Nginx with GeoIP2 on Ubuntu

版本情况:


ubuntu 21.04
nginx 1.21.1

In the web you can find a lot of tutorials how to use the GeoIP module for nginx but Maxmind - the company that is providing the database for countries and cities is deprecating their old database format dat and replacing it with a new format - mmdb. The nginx setup for this new format is different and requires building the module from source since there is no official support for nginx provided by the company as stated in their downloads


(opens new window) page. I couldn't find a super easy guide for the new GeoIP2 so here I am putting all the steps in case I need to do it again or if someone else is having issues with the other guides online. The guide is for Ubuntu but can be easily addapted to any Debian based systems.

# Download the nginx source and the geoip2 module.

You may want to update the link to the current version of nginx that you have installed

wget http://nginx.org/download/nginx-1.21.1.tar
tar zxvf nginx-1.21.1.tar.gz
wget https://github.com/leev/ngx_http_geoip2_module/archive/master.tar.gz ngx_http_geoip2_module.tar.gz
tar zxvf ngx_http_geoip2_module.tar.gz
# Install Maxmind's ppa and the libraries required to build nginx

sudo add-apt-repository ppa:maxmind/ppa
apt update
apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate 
apt install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
# Regularly update the geoip2 database

Set a cronjob to update the geoip database.

> which geoipupdate
/usr/bin/geoipupdate

根据这个设置下定时任务
这里通过geoipupdate来更新ip库,需要配置 /etc/GeoIP.conf, 去https://www.maxmind.com/en/geolite2/signup 注册账号后登录申请。
AccountID 594×××
LicenseKey 4bWrG×××××


58 13 * * 5 /usr/bin/geoipupdate >> /dev/null 2>&1
And it is good to run the update now so you have the latest data right away.

geoipupdate
# Build nginx with the geoip2 module

cd nginx-1.21.1
./configure  --add-dynamic-module=../ngx_http_geoip2_module-master $(nginx -V) --with-compat
make
make install
./configure: error: C compiler cc is not found
这里编译出错的话,是因为缺乏c/gcc编译器: https://geekflare.com/configure-error-c-compiler-cc-is-not-found/
apt install gcc

Make sure to include --with-compat while executing configure because when you try to install the module you may get the following error:
 nginx: [emerg] module is not binary compatible


> ls /usr/share/GeoIP/
GeoLite2-City.mmdb  GeoLite2-Country.mmdb

> ls /usr/local/nginx/conf/
fastcgi.conf  fastcgi.conf.default  fastcgi_params  fastcgi_params.default  koi-utf  koi-win  mime.types  mime.types.default  
nginx.conf  nginx.conf.default  scgi_params  scgi_params.default  uwsgi_params  uwsgi_params.default  win-utf


# Setup nginx
在nginx.conf的http里面加入
1. 加载geoip2 module , https://github.com/leev/ngx_http_geoip2_module
load_module modules/ngx_http_geoip2_module.so;

In .../nginx.conf in http section add the following code to enable the geoip2 and automatically reload the databases if needed and pass the data to php with fastcgi params.

geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
    auto_reload 60m;
    $geoip2_metadata_country_build metadata build_epoch;
    $geoip2_data_country_code country iso_code;
    $geoip2_data_country_name country names en;
}

geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
    auto_reload 60m;
    $geoip2_metadata_city_build metadata build_epoch;
    $geoip2_data_city_name city names en;
}

map $geoip2_data_country_code $allowed_country {
    default yes;
    CN no;
}

fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
fastcgi_param CITY_NAME    $geoip2_data_city_name;

# How to block countries 怎么禁止/允许某个国IP访问。

Again in /etc/nginx/nginx.conf in http section using a map with allowed/disallowed countries define a variable that you can use in the vhosts files.

map $geoip2_data_country_code $domain_xyz_allowed_country {
    default yes;
    BG no;
}
In the vhost configuration determine what to do if the country is not allowed. Usually block it.

location / {
    if ($domain_xyz_allowed_country = no) {
        return 444;
    }
}

# Redirect to country-specific domain 跳转到其它指定的域名

Similar logic could be used for location redirect. For example if you have multiple domains for different countries (google.com for USA, google.bg for Bulgaria, etc). To setup the dedirect use the $geoip2_data_country_code variable to decide whether or where the visitor should be redirected.

In the vhost configuration of the main domain (e.g. google.com)

location / {
    if ($geoip2_data_country_code = BG) {
        return 301 https://google.bg$request_uri;
    }
}

转载加修改:https://dokov.bg/nginx-geoip2

First, create a systemd unit file by using this command. (this will be open in nano editor)

sudo nano /lib/systemd/system/nginx.service
and now copy and paste this script.

root@li91-158:~# cat /lib/systemd/system/nginx.service
---------
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

This is from  https://www.armanism.com/blog/install-nginx-on-ubuntu


sudo systemctl enable nginx

sudo reboot

Conclusion

By following this guide, You installed NGINX on Ubuntu 21.04. If you want to secure your nginx with a SSL certificate you can follow this guide - How to Install Free SSL Certificate on NGINX

Congrats we are at the end of this post. I hope you enjoyed the topic. If you have any questions regarding this please let me know in the comment section.

阅读量: 771
发布于:
修改于: