[BUG] nginx config validation fails on CloudPanel 2.5.0

[ivancarlosti]

Describe the bug

When installing into nginx bundled on CloudPanel 2.5.0 installation, it fails nginx config check

To Reproduce

Install CloudPanel 2.5.0
Install Ultimate Bad Bot Blocker running sudo ./setup-ngxblocker -v /etc/nginx/sites-enabled -x
(running script without -v returns no vhost files in: [ /etc/nginx/sites-available/*.vhost ] => exiting.)

Expected behavior

Validate `sudo nginx -t' successfully

Error

nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18972
nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18988
nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19083
nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19210
nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19257
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:4
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:5
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] zero size shared memory zone "flood"
nginx: configuration file /etc/nginx/nginx.conf test failed

Note: a clean CloudPanel installation returns this:

nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:4
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:5
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Server (please complete the following information):

• Operating System:

• Ubuntu 24.04

• Specify Exact Version of OS:

Linux ip-x-x-x-x 6.8.0-1021-aws #23-Ubuntu SMP Mon Dec  9 23:51:16 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

• Nginx Version [post output of sudo nginx -v]

nginx version: nginx/1.26.2
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/home/clp/packaging/nginx/tmp/nginx-1.26.2=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -fdebug-prefix-map=/home/clp/packaging/nginx/tmp/nginx-1.26.2=/usr/src/nginx-1.26.2-3+clp-noble -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_v3_module --with-openssl-opt=enable-ktls --with-compat --with-http_dav_module --with-http_slice_module --with-threads --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/ngx-brotli --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-auth-pam --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-dav-ext --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-upstream-fair --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-subs-filter

nginx.conf file:

user root;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 8192;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 2000;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
    geoip_city    /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database

    real_ip_recursive on;

    set_real_ip_from 127.0.0.1;
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.16.0.0/12;
    set_real_ip_from 192.168.0.0/16;
    set_real_ip_from 0.0.0.0/0;
    #real_ip_header X-Forwarded-For;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    log_format cloudflare '$http_cf_connecting_ip - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

    sendfile on;
    tcp_nopush on;


    ##
    # Nginx Bad Bot Blocker Includes
    # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
    ##
        include /etc/nginx/conf.d/botblocker-nginx-settings.conf;
        include /etc/nginx/conf.d/globalblacklist.conf;

    tcp_nodelay on;

    client_body_buffer_size  1K;
    client_header_buffer_size 1k;
    client_max_body_size 64M;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_names_hash_bucket_size 128;
    server_tokens off;
    port_in_redirect off;
    access_log off;
    disable_symlinks if_not_owner from=/home/;

    map $scheme $fastcgi_https { ## Detect when HTTPS is used
      default off;
      https on;
    }

    include /etc/nginx/blocked_ips;

    pagespeed off;
    pagespeed XHeaderValue 1;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
    ssl_prefer_server_ciphers on;
    ssl_conf_command Options KTLS;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Limit the requests for php
    ##

    limit_req_zone $binary_remote_addr zone=limit:10m rate=1r/s;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 8;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;

    ##
    # Brotli Settings
    ##

    brotli on;
    brotli_comp_level 8;
    brotli_static on;
    brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/sites-enabled/*.conf;
}

• Other Environments [include Version information]
• Other
• Specify Other / Specific Version Information Here:
  CloudPanel 2.5.0