Can't get SSL working on Nginx with multiple sub-domains


System: Ubuntu 16.04 LTS, Nginx, multiple sub-domains

I followed the instructions to get Certbot installed and let it modify my server files. I am running various sites on sub-domains. When I had trouble getting my sites to load, I copied all the new server files to my computer and reverted to the original files. My sites load fine. Now I’m trying to implement SSL on my test sites and I’m getting this error:
nginx: [emerg] unknown “usr” variable
I have no idea what this means. The site I’m trying to get running is a test site for my IP.Board forums. All my other sub-domains are still http. The only way I can get nginx to start is to delete the server file for the test site with SSL configured.
Here’s the nginx.conf file:

user talos tal;
worker_processes 4;
pid /run/;

events {
	worker_connections 1024;
	# multi_accept on;

http {

	# Basic Settings

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Logging Settings
   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';

   access_log /var/log/nginx/access.log main;
   error_log /var/log/nginx/error.log;

	# Gzip Settings

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
And here's the server file:
    server {
    listen       80;
    return       301$request_uri;

server {
    listen 443 ssl;
   ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    root         /plexus/assimilationlab/test;
    access_log   /plexus/assimilationlab/logs/accesstest.log main;
    error_log    /plexus/assimilationlab/logs/errortest.log;

    index index.html index.php;

    client_max_body_size  0;
    client_body_buffer_size 128k;
    client_body_timeout 300s;

    # GZIP static content not processed by IPB.
    gzip  on;
    gzip_static on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 1;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/x-javascript application/xml application/xml+rss text/javascript application/javascript text/x-js;
    gzip_buffers 16 8k;
    gzip_disable "msie6";

    # Enable pretty URL's
    location /forums {
      try_files  $uri $usr/ /forums/index.php?$args;

That’s not the entire file, but the rest is PHP processing and the handling of images and other static data. I need a redirect to https as people update their bookmarks. I have no idea how to get this working, so I’m hoping someone can help.



Is $usr a typo of $uri or is it a variable defined somewhere?


OMG you got it! I removed the original because I found a thread that said $uri/ could be a problem and when it didn’t solve the issue, I added it back in, with a typo. sigh Thanks for spotting that. I’ll fix it and see if that solves the problem.


Now I got nginx to start, thanks for the help mnordhoff, but now I’m getting an error in the browser. It’s telling me that the page isn’t redirecting properly. Certbot had originally written:

    if ($host = {
    return 301 https://$host$request_uri;
} # managed by Certbot

listen       80;
return 404; # managed by Certbot

at the end of the server configuration file, but I just got 404 errors, so I rewrote it. I found $host didn’t work.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.