Nginx GeoIP Thread

Inforit · Oct 11, 2014

Just installed, all worked good, except I couldnt get it to work until I read about adding the variables in php.conf, thanks

eva2000 · Oct 11, 2014

thanks for the feedback @Ryder14

Matt Williams · Dec 10, 2015

I got the GeoIP module working fine but how do I block certain countries with this? I need to block:

Code:

China (CN)
Tajikistan (TJ)
Kyrgyzstan (KG)
Turkmenistan (TM)
Hungary (HU)
Russian Federation (RU)
Bosnia and Herzegovina (BA)
Romania (RO)
Myanmar (MM)
Kazakhstan (KZ)
Lithuania (LT)
Georgia (GE)
Taiwan, Province of China (TW)
Czech Republic (CZ)
Sierra Leone (SL)
Serbia (RS)
Slovakia (SK)
Ukraine (UA)
Belarus (BY)
Turkey (TR)
Uzbekistan (UZ)
Poland (PL)
Latvia (LV)
Nigeria (NG)

eva2000 · Dec 10, 2015

see @GhoHan's example in this thread at Nginx - GeoIP Thread | Centmin Mod Community just instead of allow , you block

/usr/local/nginx/conf/nginx.conf to block US, FK, FM, EH
Code:
http {
include /usr/local/nginx/conf/geoip.conf;
## add this line example country to allow
map $geoip_country_code $block_country {
        default 0;
        US 1;
        FK 1;
        FM 1;
        EH 1;
}
and then In /usr/local/nginx/conf/conf.d/yourdomain-name.conf
Code:
server {
## Add this line Bellow
    if ($block_country = 1) {
            return 444;
    }
            listen   80;
now restart your nginx
Code:
service nginx restart

eva2000 · Dec 10, 2015

no no the listen relates to your vhost conf file, so place the block code in the relevant vhost whether http one or https one so newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

When you create a new nginx vhost domain via centmin.sh menu option 2 or /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Matt Williams · Dec 10, 2015

I added it and nginx failed:

Starting nginx: nginx: [emerg] "geoip_country" directive is duplicate in /usr/local/nginx/conf/geoip.conf:2
Click to expand...

Matt Williams · Dec 10, 2015

They are commented out now so nginx could restart but I had them uncommented and nginx failed

http {
upstream phpbackend {
ip_hash;
keepalive 5;
server 127.0.0.1:9000 weight=50;
server 127.0.0.1:9002 weight=50;
server 127.0.0.1:9003 weight=50;
server 127.0.0.1:9004 weight=50;
server 127.0.0.1:9005 weight=50;
}
#include /usr/local/nginx/conf/geoip.conf;
## add this line example country to allow
#map $geoip_country_code $block_country {
# default 0;
# CN 1;
# TJ 1;
# KG 1;
# TM 1;
# HU 1;
# RU 1;
# BA 1;
# RO 1;
# MM 1;
# KZ 1;
# LT 1;
# GE 1;
# TW 1;
# CZ 1;
# SL 1;
# RS 1;
# SK 1;
# UA 1;
# BY 1;
# TR 1;
# UZ 1;
# PL 1;
# LV 1;
# NG 1;
#}
limit_req_zone $binary_remote_addr zone=xwprpc:10m rate=30r/s;
Click to expand...

eva2000 · Dec 10, 2015

strange works for me

Code:

http {
include /usr/local/nginx/conf/geoip.conf;

map $geoip_country_code $block_country {
        default 0;
        US 1;
        FK 1;
        FM 1;
        EH 1;
}

Matt Williams · Dec 10, 2015

if I go to <IP>geoip.php and I see my location information - that means geoip is installed and working fine right?

I ran

then:
./geoip.sh

which gave me:

Code:

