惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
有赞技术团队
有赞技术团队
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
D
DataBreaches.Net
F
Full Disclosure
腾讯CDC
博客园 - 【当耐特】
MyScale Blog
MyScale Blog
Stack Overflow Blog
Stack Overflow Blog
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
爱范儿
爱范儿
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
The Register - Security
The Register - Security
WordPress大学
WordPress大学
博客园 - 聂微东
雷峰网
雷峰网
J
Java Code Geeks
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
Know Your Adversary
Know Your Adversary
AWS News Blog
AWS News Blog
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
Project Zero
Project Zero
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Application and Cybersecurity Blog
Application and Cybersecurity Blog
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
MongoDB | Blog
MongoDB | Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security

inDev. Journal

Upgrade Ubuntu servers GitHub Markdown emojis for Jekyll with JoyPixels icons Windows 11 To Go on external SSD for MacBook Install qBittorrent-nox on Ubuntu server Building a pageview counter with Deta.sh Micros and Base database 重置网页阅读量数据 Install Nextcloud with PlanetScale cloud database 给国行 SONY A105 播放器刷国际版固件 Get free ZeroSSL wildcard SSL certificates with acme.sh DNS API
Install GeoIP2 module to Nginx
Frank Lin · 2021-10-20 · via inDev. Journal

Install GeoIP2 module to Nginx

add GeoIP2 module to Nginx

This short guide is for Ubuntu but can be easily adapted to other Linux systems.

GeoIP update package

First install the geoipupdate package provided by MaxMind.

sudo add-apt-repository ppa:maxmind/ppa

sudo apt update
sudo apt install geoipupdate libmaxminddb0 libmaxminddb-dev mmdb-bin

You need to create an account on the MaxMind website which provides updated GeoIP (GeoLite2 Free version) databases. After registering on the site, you can manage licence keys under your MaxMind account.

In the /etc/GeoIP.conf file, replace the new AccountId and LicenseKey, for instance:

# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
# Used to update GeoIP databases from https://www.maxmind.com.
# For more information about this config file, visit the docs at
# https://dev.maxmind.com/geoip/updating-databases?lang=en.

# `AccountID` is from your MaxMind account.
AccountID 0000000

# `LicenseKey` is from your MaxMind account
LicenseKey 0000000000000000

# `EditionIDs` is from your MaxMind account.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country

You can also download the .conf file generated by MaxMind in the webpage, then replace the file on the server.

After that, you will be able to update the GeoIP database by running sudo geoipupdate. It’s better to add new cron job to update the database regularly.

Enable Nginx GeoIP2 module

You have the GeoIP2 database updated, now just have to install and enable the GeoIP2 module for Nginx:

sudo apt install libnginx-mod-http-geoip2

This will automatic update a 50-mod-http-geoip2.conf config file under /etc/nginx/modules-enabled/.

GeoIP2 usage in Nginx

The following example demonstrates how to restrict access to the Nginx server only from the configured contries1.

In you /etc/nginx/nginx.conf:

http {
    geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
       $geoip2_data_country_iso_code country iso_code;
    }

    map $geoip2_data_country_iso_code $allowed_country {
       default no;
       FR yes; # France
       BE yes; # Belgium
       DE yes; # Germany
       CH yes; # Switzerland
    }

    server {
       # Block forbidden country
       if ($allowed_country = no) {
           return 444;
       }

       [...]
    }
}

The location of the .mmdb database files can vary depends on your system, e.g. /usr/share/GeoIP/ or /var/lib/GeoIP/.

THE END

Hey, there! This is Frank Lin (@flinhong), one of the 1.41 billion . This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.

YOU MAY ALSO LIKE

Setup an IKEv2 server with strongSwan

Setup an IKEv2 server with strongSwan

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunnelling between networks. It is developed by Microsoft and Cisco (primarily) for mobile users, and introduced as an updated version of IKEv1 in 2005. The IKEv2 MOBIKE (Mobility and Multihoming) protocol allows the client to main secure connection despite network switches, such as when leaving a WiFi area for a mobile data area. IKEv2 works on most platforms, and natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary.