[INSTALLATION] [emerg] "limit_conn" directive is not allowed here

Question

[INSTALLATION] [emerg] "limit_conn" directive is not allowed here

cblonde opened this issue a year ago · comments

Describe the problem you are experiencing

After installation the NGINX config file test fails, citing a problem with a limit_conn directive. I read through past issues but I'm not sure what to do to resolve this.

Error Messages

Post any error messages (if applicable):


/etc/alternatives$ sudo nginx -t
nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18884
nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18900
nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18995
nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19122
nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19169
nginx: [emerg] "limit_conn" directive is not allowed here in /etc/nginx/bots.d/ddos.conf:35
nginx: configuration file /etc/nginx/nginx.conf test failed

Copy of nginx.conf

If applicable please paste your nginx.conf file here
(paste in between the markers)


        error_log /var/log/nginx/error.log warn;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

         gzip_vary on;
         gzip_proxied any;
         gzip_comp_level 6;
         gzip_buffers 16 8k;
         gzip_http_version 1.1;
         gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;


        ##test
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;


        ##Disable Symlinks - Added by Craig Jan 4 2023
        disable_symlinks off;

}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

Copy of vhost / website / host .conf file

If applicable please paste your site/vhost configuration file in between the code ticks
(paste in between the markers)


There are a number of vhosts - this is representative of all of them

# Default server configuration
#
server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /mnt/websitestorage/exampleURL.com;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm;

        server_name exampleURL.com www.exampleURL.com;


    ##
    # Nginx Bad Bot Blocker Includes
    # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
    ##
        include /etc/nginx/bots.d/ddos.conf;
        include /etc/nginx/bots.d/blockbots.conf;


location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php?q=$uri&$args;
        }

#Added to block undesirable wordpress PHP execution - 27/08/2018
#        location ~* /wp-includes/.*.php$ {
#                deny all;
#                access_log off;
#                log_not_found off;
#                }
        location ~* /wp-content/.*.php$ {
                deny all;
                access_log off;
                log_not_found off;
                }
        location ~* /(?:uploads|files)/.*.php$ {
                deny all;
                access_log off;
                log_not_found off;
                }
        location = /xmlrpc.php {
                deny all;
                access_log off;
                log_not_found off;
                }





# pass PHP scripts to FastCGI server
        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.4-fpm-exampleURL.sock;

                include snippets/fastcgi-php.conf;
                }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/exampleURL.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/exampleURL.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = www.exampleURL.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = exampleURL.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



        server_name exampleURL www.exampleURL.com;
    listen 80;


    
    return 404; # managed by Certbot




}

Screenshots

If applicable, add screenshots to help explain your problem.

Server (please complete the following information):

Debian 11

Post output of uname -a here

Linux hostname 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux

Nginx Version [post output of sudo nginx -v]

nginx/1.18.0

Paste output of sudo nginx -V here (paste in between the markers)

configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-x3gsRV/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module

Other Environments [include Version information]
Plesk
CPanel
Synology NAS
Other
Specify Other / Specific Version Information Here:
Any other applicable log / error messages that may help us to help you.


Paste any log / error messages here (paste in between the ```     ``` markers)

Additional information

Add any other context about the problem here.

cblonde · Answer 1 · Sat Jul 22 2023 23:35:08 GMT+0800 (China Standard Time)

The installation script put the bot blocker includes in the wrong spot in all of my vhosts. I moved it and the error is gone. Included sample vhost updated to show a working location.