[root@ngx centminmod]# cd /usr/local/src/centminmod/addons
[root@ngx addons]# ./geoip.sh
GeoIP database and library install...
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: mirror.es.its.nyu.edu
* epel: mirrors.mit.edu
* extras: mirror.thelinuxfix.com
* updates: mirror.trouble-free.net
100 packages excluded due to repository priority protections
Package GeoIP-1.5.0-9.el7.x86_64 already installed and latest version
Package GeoIP-devel-1.5.0-9.el7.x86_64 already installed and latest version
Nothing to do
/usr/include/GeoIP.h
/usr/include/GeoIPCity.h
/usr/include/GeoIPUpdate.h
/usr/lib64/libGeoIP.so
/usr/lib64/libGeoIPUpdate.so
/usr/lib64/pkgconfig/geoip.pc
/etc/GeoIP.conf
/etc/GeoIP.conf.default
/usr/bin/geoiplookup
/usr/bin/geoiplookup6
/usr/bin/geoipupdate
/usr/lib64/libGeoIP.so.1
/usr/lib64/libGeoIP.so.1.5.0
/usr/lib64/libGeoIPUpdate.so.0
/usr/lib64/libGeoIPUpdate.so.0.0.0
/usr/share/GeoIP
/usr/share/GeoIP/GeoIP-initial.dat
/usr/share/GeoIP/GeoIP.dat
/usr/share/GeoIP/GeoLiteASNum.dat
/usr/share/GeoIP/GeoLiteCity.dat
/usr/share/GeoIP/GeoLiteCountry.dat
/usr/share/doc/GeoIP-1.5.0
/usr/share/doc/GeoIP-1.5.0/AUTHORS
/usr/share/doc/GeoIP-1.5.0/COPYING
/usr/share/doc/GeoIP-1.5.0/ChangeLog
/usr/share/doc/GeoIP-1.5.0/LICENSE.txt
/usr/share/doc/GeoIP-1.5.0/README
/usr/share/doc/GeoIP-1.5.0/TODO
/usr/share/doc/GeoIP-1.5.0/fetch-geoipdata-city.pl
/usr/share/doc/GeoIP-1.5.0/fetch-geoipdata.pl
/usr/share/man/man1/geoiplookup.1.gz
/usr/share/man/man1/geoiplookup6.1.gz
/usr/share/man/man1/geoipupdate.1.gz
GeoLiteCity database download ...
2015-12-10 06:55:20 URL:http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz [12328291/12328291] -> "/usr/share/GeoIP/GeoLiteCity.dat.gz" [1]
geoip.conf include check...
Test geoip.php file located at:
/usr/local/nginx/html/geoip.php

GeoIP database and library installed...

eva2000 · Dec 10, 2015

don't need to run geoip.sh anymore, centmin mod 123.08 stable and higher auto install and enable geoip for php and nginx out of box, so probably why you have duplicate settings now

check contents of /usr/local/nginx/conf/geoip.conf i.e. centminmod/geoip.conf at 123.09beta01 · centminmod/centminmod · GitHub

geoip.sh centminmod/geoip.sh at 123.09beta01 · centminmod/centminmod · GitHub

Matt Williams said: ↑

if I go to <IP>geoip.php and I see my location information - that means geoip is installed and working fine right?
Click to expand...

yup

Matt Williams · Dec 10, 2015

looks duplicate to me

# SET the path to the .dat file used for determining the visitor's country from the IP-address ###
geoip_country /usr/share/GeoIP/GeoIP.dat;

# SET the path to the .dat file used for determining the visitor's country from the IP-address ###
geoip_city /usr/share/GeoIP/GeoIPCity.dat;
Click to expand...

So deleting one should work fine right?

eva2000 · Dec 10, 2015

no no different one is country db and other is city db

eva2000 · Dec 10, 2015

check all files for instances of duplicate
Code:
grep -Rn 'geoip_country ' /usr/local/nginx/conf/*

Matt Williams · Dec 10, 2015

Gave me:

[root@ngx addons]# grep -Rn 'geoip_country ' /usr/local/nginx/conf/*
/usr/local/nginx/conf/geoip.conf:2:geoip_country /usr/share/GeoIP/GeoIP.dat;
Click to expand...

eva2000 · Dec 10, 2015

that is the correct expected output

eva2000 · Dec 10, 2015

post to gist or pastebin your entire nginx.conf so we can see

Matt Williams · Dec 10, 2015

There is a duplicate of the line in bold: would that matter?

include /usr/local/nginx/conf/vts_http.conf;
include /usr/local/nginx/conf/geoip.conf;
include /usr/local/nginx/conf/pagespeedadmin.conf;
include /usr/local/nginx/conf/fastcgi_param_https_map.conf;
Click to expand...

eva2000 · Dec 10, 2015

Matt Williams said: ↑

There is a duplicate of the line in bold: would that matter?
Click to expand...

Ah that's the culprit probably from running geoip.sh again, so remove one of them

Lines 192-194 of geoip.sh should of prevented duplicate insertion of that include line though centminmod/geoip.sh at 123.09beta01 · centminmod/centminmod · GitHub

Matt Williams · Dec 10, 2015

yeap! Thank did it! when looking at other vhost files from another VPS, that line is present

include /usr/local/nginx/conf/geoip.conf;
Click to expand...

so others who use this wont need to add it to @GhoHan's example

eva2000 · Dec 10, 2015

Matt Williams said: ↑

so others who use this wont need to add it to @GhoHan's example
Click to expand...

yup.. centmin mod 123.08stable and higher already have geoip support out of the box for nginx and php levels

Log in / Register

Forums

Welcome to Centmin Mod Community

Nginx GeoIP Thread

Inforit Premium Member Premium Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Nginx GeoIP Thread

Inforit Premium Member Premium Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

Matt Williams WordPress Fanatic

eva2000 Administrator Staff Member

.