Want more timely Centmin Mod News Updates?
Become a Member

Nginx Enabling GeoIP 2 Lite Nginx Module questions ?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Itworx4me, Apr 9, 2019.

  1. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
  2. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    haven't really tested it specifically - GeoIP/GeoIP2 is something you either need to use or you don't. But GeoIP legacy nginx module is installed by default in Centmin Mod so all the benchmarks done to date are with it enabled anyway. GeoIP 2 nginx module isn't installed by default though and only enabled via https://community.centminmod.com/threads/17165/
     
  3. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    I don't understand where to put this code:

    Then within your nginx vhost's server{} context add entry
    Code (Text):
    if ($country_code_allowed = deny) {
      return 444;
    }


    Thanks,
    Itworx4me
     
  4. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    @eva2000 can you elaborate more on this?
     
  5. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    within nginx vhost's server{} context i.e. above the first location / webroot context.
     
  6. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    Can you give me an example.

    Thanks
    Itworx4me
     
  7. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Code (Text):
    if ($country_code_allowed = deny) {
      return 444;
    }
    
    location / {
     
    }
    
     
  8. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    I am assuming that this is the correct file to edit?
    Code (Text):
     /usr/local/nginx/conf/conf.d/newdomain.com.conf

    I am curious as to why you wouldn't want to block it for all traffic into the server instead of per vhost site. Seems very tedious to change each vhost site hosted on the server.

    Thanks,
    Itworx4me
     
  9. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    You can put common nginx rules in your own include file i.e. /usr/local/nginx/conf/block_county.conf and reference that in your nginx vhost config files non-https at /usr/local/nginx/conf/conf.d/newdomain.com.conf or https vhost at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf as
    Code (Text):
    include /usr/local/nginx/conf/block_county.conf;

    If you want server level blocking there's better tools such as CSF Firewall server level country blocking by editing /etc/csf/csf.conf CSF Firewall config file - something off topic for this thread. So for CSF Firewall questions ask at https://community.centminmod.com/forums/other-centmin-mod-installed-software.22/.
     
  10. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    to clarify both these methods do exactly same thing

    method 1 put directly in nginx vhost config files non-https at /usr/local/nginx/conf/conf.d/newdomain.com.conf or https vhost at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf the following code above location / context
    Code (Text):
    if ($country_code_allowed = deny) {
      return 444;
    }
    
    location / {
    
    }
    

    or method 2 put the code in /usr/local/nginx/conf/block_county.conf
    Code (Text):
    if ($country_code_allowed = deny) {
      return 444;
    }
    

    and reference that as an include file in your nginx vhost config files non-https at /usr/local/nginx/conf/conf.d/newdomain.com.conf or https vhost at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf above location / context
    Code (Text):
    include /usr/local/nginx/conf/block_county.conf;
    
    location / {
    
    }
    
     
    • Like Like x 1
  11. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    I followed the your install Nginx - How to enable GeoIP 2 Lite Nginx Module Support ? I get nothing from running theses commands:
    Code (Text):
    lsof -p 2128 | grep .so | grep geo
    or
    lsof -p 2128 | grep GeoIP

    Nginx failed to start too:
    Code (Text):
    nginx -t
    nginx: [emerg] unknown "geoip2_data_country_code" variable
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

    Any ideas?
     
  12. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Did recompiled nginx via centmin.sh after setting NGINX_GEOIPTWOLITE='y' and NGXDYNAMIC_GEOIPTWOLITE='y' set persistent config file at /etc/centminmod/custom_config.inc as instructed at Nginx - How to enable GeoIP 2 Lite Nginx Module Support ? ? If you did not, then you wont have GeoIP 2 support

    run command
    Code (Text):
    nginx -V

    to see if --add-dynamic-module=../ngx_http_geoip2_module is listed in output to indicate geoip2 nginx module is installed.

    also

    does your /usr/local/nginx/conf/geoip.conf look like below ?
    Code (Text):
    # SET the path to the .dat file used for determining the visitors country from the IP-address ###
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    
    # SET the path to the .dat file used for determining the visitors country from the IP-address ###
    geoip_city /usr/share/GeoIP/GeoIPCity.dat;
    
    # GeoIP2 Lite databases
    #include /usr/local/nginx/conf/geoip2.conf;
    

    this line should have automatically be uncommented removed # hash if you recompiled nginx via centmin.sh with NGINX_GEOIPTWOLITE='y' and NGXDYNAMIC_GEOIPTWOLITE='y' set persistent config file at /etc/centminmod/custom_config.inc
    Code (Text):
    #include /usr/local/nginx/conf/geoip2.conf;

    so should be
    Code (Text):
    include /usr/local/nginx/conf/geoip2.conf;
     
    • Like Like x 1
  13. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    This is what my /usr/local/nginx/conf/geoip.conf looks like. This isn't a fresh install.
    Code (Text):
    # cat /usr/local/nginx/conf/geoip.conf
    # SET the path to the .dat file used for determining the visitors country from the IP-address ###
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    
    # SET the path to the .dat file used for determining the visitors country from the IP-address ###
    geoip_city /usr/share/GeoIP/GeoIPCity.dat;
    
    # GeoIP2 Lite databases
    #  geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
    #    $geoip2_data_country_code country iso_code;
    #    $geoip2_data_country_name country names en;
    #  }
    #
    #  geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
    #    $geoip2_data_city_name city names en;
    #    $geoip2_data_postal_code postal code;
    #    $geoip2_data_latitude location latitude;
    #    $geoip2_data_longitude location longitude;
    #    $geoip2_data_state_name subdivisions 0 names en;
    #    $geoip2_data_state_code subdivisions 0 iso_code;
    #  }
     
  14. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    I added this line to the geoip.conf
    Code (Text):
    # GeoIP2 Lite databases
    include /usr/local/nginx/conf/geoip2.conf;

    and nginx restarted this time.
     
  15. eva2000

    eva2000 Administrator Staff Member

    39,155
    8,647
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,296
    Local Time:
    3:14 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yes that is older config, you can replace contents of /usr/local/nginx/conf/geoip.conf with one at centminmod/centminmod - centmin mod won't auto change older installers version as you may have customised your geoip.conf so need to update it manually.
     
    • Like Like x 1
  16. Itworx4me

    Itworx4me Premium Member Premium Member

    165
    16
    18
    Mar 14, 2017
    Ratings:
    +21
    Local Time:
    10:14 AM
    Nginx 1.15.X
    MariaDB 10.3.X
    Thank you for taking the time for this novice to learn how to install new stuff on there server.
    Itworx4me
     
    • Like Like x 1
..