distribution: centos 7
  • Module version: 0.15.0

How to reproduce (e.g Puppet code you use)

class web(
    String $domain
) {
    include ::nginx
    ::nginx::resource::server { $domain :
        ensure      => present,
        listen_port => 443,
        proxy         => 'https://192.168.1.1:8443'
    }
    ::nginx::resource::server { "puppet.${domain}":
        ensure      => present,
        listen_port => 443,
        proxy       => 'https://puppet',
    }
}
~

What are you seeing

nginx: [emerg] "location" directive is not allowed here in /etc/nginx/sites-enabled/example.mydomain.com.conf:2
Oct 27 13:49:12 nginx systemd[1]: nginx.service: control process exited, code=exited status=1

cat /etc/nginx/sites-enabled/example.mydomain.com.conf 
  location / {
    proxy_pass            https://192.168.1.1:8443;
    proxy_read_timeout    90s;
    proxy_connect_timeout 90s;
    proxy_send_timeout    90s;
    proxy_set_header      Host $host;
    proxy_set_header      X-Real-IP $remote_addr;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header      Proxy "";
  }

What behaviour did you expect instead

the config not to error

Any additional information you'd like to impart

It appears the server {} directive is missing in the config.
@dutchwhizzman
Copy link

Is the server lower in the config file? That's what happens to me. Haven't found out what the exact cause is, but if I do something in my configs, it generates the location parts before it puts the server part.

@efoft
Copy link

efoft commented Nov 8, 2018
edited
Loading

@danquack You should set ssl => true if you use listen_port => 443. You have probably seen the warning 'nginx: ssl must be true if listen_port is the same as ssl_port' while applying manifest. Normal server stanza is not produced since the port is 443 because in such case ssl-enabled server stanza is expected but it also is not generated since you omitted ssl => true

@efoft
Copy link

efoft commented Nov 8, 2018

@dutchwhizzman I hit the same issue and found out that location requires ssl => true as well if the server uses it. It influences on how priority for concat::fragment is calculated. non ssl stuff goes first in config and location without ssl specified appears before server with ssl. I assume this is exactly your case, isn't it?

@dutchwhizzman
Copy link

ssl_only is relevant too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@efoft @danquack @dutchwhizzman