I keep getting errors when adding SSL syntax.
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_protocols SSLv3 TLSv1;
}
And also below CRT files, do I need to copy them to the /etc/nginx/ssl/ directory ?
AAA_Certificate_Services.crt
USERTrust_RSA_Certification_Authority.crt
Sectigo_RSA_Domain_Validation_Secure_Server_CA.crt
skb1-cct@skb1-cct:~$ journalctl -xeu nginx.service
░░ Subject: A stop job for unit nginx.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit nginx.service has finished.
░░
░░ The job identifier is 40588 and the job result is done.
Aug 22 14:07:14 skb1-cct systemd[1]: Starting A high performance web server and a reverse proxy server...
░░ Subject: A start job for unit nginx.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit nginx.service has begun execution.
░░
░░ The job identifier is 40588.
Aug 22 14:07:14 skb1-cct nginx[140201]: nginx: [emerg] "server" directive is not allowed here in /etc/nginx/nginx.conf:63
Aug 22 14:07:14 skb1-cct nginx[140201]: nginx: configuration file /etc/nginx/nginx.conf test failed
Aug 22 14:07:14 skb1-cct systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░
░░
░░ An ExecStartPre= process belonging to unit nginx.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Aug 22 14:07:14 skb1-cct systemd[1]: nginx.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░
░░
░░ The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Aug 22 14:07:14 skb1-cct systemd[1]: Failed to start A high performance web server and a reverse proxy server.
░░ Subject: A start job for unit nginx.service has failed
░░ Defined-By: systemd
░░
░░
░░ A start job for unit nginx.service has finished with a failure.
░░
░░ The job identifier is 40588 and the job result is failed.
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
server {
listen 443 ssl;
server_name www.skb.skb-shutters.com
ssl_certificate /etc/nginx/ssl/skb_skb-shutters_com.crt;
ssl_certificate_key /etc/nginx/ssl/skb_skb-shutters_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
"server" directive is not allowed here in /etc/nginx/nginx.conf:63. So you've added the section you've shown here in the wrong place. So the problem is not in what you've shown in your question but where you've placed it in the config - which you did not provide.{ }button (which does the indenting for you). I've done it for you. As you can see, it's much easier to read when correctly formatted :-)