Want to subscribe to topics you're interested in?
Become a Member

Nginx GeoIP2 Errors On Fresh Install

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by skringjer, Oct 28, 2021.

  1. skringjer

    skringjer NoobMaster69

    208
    26
    28
    Apr 21, 2019
    Ratings:
    +43
    Local Time:
    2:01 AM
    Nginx 1.21.6
    MariaDB 10.3.x
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.21.3
    • PHP Version Installed: 7.4.25
    • MariaDB MySQL Version Installed: 10.3.31
    • When was last time updated Centmin Mod code base ? : Auto Cron Updates
    • Persistent Config:
      Code (Text):
      NGINX_SSLCACHE_ALLOWOVERRIDE='y'
      NGINX_STAPLE_CACHE_OVERRIDE='y'
      NGINX_STAPLE_CACHE_TTL='86400'
      SET_DEFAULT_MYSQLCHARSET='utf8mb4'
      AUTOHARDTUNE_NGINXBACKLOG='y'
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      LETSENCRYPT_DETECT='y'
      DUALCERTS='y'
      SELFSIGNEDSSL_ECDSA='y'
      NGINX_LIBBROTLI='y'
      NGXDYNAMIC_BROTLI='y'
      PHP_PGO_ALWAYS='y'
      PHP_PGO='y'
      PHP_BROTLI='y'
      PHP_LZFOUR='y'
      PHP_LZF='y'
      PHP_ZSTD='y'
      PHPFINFO='y'
      WPCLI_CE_QUERYSTRING_INCLUDED='y'
      NGINX_GEOIPTWOLITE='y'
      NGXDYNAMIC_GEOIPTWOLITE='y'
      MM_LICENSE_KEY='TnmH7f3jjS0axmsT'
      AUDITD_ENABLE='y'
      
      

    Greetings everyone and @eva2000 , i have been trying to setup Geoip 2 nginx module to block traffic country wise.

    I have used this guide before https://community.centminmod.com/threads/how-to-enable-geoip-2-lite-nginx-module-support.17165/

    And it worked flawless, but this time on a fresh install its not working and i cant restart nginx. First here is what i did.


    In my nginx.conf i added this line

    Code:
      map $geoip2_data_country_code $country_code_allowed {
      default allow;
      IN deny;
    }
    
    And in my domains vhost this

    Code:
      if ($country_code_allowed = deny) {
      return 404;
    }
    
    Ofcourse i compiled nginx with
    NGINX_GEOIPTWOLITE='y'
    NGXDYNAMIC_GEOIPTWOLITE='y'

    And in my php-custom.conf file

    Code:
    location ~ [^/]\.php(/|$) {
    #  include /usr/local/nginx/conf/503include-only.conf;
    #    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-e $request_filename) {
            rewrite ^/(.*) /index.php?_page_url=$1 last;
        }
        fastcgi_keep_conn on;
        fastcgi_pass dft_php;
        #fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    #sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 3000s;
    fastcgi_send_timeout 3000s;
    fastcgi_read_timeout 3000s;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors off;
    send_timeout 3000s;
    proxy_connect_timeout 3000s;
    proxy_send_timeout  3000s;
    proxy_read_timeout  3000s;
    client_max_body_size 0;
    
    # next 3 lines when uncommented / enabled
    # allow Nginx to handle uploads which then
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }
    
    I try to restart nginx but it gives the following error
    Code:
    Oct 27 15:06:55 hostname.domain.com systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server...
    Oct 27 15:06:55 hostname.domain.com nginx[58282]: Starting nginx: nginx: [emerg] unknown "geoip2_data_location_metrocode" variable
    Oct 27 15:06:55 hostname.domain.com nginx[58282]: [FAILED]
    Oct 27 15:06:55 hostname.domain.com systemd[1]: nginx.service: control process exited, code=exited status=1
    Oct 27 15:06:55 hostname.domain.com systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    Oct 27 15:06:55 hostname.domain.com systemd[1]: Unit nginx.service entered failed state.
    Oct 27 15:06:55 hostname.domain.com systemd[1]: nginx.service failed.

    so i went back to the above guide and found that i should uncomment this line in geoip.conf


    # GeoIP2 Lite databases
    #include /usr/local/nginx/conf/geoip2.conf;

    After uncommenting this line i get the following error
    Code:
    Oct 27 15:23:36 hostname.domain.com systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server...
    Oct 27 15:23:36 hostname.domain.com nginx[59990]: Starting nginx: nginx: [emerg] MMDB_open("/usr/share/GeoIP/GeoLite2-City.mmdb") failed - Error opening the specified MaxMi...oip2.conf:9
    Oct 27 15:23:36 hostname.domain.com nginx[59990]: [FAILED]
    Oct 27 15:23:36 hostname.domain.com systemd[1]: nginx.service: control process exited, code=exited status=1
    Oct 27 15:23:36 hostname.domain.com systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server.
    Oct 27 15:23:36 hostname.domain.com systemd[1]: Unit nginx.service entered failed state.
    Oct 27 15:23:36 hostname.domain.com systemd[1]: nginx.service failed.

