[SOLVE] [emerg] "upstream" directive is not allowed here in /usr/local/etc/nginx/nextcloud.conf:1


#1

Hi,
I try to install nextcloud on a freenas FreeBSD 11.2-STABLE
Nextcloud 14.0.4
I follow this tuto :
http://unflyingobject.com/posts/nextcloud-12-from-scratch-with-freebsd-11/

And when I : nginx -t
I got
nginx: [emerg] “upstream” directive is not allowed here in /usr/local/etc/nginx/nextcloud.conf:1
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

My nginx.conf

#user  nobody;                                                                                                              
worker_processes  1;

# This default error log path is compiled-in to make sure configuration parsing                                             
# errors are logged somewhere, especially during unattended boot when stderr                                                
# isn't normally logged anywhere. This path will be touched on every nginx                                                  
# start regardless of error log location configured here. See                                                               
# https://trac.nginx.org/nginx/ticket/147 for more info.                                                                    
#                                                                                                                           
#error_log  /var/log/nginx/error.log;                                                                                       
#                                                                                                                           

#pid        logs/nginx.pid;                                                                                                 

include nextcloud.conf;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                                              
    #                  '$status $body_bytes_sent "$http_referer" '                                                          
    #                  '"$http_user_agent" "$http_x_forwarded_for"';                                                        

    #access_log  logs/access.log  main;                                                                                     

    sendfile        on;
    #tcp_nopush     on;                                                                                                     

    #keepalive_timeout  0;                                                                                                  
    keepalive_timeout  65;

    #gzip  on;                                                                                                              

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;                                                                                                    

        #access_log  logs/host.access.log  main;                                                                            

        location / {
            root   /usr/local/www/nginx;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;                                                                            

        # redirect server error pages to the static page /50x.html                                                          
        #                                                                                                                   
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80                                                         
        #                                                                                                                   
        #location ~ \.php$ {                                                                                                
        #    proxy_pass   http://127.0.0.1;                                                                                 
        #}                                                                                                                  

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000                                                                                                                      
        #                                                                                                                   
        #location ~ \.php$ {                                                                                                
        #    root           html;                                                                                           
        #    fastcgi_pass   127.0.0.1:9000;                                                                                 
        #    fastcgi_index  index.php;                                                                                      
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;                                                  
        #    include        fastcgi_params;                                                                                 
        #}                                                                                                                  

        # deny access to .htaccess files, if Apache's document root                                                         
        # concurs with nginx's one                                                                                          
        #                                                                                                                   
        #location ~ /\.ht {                                                                                                 
        #    deny  all;                                                                                                     
        #}                                                                                                                  
    }
    # another virtual host using mix of IP-, name-, and port-based configuration                                            
    #                                                                                                                       
    #server {                                                                                                               
    #    listen       8000;                                                                                                 
    #    listen       somename:8080;                                                                                        
    #    server_name  somename  alias  another.alias;                                                                       

    #    location / {                                                                                                       
    #        root   html;                                                                                                   
    #        index  index.html index.htm;                                                                                   
    #    }                                                                                                                  
    #}                                                                                                                      


    # HTTPS server                                                                                                          
    #                                                                                                                       
    #server {                                                                                                               
    #    listen       443 ssl;                                                                                              
    #    server_name  localhost;                                                                                            

    #    ssl_certificate      cert.pem;                                                                                     
    #    ssl_certificate_key  cert.key;                                                                                     

    #    ssl_session_cache    shared:SSL:1m;                                                                                
    #    ssl_session_timeout  5m;                                                                                           

    #    ssl_ciphers  HIGH:!aNULL:!MD5;                                                                                     
    #    ssl_prefer_server_ciphers  on;                                                                                     

    #    location / {                                                                                                       
    #        root   html;                                                                                                   
    #        index  index.html index.htm;                                                                                   
    #    }                                                                                                                  
    #}                                                                                                                      

}

my nextcloud.conf

upstream php-handler {                                                                                                      
    #server 127.0.0.1:9000;                                                                                                 
    server unix:/var/run/php7-fpm.sock;                                                                                     
}                                                                                                                           
                                                                                                                            
server {                                                                                                                    
    listen 80;                                                                                                              
    server_name 10.66.0.241;                                                                                                
    # enforce https                                                                                                         
    return 301 https://$server_name$request_uri;                                                                            
}                                                                                                                           
                                                                                                                            
server {                                                                                                                    
    listen 443 ssl http2;                                                                                                   
    server_name 10.66.0.241;                                                                                                
                                                                                                                            
    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;                                                                   
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;                                                               
                                                                                                                            
    # Add headers to serve security related headers                                                                         
    # Before enabling Strict-Transport-Security headers please read into this                                               
    # topic first.                                                                                                          
    # add_header Strict-Transport-Security "max-age=15768000;                                                               
    # includeSubDomains; preload;";                                                                                         
    #                                                                                                                       
    # WARNING: Only add the preload option once you read about                                                              
    # the consequences in https://hstspreload.org/. This option                                                             
    # will add the domain to a hardcoded list that is shipped                                                               
    # in all major browsers and getting removed from this list                                                              
    # could take several months.                                                                                            
    add_header X-Content-Type-Options nosniff;                                                                              
    add_header X-XSS-Protection "1; mode=block";                                                                            
    add_header X-Robots-Tag none;                                                                                           
    add_header X-Download-Options noopen;                                                                                   
    add_header X-Permitted-Cross-Domain-Policies none;                                                                      
                                                                                                                            
    # Path to the root of your installation                                                                                 
    root /mynextcloud;                                                                                                      
                                                                                                                            
    location = /robots.txt {                                                                                                
        allow all;                                                                                                          
        log_not_found off;                                                                                                  
        access_log off;                                                                                                     
    }                                                                                                                       
                                                                                                                            
    location = /.well-known/carddav {                                                                                       
      return 301 $scheme://$host/remote.php/dav;                                                                            
    }                                                                                                                       
    location = /.well-known/caldav {                                                                                        
      return 301 $scheme://$host/remote.php/dav;                                                                            
    }                                                                                                                       
                                                                                                                            
    # set max upload size                                                                                                   
    client_max_body_size 1G;                                                                                                
    fastcgi_buffers 64 4K;                                                                                                  
                                                                                                                            
    # Enable gzip but do not remove ETag headers                                                                            
    gzip on;                                                                                                                
    gzip_vary on;                                                                                                           
    gzip_comp_level 4;                                                                                                      
    gzip_min_length 256;                                                                                                    
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;                                           
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json a\
pplication/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-mani\
fest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text\
/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;                 
                                                                                                                            
    # Uncomment if your server is build with the ngx_pagespeed module                                                       
    # This module is currently not supported.                                                                               
    #pagespeed off;  
     location / {
	rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        #deny all;                                                                                                          
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice                                                                           
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files                                                                  
    # Make sure it is BELOW the PHP block                                                                                   
    location ~ \.(?:css|js|woff|svg|gif)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to                                                  
        # have those duplicated to the ones above)                                                                          
        # Before enabling Strict-Transport-Security headers please read into                                                
        # this topic first. 
        # add_header Strict-Transport-Security "max-age=15768000;                                                           
        #  includeSubDomains; preload;";                                                                                    
        #                                                                                                                   
        # WARNING: Only add the preload option once you read about                                                          
        # the consequences in https://hstspreload.org/. This option                                                         
        # will add the domain to a hardcoded list that is shipped                                                           
        # in all major browsers and getting removed from this list                                                          
        # could take several months.                                                                                        
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets                                                                              
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets                                                                        
        access_log off;
    }
}                                                                                          

I read https://docs.nextcloud.com/server/12/admin_manual/installation/nginx.html
but can’t make it.
where should I look for debugging?
thanks for your help


#2

putting the include statement in a http block

[...]
http {
    include       mime.types;
    include nextcloud.conf;
[...]

maybe can solve the problem.
But I got others errors