SSL setup directions for nginx yield an error

Following these directions: https://docs.rancher.com/rancher/v1.3/en/installing-rancher/installing-server/basic-ssl-config/#example-nginx-configuration I get an error that says:

nginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/nginx.conf:1

Any ideas?

Here’s my config running on nginx 1.11:

upstream target {
    server rancher-server:8080;
}

server {
    listen 443 ssl spdy;
    server_name my-server;
    ssl_certificate /var/nginx/3dsim.crt;
    ssl_certificate_key /var/nginx/3dsim.key;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://target;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
        proxy_read_timeout 900s;
    }
}

server {
    listen 80;
    server_name my-server;
    return 301 https://$server_name$request_uri;
}

“upstream” isn’t allowed in that part of config. From the documentation it appears to be allowed within the http { } block.

1 Like

Thanks. I ended up making everything work with this config:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
  upstream target {
      server rancher-server:8080;
  }

  server {
      listen 443 ssl spdy;
      server_name my-server.com;
      ssl_certificate /var/nginx/3dsim.crt;
      ssl_certificate_key /var/nginx/3dsim.key;

      location / {
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Port $server_port;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://target;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
          proxy_read_timeout 900s;
      }
  }

  server {
      listen 80;
      server_name my-server.com;
      return 301 https://$server_name$request_uri;
  }
}

The docs could be a little clearer that it really isn’t the “Minimum configuration” needed to run nginx. It’s a partial configuration. Will try to get a PR sent in for the docs.

1 Like