After installation the NGINX config file test fails, citing a problem with a limit_conn directive. I read through past issues but I'm not sure what to do to resolve this.
Error Messages
Post any error messages (if applicable):
/etc/alternatives$ sudo nginx -t
nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18884
nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18900
nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18995
nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19122
nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19169
nginx: [emerg] "limit_conn" directive is not allowed here in /etc/nginx/bots.d/ddos.conf:35
nginx: configuration file /etc/nginx/nginx.conf test failed
Copy of nginx.conf
If applicable please paste your nginx.conf file here
(paste in between the markers)
If applicable please paste your site/vhost configuration file in between the code ticks
(paste in between the markers)
There are a number of vhosts - this is representative of all of them
# Default server configuration
#
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /mnt/websitestorage/exampleURL.com;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name exampleURL.com www.exampleURL.com;
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
#Added to block undesirable wordpress PHP execution - 27/08/2018
# location ~* /wp-includes/.*.php$ {
# deny all;
# access_log off;
# log_not_found off;
# }
location ~* /wp-content/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm-exampleURL.sock;
include snippets/fastcgi-php.conf;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/exampleURL.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/exampleURL.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.exampleURL.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = exampleURL.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name exampleURL www.exampleURL.com;
listen 80;
return 404; # managed by Certbot
}
Screenshots
If applicable, add screenshots to help explain your problem.
Server (please complete the following information):
Operating System:
[ ] Ubuntu
[ ] Alpine
[ ] Arch Linux
[X] Debian
[ ] CentOS
[ ] Fedora
[ ] Deepin
[ ] Windows
[ ] Other
Specify Exact Version of OS:
Debian 11
Post output of uname -a here
Linux hostname 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
Nginx Version [post output of sudo nginx -v]
nginx/1.18.0
Paste output of sudo nginx -V here (paste in between the markers)
The installation script put the bot blocker includes in the wrong spot in all of my vhosts. I moved it and the error is gone. Included sample vhost updated to show a working location.
Describe the problem you are experiencing
After installation the NGINX config file test fails, citing a problem with a limit_conn directive. I read through past issues but I'm not sure what to do to resolve this.
Error Messages
Post any error messages (if applicable):
Copy of nginx.conf
If applicable please paste your nginx.conf file here (paste in between the
markers)
Copy of vhost / website / host .conf file
If applicable please paste your site/vhost configuration file in between the code ticks (paste in between the
markers)
Screenshots
If applicable, add screenshots to help explain your problem.
Server (please complete the following information):
Operating System:
[ ] Ubuntu
[ ] Alpine
[ ] Arch Linux
[X] Debian
[ ] CentOS
[ ] Fedora
[ ] Deepin
[ ] Windows
[ ] Other
Debian 11
Post output of uname -a here
Linux hostname 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
nginx/1.18.0
Paste output of
markers)
sudo nginx -V
here (paste in between theconfigure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-x3gsRV/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module
Other Environments [include Version information]
[ ] Plesk
[ ] CPanel
[ ] Synology NAS
[ ] Other
Specify Other / Specific Version Information Here:
Any other applicable log / error messages that may help us to help you.
Additional information
Add any other context about the problem here.