Discover Centmin Mod today
Register Now

Nginx GeoIP Thread

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by BamaStangGuy, Sep 23, 2014.

  1. Inforit

    Inforit Premium Member Premium Member

    43
    14
    8
    Jul 30, 2014
    Ratings:
    +17
    Local Time:
    7:32 PM
    nginx/1.7.3
    MariaDB 5.5
    Just installed, all worked good, except I couldnt get it to work until I read about adding the variables in php.conf, thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  3. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    I got the GeoIP module working fine but how do I block certain countries with this? I need to block:

    Code:
    China (CN)
    Tajikistan (TJ)
    Kyrgyzstan (KG)
    Turkmenistan (TM)
    Hungary (HU)
    Russian Federation (RU)
    Bosnia and Herzegovina (BA)
    Romania (RO)
    Myanmar (MM)
    Kazakhstan (KZ)
    Lithuania (LT)
    Georgia (GE)
    Taiwan, Province of China (TW)
    Czech Republic (CZ)
    Sierra Leone (SL)
    Serbia (RS)
    Slovakia (SK)
    Ukraine (UA)
    Belarus (BY)
    Turkey (TR)
    Uzbekistan (UZ)
    Poland (PL)
    Latvia (LV)
    Nigeria (NG)
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    see @GhoHan's example in this thread at Nginx - GeoIP Thread | Centmin Mod Community just instead of allow , you block

    /usr/local/nginx/conf/nginx.conf to block US, FK, FM, EH
    Code:
    http {
    include /usr/local/nginx/conf/geoip.conf;
    ## add this line example country to allow
    map $geoip_country_code $block_country {
            default 0;
            US 1;
            FK 1;
            FM 1;
            EH 1;
    }
    
    and then In /usr/local/nginx/conf/conf.d/yourdomain-name.conf
    Code:
    server {
    ## Add this line Bellow
        if ($block_country = 1) {
                return 444;
        }
                listen   80;
    
    now restart your nginx
    Code:
    service nginx restart
    
     
    Last edited: Dec 10, 2015
  5. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    no no the listen relates to your vhost conf file, so place the block code in the relevant vhost whether http one or https one so newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

    When you create a new nginx vhost domain via centmin.sh menu option 2 or /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
     
  6. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    I added it and nginx failed:

     
  7. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    They are commented out now so nginx could restart but I had them uncommented and nginx failed
     
  8. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    strange works for me

    Code:
    http {
    include /usr/local/nginx/conf/geoip.conf;
    
    map $geoip_country_code $block_country {
            default 0;
            US 1;
            FK 1;
            FM 1;
            EH 1;
    }
     
  9. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    if I go to <IP>geoip.php and I see my location information - that means geoip is installed and working fine right?

    I ran
    then:
    ./geoip.sh

    which gave me:

    Code:
    [root@ngx centminmod]# cd /usr/local/src/centminmod/addons
    [root@ngx addons]# ./geoip.sh
    GeoIP database and library install...
    Loaded plugins: fastestmirror, priorities
    Loading mirror speeds from cached hostfile
    * base: mirror.es.its.nyu.edu
    * epel: mirrors.mit.edu
    * extras: mirror.thelinuxfix.com
    * updates: mirror.trouble-free.net
    100 packages excluded due to repository priority protections
    Package GeoIP-1.5.0-9.el7.x86_64 already installed and latest version
    Package GeoIP-devel-1.5.0-9.el7.x86_64 already installed and latest version
    Nothing to do
    /usr/include/GeoIP.h
    /usr/include/GeoIPCity.h
    /usr/include/GeoIPUpdate.h
    /usr/lib64/libGeoIP.so
    /usr/lib64/libGeoIPUpdate.so
    /usr/lib64/pkgconfig/geoip.pc
    /etc/GeoIP.conf
    /etc/GeoIP.conf.default
    /usr/bin/geoiplookup
    /usr/bin/geoiplookup6
    /usr/bin/geoipupdate
    /usr/lib64/libGeoIP.so.1
    /usr/lib64/libGeoIP.so.1.5.0
    /usr/lib64/libGeoIPUpdate.so.0
    /usr/lib64/libGeoIPUpdate.so.0.0.0
    /usr/share/GeoIP
    /usr/share/GeoIP/GeoIP-initial.dat
    /usr/share/GeoIP/GeoIP.dat
    /usr/share/GeoIP/GeoLiteASNum.dat
    /usr/share/GeoIP/GeoLiteCity.dat
    /usr/share/GeoIP/GeoLiteCountry.dat
    /usr/share/doc/GeoIP-1.5.0
    /usr/share/doc/GeoIP-1.5.0/AUTHORS
    /usr/share/doc/GeoIP-1.5.0/COPYING
    /usr/share/doc/GeoIP-1.5.0/ChangeLog
    /usr/share/doc/GeoIP-1.5.0/LICENSE.txt
    /usr/share/doc/GeoIP-1.5.0/README
    /usr/share/doc/GeoIP-1.5.0/TODO
    /usr/share/doc/GeoIP-1.5.0/fetch-geoipdata-city.pl
    /usr/share/doc/GeoIP-1.5.0/fetch-geoipdata.pl
    /usr/share/man/man1/geoiplookup.1.gz
    /usr/share/man/man1/geoiplookup6.1.gz
    /usr/share/man/man1/geoipupdate.1.gz
    GeoLiteCity database download ...
    2015-12-10 06:55:20 URL:http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz [12328291/12328291] -> "/usr/share/GeoIP/GeoLiteCity.dat.gz" [1]
    geoip.conf include check...
    Test geoip.php file located at:
    /usr/local/nginx/html/geoip.php
    
    GeoIP database and library installed...
    
     
  10. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    don't need to run geoip.sh anymore, centmin mod 123.08 stable and higher auto install and enable geoip for php and nginx out of box, so probably why you have duplicate settings now

    check contents of /usr/local/nginx/conf/geoip.conf i.e. centminmod/geoip.conf at 123.09beta01 · centminmod/centminmod · GitHub

    geoip.sh centminmod/geoip.sh at 123.09beta01 · centminmod/centminmod · GitHub

    yup
     
  11. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    looks duplicate to me
    So deleting one should work fine right?
     
  12. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    no no different one is country db and other is city db
     
  13. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    check all files for instances of duplicate
    Code:
    grep -Rn 'geoip_country ' /usr/local/nginx/conf/*
     
  14. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    Gave me:

     
  15. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    that is the correct expected output
     
  16. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    post to gist or pastebin your entire nginx.conf so we can see
     
  17. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    There is a duplicate of the line in bold: would that matter?

     
  18. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  19. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    2:32 PM
    latest
    10
    yeap! Thank did it! when looking at other vhost files from another VPS, that line is present
    so others who use this wont need to add it to @GhoHan's example
     
  20. eva2000

    eva2000 Administrator Staff Member

    45,192
    10,277
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,927
    Local Time:
    4:32 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    yup.. centmin mod 123.08stable and higher already have geoip support out of the box for nginx and php levels