    I did everything right but still not working, can anyone please guide me where i made the mistake.

    Nginx -V shows

    Code:
    nginx version: nginx/1.21.3 (231021-152621-centos7-d7b213d-br-9aec15e)
    built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
    built with OpenSSL 1.1.1l  24 Aug 2021
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib -flto=24 -fuse-ld=gold' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto=24 -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-error=pointer-sign -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=231021-152621-centos7-d7b213d-br-9aec15e --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../ngx_http_geoip2_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5.1 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.62 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.19 --add-module=../srcache-nginx-module-0.32 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1l
     
  2. skringjer

    skringjer NoobMaster69

    208
    26
    28
    Apr 21, 2019
    Ratings:
    +43
    Local Time:
    2:01 AM
    Nginx 1.21.6
    MariaDB 10.3.x
    And strange thing contents of /usr/share/GeoIP

    Code:
    -rw-r--r--  1 root root 20539238 Jan  8  2019 GeoIPCity.dat
    -rw-r--r--  1 root root  1242574 Jan  8  2019 GeoIP.dat
    -rw-r--r--. 1 root root  1242574 Aug  8  2019 GeoIP-initial.dat
    lrwxrwxrwx. 1 root root       19 Oct 23 10:03 GeoIPv6.dat -> GeoIPv6-initial.dat
    -rw-r--r--. 1 root root  2322773 Aug  8  2019 GeoIPv6-initial.dat
    -rw-r--r--  1 root root 20539238 Jan  8  2019 GeoLiteCity.dat
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,647
    12,230
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,799
    Local Time:
    7:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. eva2000

    eva2000 Administrator Staff Member

    54,647
    12,230
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,799
    Local Time:
    7:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Does it work if you re-run centmin.sh menu option 4 to recompile nginx 1.21.3? If it doesn't work or does, might then need to check the full nginx upgrade log at /root/centminlogs and instructions under Sharing logs and errors heading for using Pastebin.com or Gists to share a sanitised version of the contents of the nginx_upgrade.log log. You can see full details at How to troubleshoot Centmin Mod initial install issues

    also what's output of
    Code (Text):
    nginx -t

    when you run centmin.sh menu option 4 there's a nginx upgrade log timestamped at /root/centminlogs

    if you type this command it lists all logs in date ascending order so latest log at bottom
    Code (Text):
    ls -lArt /root/centminlogs

    so copy the entire contents of latest nginx_upgrade log to gist.github.com or pastebin.com

    you can use grep to filter the logs, i.e. look for nginx_upgrade in log name
    Code (Text):
    ls -lahrt /root/centminlogs/ | grep nginx_upgrade
    -rw-r--r--  1 root root 3.2M Oct 11 15:55 centminmod_1.2.3-eva2000.09.001_111016-155345_nginx_upgrade.log
    -rw-r--r--  1 root root 672K Oct 11 22:06 centminmod_1.2.3-eva2000.09.001_111016-220515_nginx_upgrade.log

    So the last nginx upgrade log was named centminmod_1.2.3-eva2000.09.001_111016-220515_nginx_upgrade.log and located at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-220515_nginx_upgrade.log

    then use cat command to output the contents of that log

    clear your ssh window buffer/screen and type
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-220515_nginx_upgrade.log

    then select and copy and paste output to pastebin.com or gist.github.com file to share. If your SSH client's scroll buffer isn't large enough using cat might not output the entire log file contents, so you may need to download the log and use local text editor to open and copy and paste.

    so only need content of one specific log, in this case most recent nginx_upgrade.log log
     
  5. skringjer

    skringjer NoobMaster69

    208
    26
    28
    Apr 21, 2019
    Ratings:
    +43
    Local Time:
    2:01 AM
    Nginx 1.21.6
    MariaDB 10.3.x
    This is so strange i recompiled nginx 4 times before on this exact same server but it wouldnt fix the issue, now for the sake of latest logs i recompiled and it fixed the issue, its working fine now.

    Could it be that my server was under immense load? that it didnt install the geoIP modules? now that its not underload its installing them fine.
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,647
    12,230
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,799
    Local Time:
    7:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Could be download links for GeoIP2 Lite databases had temp network connectivity issues. If you check nginx upgrade logs for each run, you can maybe see where GeoIP2 Lite downloads occurred and if they failed.
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,647
    12,230
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,799
    Local Time:
    7:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI, I've made another Centmin Mod 123.09beta01 update you can pull down via cmupdate command for this to ensure it downloads the right databases too. If after cmupdate, you do centmin.sh menu option 4 nginx recompile with following persistent config files set prior to nginx recompile.
    Code (Text):
    MM_LICENSE_KEY='your_maxmindb_key'
    NGINX_GEOIPTWOLITE='y'
    NGXDYNAMIC_GEOIPTWOLITE='y'
    

    and the databases don't already exist, you can check nginx upgrade log for the downloaded databases i.e. for nginx upgrade log /root/centminlogs/centminmod_123.09beta01.b714_281021-111530_nginx_upgrade.log do a grep for keyword = 'geolite2' and display matches with context of 5 lines before/after match.

    Code (Text):
    grep -C5 -in geolite2 /root/centminlogs/centminmod_123.09beta01.b714_281021-111530_nginx_upgrade.log
    3973-Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20190902/
    3974-/svr-setup /svr-setup/nginx-1.21.3 /usr/local/src/centminmod
    3975-
    3976-/usr/share/GeoIP /svr-setup /svr-setup/nginx-1.21.3 /usr/local/src/centminmod
    3977-------------------------------------------------------
    3978:GeoLite2 City database download ...
    3979-------------------------------------------------------
    3980-HTTP/2 200 
    3981:--2021-10-28 11:16:29--  https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=MYKEY&suffix=tar.gz
    3982-Resolving download.maxmind.com... 104.16.37.47, 104.16.38.47
    3983-Connecting to download.maxmind.com|104.16.37.47|:443... connected.
    3984-HTTP request sent, awaiting response... 200 OK
    3985-Length: 35388580 (34M) [application/gzip]
    3986:Saving to: ‘/usr/share/GeoIP/GeoLite2-City.tar.gz’
    3987-
    3988-     0K .......... .......... .......... .......... ..........  0% 38.1M 1s
    3989-    50K .......... .......... .......... .......... ..........  0% 74.1M 1s
    3990-   100K .......... .......... .......... .......... ..........  0%  113M 1s
    3991-   150K .......... .......... .......... .......... ..........  0% 61.4M 1s
    --
    4676- 34400K .......... .......... .......... .......... .......... 99% 97.2M 0s
    4677- 34450K .......... .......... .......... .......... .......... 99%  101M 0s
    4678- 34500K .......... .......... .......... .......... .......... 99%  121M 0s
    4679- 34550K .........                                             100%  159M=0.3s
    4680-
    4681:2021-10-28 11:16:29 (109 MB/s) - ‘/usr/share/GeoIP/GeoLite2-City.tar.gz’ saved [35388580/35388580]
    4682-
    4683:GeoLite2-City_20211026/
    4684:GeoLite2-City_20211026/README.txt
    4685:GeoLite2-City_20211026/COPYRIGHT.txt
    4686:GeoLite2-City_20211026/GeoLite2-City.mmdb
    4687:GeoLite2-City_20211026/LICENSE.txt
    4688-------------------------------------------------------
    4689:GeoLite2 Country database download ...
    4690-------------------------------------------------------
    4691-HTTP/2 200 
    4692:--2021-10-28 11:16:30--  https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=MYKEY&suffix=tar.gz
    4693-Resolving download.maxmind.com... 104.16.37.47, 104.16.38.47
    4694-Connecting to download.maxmind.com|104.16.37.47|:443... connected.
    4695-HTTP request sent, awaiting response... 200 OK
    4696-Length: 3085632 (2.9M) [application/gzip]
    4697:Saving to: ‘/usr/share/GeoIP/GeoLite2-Country.tar.gz’
    4698-
    4699-     0K .......... .......... .......... .......... ..........  1% 38.5M 0s
