Debian 10
Hestiacp v1.4.7
After restarting hestiacp I get an error when starting nginx
root@fw:/# systemctl status nginx
nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2021-07-16 09:17:47 -03; 3min 56s ago
Docs: nginx documentation
Process: 2236 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)Jul 16 09:17:47 fw.melatoninavix.com systemd[1]: Starting nginx - high performance web server…
Jul 16 09:17:47 fw.melatoninavix.com nginx[2236]: nginx: [emerg] “add_header” directive is not allowed here in /etc/nginx/nginx.conf:25
Jul 16 09:17:47 fw.melatoninavix.com systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jul 16 09:17:47 fw.melatoninavix.com systemd[1]: nginx.service: Failed with result ‘exit-code’.
Jul 16 09:17:47 fw.melatoninavix.com systemd[1]: Failed to start nginx - high performance web server.
Error file
No manual changes were made to the file.
root@fw:/# cat /etc/nginx/nginx.conf
Server globals
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;BEGIN Really_Simple_SSL_SECURITY_HEADERS
add_header Strict-Transport-Security: “max-age=31536000” always
add_header Content-Security-Policy: “upgrade-insecure-requests”
add_header X-XSS-Protection: “1; mode=block”
add_header X-Content-Type-Options: “nosniff”
add_header Referrer-Policy: “no-referrer-when-downgrade”END Really_Simple_SSL_SECURITY_HEADERS
Worker config
events {
worker_connections 1024;
use epoll;
multi_accept on;
}http {
# Main settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 180s;
client_body_timeout 180s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 512m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
keepalive_requests 100000;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
charset utf-8;# FastCGI settings fastcgi_buffers 4 256k; fastcgi_buffer_size 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_connect_timeout 30s; fastcgi_read_timeout 300s; fastcgi_send_timeout 180s; fastcgi_cache_lock on; fastcgi_cache_lock_timeout 5s; fastcgi_cache_background_update on; fastcgi_cache_revalidate on; # Proxy settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; proxy_buffers 32 4k; proxy_connect_timeout 30s; proxy_read_timeout 300s; proxy_send_timeout 180s; # Log format log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format bytes '$body_bytes_sent'; log_not_found off; access_log off; # Mime settings include /etc/nginx/mime.types; default_type application/octet-stream; # Compression gzip on; gzip_static on; gzip_vary on; gzip_comp_level 6; gzip_min_length 1024; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; gzip_proxied any; gzip_disable "MSIE [1-6]\."; # Cloudflare https://www.cloudflare.com/ips set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/13; set_real_ip_from 104.24.0.0/14; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; #set_real_ip_from 2400:cb00::/32; #set_real_ip_from 2405:b500::/32; #set_real_ip_from 2606:4700::/32; #set_real_ip_from 2803:f800::/32; #set_real_ip_from 2c0f:f248::/32; #set_real_ip_from 2a06:98c0::/29; real_ip_header CF-Connecting-IP; # SSL PCI compliance ssl_session_cache shared:SSL:20m; ssl_session_timeout 60m; ssl_buffer_size 1400; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"; ssl_dhparam /etc/ssl/dhparam.pem; ssl_ecdh_curve secp384r1; ssl_session_tickets off; resolver 213.186.33.99 valid=300s ipv6=off; resolver_timeout 5s; # Error pages error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 410 /error/410.html; error_page 500 501 502 503 504 505 /error/50x.html; # Cache settings proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; proxy_cache_key "$host$request_uri $cookie_user"; proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_valid any 1d; # FastCGI cache fastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; fastcgi_cache_methods GET HEAD; fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; add_header X-FastCGI-Cache $upstream_cache_status; # Cache bypass map $http_cookie $no_cache { default 0; ~SESS 1; ~wordpress_logged_in 1; } # File cache (static assets) open_file_cache max=10000 inactive=30s; open_file_cache_valid 60s; open_file_cache_min_uses 2; open_file_cache_errors off; # Wildcard include include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/domains/*.conf;
}