惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
D
DataBreaches.Net
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
D
Docker
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Check Point Blog
腾讯CDC
Stack Overflow Blog
Stack Overflow Blog
V
Visual Studio Blog
IT之家
IT之家
月光博客
月光博客
U
Unit 42
K
Kaspersky official blog
T
Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
GbyAI
GbyAI
P
Proofpoint News Feed
Last Week in AI
Last Week in AI
云风的 BLOG
云风的 BLOG
酷 壳 – CoolShell
酷 壳 – CoolShell
I
InfoQ
Engineering at Meta
Engineering at Meta
Recorded Future
Recorded Future
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security @ Cisco Blogs
MyScale Blog
MyScale Blog
大猫的无限游戏
大猫的无限游戏
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Schneier on Security
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog RSS Feed
The Last Watchdog
The Last Watchdog
P
Palo Alto Networks Blog
爱范儿
爱范儿
B
Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
C
Cisco Blogs
Spread Privacy
Spread Privacy
F
Full Disclosure
博客园 - 聂微东
T
The Blog of Author Tim Ferriss

inDev. Journal

Upgrade Ubuntu servers GitHub Markdown emojis for Jekyll with JoyPixels icons Windows 11 To Go on external SSD for MacBook Install qBittorrent-nox on Ubuntu server Building a pageview counter with Deta.sh Micros and Base database 重置网页阅读量数据 Install Nextcloud with PlanetScale cloud database 给国行 SONY A105 播放器刷国际版固件 Get free ZeroSSL wildcard SSL certificates with acme.sh DNS API
Install GeoIP2 module to Nginx
Frank Lin · 2021-10-20 · via inDev. Journal

Install GeoIP2 module to Nginx

add GeoIP2 module to Nginx

This short guide is for Ubuntu but can be easily adapted to other Linux systems.

GeoIP update package

First install the geoipupdate package provided by MaxMind.

sudo add-apt-repository ppa:maxmind/ppa

sudo apt update
sudo apt install geoipupdate libmaxminddb0 libmaxminddb-dev mmdb-bin

You need to create an account on the MaxMind website which provides updated GeoIP (GeoLite2 Free version) databases. After registering on the site, you can manage licence keys under your MaxMind account.

In the /etc/GeoIP.conf file, replace the new AccountId and LicenseKey, for instance:

# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
# Used to update GeoIP databases from https://www.maxmind.com.
# For more information about this config file, visit the docs at
# https://dev.maxmind.com/geoip/updating-databases?lang=en.

# `AccountID` is from your MaxMind account.
AccountID 0000000

# `LicenseKey` is from your MaxMind account
LicenseKey 0000000000000000

# `EditionIDs` is from your MaxMind account.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country

You can also download the .conf file generated by MaxMind in the webpage, then replace the file on the server.

After that, you will be able to update the GeoIP database by running sudo geoipupdate. It’s better to add new cron job to update the database regularly.

Enable Nginx GeoIP2 module

You have the GeoIP2 database updated, now just have to install and enable the GeoIP2 module for Nginx:

sudo apt install libnginx-mod-http-geoip2

This will automatic update a 50-mod-http-geoip2.conf config file under /etc/nginx/modules-enabled/.

GeoIP2 usage in Nginx

The following example demonstrates how to restrict access to the Nginx server only from the configured contries1.

In you /etc/nginx/nginx.conf:

http {
    geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
       $geoip2_data_country_iso_code country iso_code;
    }

    map $geoip2_data_country_iso_code $allowed_country {
       default no;
       FR yes; # France
       BE yes; # Belgium
       DE yes; # Germany
       CH yes; # Switzerland
    }

    server {
       # Block forbidden country
       if ($allowed_country = no) {
           return 444;
       }

       [...]
    }
}

The location of the .mmdb database files can vary depends on your system, e.g. /usr/share/GeoIP/ or /var/lib/GeoIP/.

THE END

Hey, there! This is Frank Lin (@flinhong), one of the 1.41 billion . This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.

YOU MAY ALSO LIKE

Setup an IKEv2 server with strongSwan

Setup an IKEv2 server with strongSwan

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunnelling between networks. It is developed by Microsoft and Cisco (primarily) for mobile users, and introduced as an updated version of IKEv1 in 2005. The IKEv2 MOBIKE (Mobility and Multihoming) protocol allows the client to main secure connection despite network switches, such as when leaving a WiFi area for a mobile data area. IKEv2 works on most platforms, and natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary.