[INSTALLATION] nginx: [emerg] "limit_conn" directive is duplicate in /etc/nginx/bots.d/ddos.conf:56

[fritzfr]

Describe the problem you are experiencing

Hey, I'm having the same issue as https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/issues/210. I checked all my files multiple times and can't figure out, why I have the duplicate.

Error Messages

Post any error messages (if applicable):

nginx: [emerg] "limit_conn" directive is duplicate in /etc/nginx/bots.d/ddos.conf:56

Copy of nginx.conf

If applicable please paste your nginx.conf file here (paste in between the markers)

user nginx;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;

events {
    multi_accept on;
    worker_connections 65535;
}

http {
    charset utf-8;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    server_tokens off;
    log_not_found off;
    types_hash_max_size 2048;
    client_max_body_size 100M;

    # MIME
    include mime.types;
    default_type application/octet-stream;

    # logging
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    # SSL
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites
    ssl_dhparam /etc/nginx/dhparam.pem;

    # Mozilla Intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # OCSP Stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
    resolver_timeout 2s;

    # load configs
    include /etc/nginx/conf.d/*.conf;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # api.mydomain.app
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name api.mydomain.app;

        include /etc/nginx/bots.d/blockbots.conf;
        include /etc/nginx/bots.d/ddos.conf;

        # SSL
        ssl_certificate /etc/letsencrypt/live/api.mydomain.app/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/api.mydomain.app/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/api.mydomain.app/chain.pem;

        # security headers
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

        # . files
        location ~ /\.(?!well-known) {
            deny all;
        }

        # reverse proxy
                location ^~ /v1/ {
                        proxy_pass http://127.0.0.1:3000;
                        proxy_http_version      1.1;
                        proxy_cache_bypass      $http_upgrade;

                        proxy_set_header Upgrade                $http_upgrade;
                        proxy_set_header Connection             "upgrade";
                        proxy_set_header Host                   $host;
                        proxy_set_header X-Real-IP              $remote_addr;
                        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto      $scheme;
                        proxy_set_header X-Forwarded-Host       $host;
                        proxy_set_header X-Forwarded-Port       $server_port;
                }

        # favicon.ico
        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        # robots.txt
        location = /robots.txt {
            log_not_found off;
            access_log off;
        }

        # gzip
        gzip on;
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    }

    # s.mydomain.app
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name s.mydomain.app;
        set $base /var/www/s.mydomain.app;
        root $base/public;

        # SSL
        ssl_certificate /etc/letsencrypt/live/s.mydomain.app/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/s.mydomain.app/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/s.mydomain.app/chain.pem;

        # security headers
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

        # . files
        location ~ /\.(?!well-known) {
            deny all;
        }

        # index.php
        index index.php;

        # index.php fallback
        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        # handle .php
        location ~ \.php$ {
            # 404
            try_files $fastcgi_script_name =404;

            # default fastcgi_params
            include fastcgi_params;

            # fastcgi settings
            fastcgi_pass            unix:/var/run/php/php7.4-fpm.sock;
            fastcgi_index           index.php;
            fastcgi_buffers         8 16k;
            fastcgi_buffer_size     32k;

            # fastcgi params
            fastcgi_param DOCUMENT_ROOT     $realpath_root;
            fastcgi_param SCRIPT_FILENAME   $realpath_root$fastcgi_script_name;
            fastcgi_param PHP_ADMIN_VALUE   "open_basedir=$base/:/usr/lib/php/:/tmp/";
        }

        # favicon.ico
        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        # robots.txt
        location = /robots.txt {
            log_not_found off;
            access_log off;
        }

        # assets, media
        location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
            expires 7d;
            access_log off;
        }

        # svg, fonts
        location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
            add_header Access-Control-Allow-Origin "*";
            expires 7d;
            access_log off;
        }

        # gzip
        gzip on;
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    }

    # Logging
    server {
      listen 81;
      server_name localhost;

      access_log off;
      allow 127.0.0.1;
      deny all;

      location /nginx_status {
        # Choose your status module

        # freely available with open source NGINX
        stub_status;

        # for open source NGINX < version 1.7.5
        # stub_status on;

        # available only with NGINX Plus
        # status;
      }
    }

    # HTTP redirect
    server {
        listen 80;
        listen [::]:80;

        server_name api.mydomain.app;

        # ACME-challenge
        location ^~ /.well-known/acme-challenge/ {
            root /var/www/_letsencrypt;
        }

        location / {
            return 301 https://api.mydomain.app$request_uri;
        }
    }
    # HTTP redirect
    server {
        listen 80;
        listen [::]:80;

        server_name s.mydomain.app;

        # ACME-challenge
        location ^~ /.well-known/acme-challenge/ {
            root /var/www/_letsencrypt;
        }

        location / {
            return 301 https://s.mydomain.app$request_uri;
        }
    }
}

Copy of vhost / website / host .conf file

Is included above.

Server (please complete the following information):

• Operating System:

• [X] Ubuntu

• [ ] Alpine

• [ ] Arch Linux

• [ ] Debian

• [ ] CentOS

• [ ] Fedora

• [ ] Deepin

• [ ] Windows

• [ ] Other

• Specify Exact Version of OS:

Linux Ubuntu-1804-bionic-64-minimal 4.15.0-91-generic #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

• Nginx Version [post output of sudo nginx -v]

nginx version: nginx/1.16.1

• Other Environments [include Version information]

• [ ] Plesk

• [ ] CPanel

• [ ] Synology NAS

• [ ] Other

• Specify Other / Specific Version Information Here:

• Any other applicable log / error messages that may help us to help you.

Paste any log / error messages here (paste in between the ```     ``` markers)

Additional information

Add any other context about the problem here.

/etc/nginx/conf.d$ ls
botblocker-nginx-settings.conf  default.conf  globalblacklist.conf

/etc/nginx/bots.d$ ls
bad-referrer-words.conf     blockbots.conf             whitelist-domains.conf
blacklist-ips.conf          custom-bad-referrers.conf  whitelist-ips.conf
blacklist-user-agents.conf  ddos.conf

[damanti-me]

had the same error message. For me, this was due to the incorrect copying of the command for the DDOS config. Check the config and compare everything with the one provided online. In my case, there were two entries with different versions.