Issue with Nginx rate limiting: Invalid number of arguments

Question

I'm trying to add rate limiting support to my nginx web server, but I keep getting the following error:

webserver_1  | 2017/10/24 11:27:40 [emerg] 6#6: invalid number of arguments in "limit_req_zone" directive in /etc/nginx/nginx.conf:7
webserver_1  | nginx: [emerg] invalid number of arguments in "limit_req_zone" directive in /etc/nginx/nginx.conf:7
isaserver_webserver_1 exited with code 1

Here is my nginx configuration file:

# normally you leave this at the default of 1024
events {
    worker_connections 1024;
}

http {
    limit_req_zone $binary_remote_addr zone=slow:10m rate=30r/s;

    # cf http://blog.maxcdn.com/accept-encoding-its-vary-important/
    gzip_vary on;
    gzip_proxied any;
    gzip_types *;

    # http://nginx.org/en/docs/http/configuring_https_servers.html#optimization
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;

    server_tokens off;

    upstream django {
        server web:8000;
    }

    server {
        # rewrite all HTTP to HTTPS
        listen 80;
        server_name ${NGINX_SERVER_NAME};

        return 301 https://${NGINX_SERVER_NAME}$request_uri;
    }

    server {
        listen 443 ssl default_server;
        server_name ${NGINX_SERVER_NAME};

        # see http://nginx.org/en/docs/http/configuriNGINX_https_servers.html
        ssl_certificate /etc/ssl/certs/server.crt;
        ssl_certificate_key /etc/ssl/private/server.key;
        ssl_client_certificate /etc/ssl/certs/ca.crt;
        ssl_verify_client optional;

        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ie defaults minus SSLv3

        #Prevent serving of sysfiles / vim backup files
        location ~ /\.          { access_log off; log_not_found off; deny all; }
        location ~ ~$           { access_log off; log_not_found off; deny all; }

        location / {
            limit_req zone=slow nodelay;

            uwsgi_pass      django;
            include         uwsgi_params;
        }
    }
}

I'm not sure why I am getting this issue since I directly copied the limit_req_zone code from the official documentation at http://nginx.org/en/docs/http/ngx_http_limit_req_module.html

What am I doing wrong?

Update #1:

Below is my docker file for then nginx web server:

FROM nginx:1.13.5

# Add start script
ADD ./webserver/config/start.sh /
RUN chmod +x start.sh

ENV NGINX_CRT_NAME=localhost NGINX_KEY_NAME=localhost NGINX_SERVER_NAME=localhost

# Add nginx config file
ADD ./webserver/config/nginx.tmpl /

# Add SSL certs to location specified in nginx.conf
ADD ./webserver/config/*.crt /etc/ssl/certs/
ADD ./webserver/config/*.key /etc/ssl/private/

# Execute start script
CMD ["./start.sh"]

And below is the docker compose file:

version: '2.1'

services:
  web:
    image: xxxxxxxx/xxxxxxxxx
    build: .
    ports:
      - "8000:8000"
    extra_hosts:
      - "DB_HOST:192.168.1.xxxxx"

  webserver:
    build:
      context: .
      dockerfile: webserver/Dockerfile # This is the above dockerfile
    ports:
      - "80:80"
      - "443:443"
    links:
      - web:web

If I remove the two lines for rate limiting, the server operates and there are no issues. However, as soon as I attempt to enable rate limiting, I receive the above mentioned error.

Update #2:

Below is the start script:

#!/bin/bash
envsubst < nginx.conf > /etc/nginx/nginx.conf

nginx -g "daemon off;"

*Note I've changed the nginx template configuration file to have a .conf ending

Answer 1

You need to escape the $binary_remote_addr because you are using some template language that is translating the variable to nothing.

Maybe as this:

limit_req_zone $$binary_remote_addr zone=slow:10m rate=30r/s;
# with this ---^