# Help with nginx web server



## fred974 (May 15, 2013)

Hello everyone,

I updated my nginx file and now I cannot get the web server to restart. I have restore*d* the setting from backup but I wonder if anyone could help me to spot where the problem is.

The error message *I* get when *I* restart nginx is:


```
"server" directive is not allowed here in /usr/local/etc/nginx/nginx.conf:13
```

*H*ere is my ngingx.conf file*:*


```
user  www www;
worker_processes  2;

error_log  /var/log/nginx.error_log  info;
pid /var/run/nginx.pid;

events {
    worker_connections  1024;
    use kqueue;
}


server {
  listen 80;
  server_name mysite.co.uk;

  root /usr/local/www/mysite; 
  index index.php;

  autoindex off;  
  client_max_body_size 5M;
  include both.conf;

  location ~ ^/.*\.php {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_pass php5-fpm-sock;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_intercept_errors on;
  }

}

# HTTPS server
server {
  listen 443 ssl;
  server_name mysite.co.uk;
  root /usr/local/www/mysite;
  index index.php;
  autoindex off;
  client_max_body_size 5M;
  include both.conf;

  ssl on;
  ssl_certificate /path/to/my/ssl/cert.crt;
  ssl_certificate_key /path/to/my/ssl/private.key;
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1 SSLv3;
  ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
  ssl_prefer_server_ciphers on;

    location ~ ^/.*\.php {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_pass php5-fpm-sock;
      fastcgi_param HTTPS on;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_intercept_errors on;
  }
}
```
and the both.conf file


```
# Common root location
  location / {
#    This try_files directive is used to enable pretty, SEO-friendly URLs
#    and permalinks for Wordpress. Leave it *off* to start with, and then
#    turn it on once you've gotten Wordpress configured!
    try_files $uri $uri/ /index.php?$args; 
  }

#    This location pevents any requests for the Wordpress admin interface
#    from being accepted if those requests don't come from your LAN. This
#    is optional but recommended.
  location ~* wp-admin {
      try_files $uri $uri/ =404;
      allow 192.168.1.0/24;
	  allow 213.xxx.xxx.xxx;
      allow 127.0.0.1;
      deny all;
  }

#    Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because
#    forbidden errors allow attackers potential insight into your server's
#    layout and contents
  error_page 403 =404;

#    Prevent access to any files starting with a dot, like .htaccess
#    or text editor temp files
  location ~ /\. { access_log off; log_not_found off; deny all; }

#    Prevent access to any files starting with a $ (usually temp files)
  location ~ ~$ { access_log off; log_not_found off; deny all; }

#    Do not log access to robots.txt, to keep the logs cleaner
  location = /robots.txt { access_log off; log_not_found off; }

#    Do not log access to the favicon, to keep the logs cleaner
  location = /favicon.ico { access_log off; log_not_found off; }

#    Keep images and CSS around in browser cache for as long as possible,
#    to cut down on server load
  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
      expires max;
      log_not_found off;
  }

#    Common deny or internal locations, to help prevent access to areas of
#    the site that should not be public
  location ~* wp-admin/includes { deny all; }
  location ~* wp-includes/theme-compat/ { deny all; }
  location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
  location /wp-content/ { internal; }
  location /wp-includes/ { internal; }
#    The next line protects the wp-config.php file from being accessed, but
#    we need to be able to run the file for the initial site setup. Uncomment
#    the next line after setup is completed and reload Nginx.
  location ~* wp-config.php { deny all; }

#    Prevent any potentially-executable files in the uploads directory from
#    being executed by forcing their MIME type to text/plain
  location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
      types { }
      default_type text/plain;
  }

#    Add trailing slash to */wp-admin requests so the admin interface
#    works correctly
  rewrite /wp-admin$ $scheme://$host$uri/ permanent;
```

Thank you in advance.


----------



## fred974 (May 16, 2013)

Hi guys,

I spend a lot of last night on the net trying to work out the problem but I'm really up a brick wall here. Has anyone got any advise/recommendation?

Thank you.
Fred


----------



## Remington (May 16, 2013)

Check permission on files and folders. Your configuration looks right.


----------



## fred974 (May 16, 2013)

Hi @Remington 
The permission on files and folders are correct (444). Same as my original file that is working OK.

I wonder if the problem is with the following block:

```
location ~ ^/.*\.php {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_pass php5-fpm-sock;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_intercept_errors on;
```
On my working file I have it as:

```
location ~ \.php$ {
           fastcgi_pass unix:/var/run/php-fpm.sock;
           fastcgi_param SCRIPT_FILENAME /usr/local/www/mysite$fastcgi_script_name;
           fastcgi_param PATH_INFO $fastcgi_script_name;
           include fastcgi_params; # include extra FCGI params
        }
```

I'm not experienced enough to confirm that this is where the problem is.


----------



## freebuser (May 16, 2013)

I believe you need to have a

```
http{
```

before 
	
	



```
server{
```


----------



## fred974 (May 16, 2013)

Hi @freebuser

You are a life saver. I added 

```
http {
```
before

```
server{
```
and my problem is SOLVED 

I can't believe I didn't spot that.


----------

