[INSTALLATION] [emerg] "limit_conn" directive is not allowed here
cblonde opened this issue · comments
Describe the problem you are experiencing
After installation the NGINX config file test fails, citing a problem with a limit_conn directive. I read through past issues but I'm not sure what to do to resolve this.
Error Messages
Post any error messages (if applicable):
/etc/alternatives$ sudo nginx -t
nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18884
nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18900
nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18995
nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19122
nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19169
nginx: [emerg] "limit_conn" directive is not allowed here in /etc/nginx/bots.d/ddos.conf:35
nginx: configuration file /etc/nginx/nginx.conf test failed
Copy of nginx.conf
If applicable please paste your nginx.conf file here
(paste in between the
markers)
error_log /var/log/nginx/error.log warn;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
##test
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
##Disable Symlinks - Added by Craig Jan 4 2023
disable_symlinks off;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Copy of vhost / website / host .conf file
If applicable please paste your site/vhost configuration file in between the code ticks
(paste in between the
markers)
There are a number of vhosts - this is representative of all of them
# Default server configuration
#
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /mnt/websitestorage/exampleURL.com;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name exampleURL.com www.exampleURL.com;
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
#Added to block undesirable wordpress PHP execution - 27/08/2018
# location ~* /wp-includes/.*.php$ {
# deny all;
# access_log off;
# log_not_found off;
# }
location ~* /wp-content/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location ~* /(?:uploads|files)/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm-exampleURL.sock;
include snippets/fastcgi-php.conf;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/exampleURL.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/exampleURL.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.exampleURL.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = exampleURL.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name exampleURL www.exampleURL.com;
listen 80;
return 404; # managed by Certbot
}
Screenshots
If applicable, add screenshots to help explain your problem.
Server (please complete the following information):
-
Operating System:
-
Ubuntu
-
Alpine
-
Arch Linux
-
Debian
-
CentOS
-
Fedora
-
Deepin
-
Windows
-
Other
-
Specify Exact Version of OS:
Debian 11
Post output of uname -a here
Linux hostname 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
- Nginx Version [post output of sudo nginx -v]
nginx/1.18.0
Paste output of sudo nginx -V
here (paste in between the
markers)
configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-x3gsRV/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module
-
Other Environments [include Version information]
-
Plesk
-
CPanel
-
Synology NAS
-
Other
-
Specify Other / Specific Version Information Here:
-
Any other applicable log / error messages that may help us to help you.
Paste any log / error messages here (paste in between the ``` ``` markers)
Additional information
Add any other context about the problem here.
The installation script put the bot blocker includes in the wrong spot in all of my vhosts. I moved it and the error is gone. Included sample vhost updated to show a working location.