How to resolve nginx internal server error

Question

I'm configuring Nginx as a public-facing proxy server to my internal Gunicorn server to host a "Reddit clone" Flask project I'm developing. At one point, Nginx was working properly (when I'd used mostly the same configuration as an online tutorial), but after making updates appropriate for my application, I'm getting an "Internal Server Error" when navigating to my Amazon Lightsail (Ubuntu 16.04) server's IP address, and reverting the changes back to the tutorial configuration now doesn't work.

I tried:
1. Stopping and starting the Nginx service
2. Running sudo netstat -tulpn, finding the PID (seems to appear twice for the local addresses 0.0.0.0:80 and 0.0.0.0:443), killing the process with sudo fuser -k 80/tcp and sudo fuser -k 443/tcp and then starting Nginx again
3. Completely removing Nginx from my system and reinstalling with: sudo apt-get purge --auto-remove nginx sudo apt-get -y install nginx

flask_reddit (my configuration file in /etc/nginx/sites-enabled/):

server {
    # As Gunicorn documentation states, prevent host spoofing by blocking requests without "Host" request header set
#    access_log /var/log/nginx/flask_reddit/flask-reddit_access.log;
#    error_log /var/log/nginx/flask_reddit/flask-reddit_error.log;

    listen 80;
    listen 443;
    server_name "";
    return 444;
}

server {
#    access_log /var/log/nginx/flask_reddit/flask-reddit_access.log;
#    error_log /var/log/nginx/flask_reddit/flask-reddit_error.log;

    # listen on port 80 (http)
    listen 80 default_server;
    server_name _;
    location / {
        # redirect any requests to the same URL but on https
        return 301 https://$host$request_uri;
    }
}
server {
#    access_log /var/log/nginx/flask_reddit/flask-reddit_access.log;
#    error_log /var/log/nginx/flask_reddit/flask-reddit_error.log;

    # listen on port 443 (https)
    listen 443 ssl default_server;
    server_name _;
    client_max_body_size 5m; # Useful for situations such as file uploads; will return 413 code in violation of this limit
    keepalive_timeout 120s 120s; # Used to expedite request processing

    # location of the self-signed SSL certificate
    ssl_certificate /home/ubuntu/flask-reddit/certs/cert.pem;
    ssl_certificate_key /home/ubuntu/flask-reddit/certs/key.pem;

    location / {
        # forward application requests to the gunicorn server
        proxy_pass http://localhost:8000;
        proxy_redirect off; # Preserve the fact that Gunicorn handled the request by disabling proxy_pass->location URL prefix change
        proxy_set_header Host $host; # When a domain name is configured, this will equal the name in lowercase with no port (protocol added in X-Forwarded-Proto)
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /static {
        # handle static files directly, without forwarding to the application
        root /home/ubuntu/flask-reddit/app;
        try_files $uri /templates/404.html; # Provide custom-written 404 response page
        expires 30d;
    }
}

/etc/nginx/nginx.conf (my main Nginx configuration file):

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
#
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

When I run sudo service nginx status, I get the following output:

● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) (Result: exit-code) since Thu 2019-08-29 04:07:42 UTC; 3 days ago
  Process: 21652 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
 Main PID: 4855 (nginx)
    Tasks: 2
   Memory: 5.5M
      CPU: 1.521s
   CGroup: /system.slice/nginx.service
           ├─ 4855 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           └─21657 nginx: worker process                           

Sep 01 02:18:29 ip-172-26-5-151 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Sep 01 02:18:29 ip-172-26-5-151 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Sep 01 04:58:21 ip-172-26-5-151 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Sep 01 04:58:21 ip-172-26-5-151 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

My sudo netstat -tulpn output is:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4855/nginx -g daemo
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4036/sshd       
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      19927/master    
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4855/nginx -g daemo
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      6398/python     
tcp        0      0 0.0.0.0:9001            0.0.0.0:*               LISTEN      20037/python    
tcp6       0      0 :::22                   :::*                    LISTEN      4036/sshd       
tcp6       0      0 :::25                   :::*                    LISTEN      19927/master    
udp        0      0 0.0.0.0:68              0.0.0.0:*                           943/dhclient    

Using sudo nginx -t says that this main Nginx configuration in nginx.conf is valid, but running sudo nginx -t -c /etc/nginx/sites-enabled/flask-reddit gives:

nginx: [emerg] "server" directive is not allowed here in /etc/nginx/sites-enabled/flask-reddit:1
nginx: configuration file /etc/nginx/sites-enabled/flask-reddit test failed

Why is this occurring?

Answer 1

I copied your setup onto a box and tweaked it until now its working ... Use this as your location and you will be fine

location / {
    # forward application requests to the gunicorn server
    proxy_pass http://localhost:8000;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

}