    4700-    50K .......... .......... .......... .......... ..........  3% 85.8M 0s
    4701-   100K .......... .......... .......... .......... ..........  4%  117M 0s
    4702-   150K .......... .......... .......... .......... ..........  6% 67.1M 0s
    --
    4756-  2850K .......... .......... .......... .......... .......... 96%  132M 0s
    4757-  2900K .......... .......... .......... .......... .......... 97%  119M 0s
    4758-  2950K .......... .......... .......... .......... .......... 99%  121M 0s
    4759-  3000K .......... ...                                        100%  130M=0.03s
    4760-
    4761:2021-10-28 11:16:30 (107 MB/s) - ‘/usr/share/GeoIP/GeoLite2-Country.tar.gz’ saved [3085632/3085632]
    4762-
    4763:GeoLite2-Country_20211026/
    4764:GeoLite2-Country_20211026/COPYRIGHT.txt
    4765:GeoLite2-Country_20211026/GeoLite2-Country.mmdb
    4766:GeoLite2-Country_20211026/LICENSE.txt
    4767-------------------------------------------------------
    4768:GeoLite2 ASN database download ...
    4769-------------------------------------------------------
    4770-HTTP/2 200 
    4771:--2021-10-28 11:16:31--  https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=MYKEY&suffix=tar.gz
    4772-Resolving download.maxmind.com... 104.16.37.47, 104.16.38.47
    4773-Connecting to download.maxmind.com|104.16.37.47|:443... connected.
    4774-HTTP request sent, awaiting response... 200 OK
    4775-Length: 4171619 (4.0M) [application/gzip]
    4776:Saving to: ‘/usr/share/GeoIP/GeoLite2-ASN.tar.gz’
    4777-
    4778-     0K .......... .......... .......... .......... ..........  1% 40.0M 0s
    4779-    50K .......... .......... .......... .......... ..........  2% 65.6M 0s
    4780-   100K .......... .......... .......... .......... ..........  3% 83.1M 0s
    4781-   150K .......... .......... .......... .......... ..........  4% 78.8M 0s
    --
    4856-  3900K .......... .......... .......... .......... .......... 96%  116M 0s
    4857-  3950K .......... .......... .......... .......... .......... 98%  111M 0s
    4858-  4000K .......... .......... .......... .......... .......... 99%  132M 0s
    4859-  4050K .......... .......... ...                             100%  133M=0.04s
    4860-
    4861:2021-10-28 11:16:31 (102 MB/s) - ‘/usr/share/GeoIP/GeoLite2-ASN.tar.gz’ saved [4171619/4171619]
    4862-
    4863:GeoLite2-ASN_20211026/
    4864:GeoLite2-ASN_20211026/COPYRIGHT.txt
    4865:GeoLite2-ASN_20211026/GeoLite2-ASN.mmdb
    4866:GeoLite2-ASN_20211026/LICENSE.txt
    4867-------------------------------------------------------
    4868-Check GeoIP2 Lite Databases
    4869-------------------------------------------------------
    4870-
    4871:-rw-r--r-- 1 root root 7.2M Oct 26 13:01 /usr/share/GeoIP/GeoLite2-ASN.mmdb
    4872:-rw-r--r-- 1 root root  70M Oct 26 13:11 /usr/share/GeoIP/GeoLite2-City.mmdb
    4873:-rw-r--r-- 1 root root 6.0M Oct 26 13:05 /usr/share/GeoIP/GeoLite2-Country.mmdb
    4874-
    4875-
    4876-  mmdblookup --file /path/to/file.mmdb --ip 1.2.3.4 [path to lookup]
    4877-
    4878-  This application accepts the following options:
    --
    4913-
    4914-  If you do not provide a path to lookup, all of the information for a given IP
    4915-  will be shown.
    4916-
    4917-
    4918:/usr/local/bin/mmdblookup --file /usr/share/GeoIP/GeoLite2-Country.mmdb --ip 8.8.8.8 country names en
    4919-
    4920-  "United States" <utf8_string>
    4921-
    4922-
    4923:/usr/local/bin/mmdblookup --file /usr/share/GeoIP/GeoLite2-ASN.mmdb --ip 8.8.8.8 autonomous_system_number
    4924-
    4925-  15169 <uint32>
    4926-
    4927-
    4928:/usr/local/bin/mmdblookup --file /usr/share/GeoIP/GeoLite2-ASN.mmdb --ip 8.8.8.8 autonomous_system_organization
    4929-
    4930-  "GOOGLE" <utf8_string>
    4931-
    4932-
    4933-Setup geoip2 database updater cronjob
    

    If databases for GeoIP2 Lite already exist, the downloads are skipped, so you can test by manually removing or moving one of the databases to trigger the download routines when you run centmin.sh menu option 4 to recompile nginx
    Code (Text):
    mv /usr/share/GeoIP/GeoLite2-Country.mmdb /usr/share/GeoIP/GeoLite2-Country.mmdb-moved