Nginx+GeoIP拦截国外请求
下载 GeoIP bat 文件
https://www.miyuru.lk/geoiplegacy
配置步骤
1. 安装 GeoIP libarary
1
2
3
4
5
| $ apt-cache search geoip
...
libgeoip-dev - Development files for the GeoIP library
...
$ apt-get install libgeoip-dev
|
2. 编译&安装 nginx
1
2
3
| $ cd /data/nginx-1.20.1
$ ./configure --user=apache --group=apache --prefix=/data/nginx2 --with-http_ssl_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_geoip_module
$ make && make install
|
3. 下载 GeoIP dat 文件
1
2
3
4
5
6
7
| $ cd /data/nginx2
$ wget --no-check-certificate -c https://dl.miyuru.lk/geoip/maxmind/city/maxmind.dat.gz
$ gzip -d maxmind.dat.gz
$ mv maxmind.dat maxmind-city.dat
$ wget --no-check-certificate -c https://dl.miyuru.lk/geoip/maxmind/country/maxmind.dat.gz
$ gzip -d maxmind.dat.gz
$ mv maxmind.dat maxmind-country.dat
|
4. 修改 nginx 配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| http {
geoip_country /data/nginx2/maxmind-country.dat;
geoip_city /data/nginx2/maxmind-city.dat;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$geoip_country_code" "$geoip_country_code3" "$geoip_country_name" "$geoip_city_country_code" "$geoip_city_country_code3" "$geoip_city_country_name"'
'- "$geoip_region" "$geoip_city" "$geoip_postal_code" "$geoip_city_continent_code" "$geoip_latitude" "$geoip_longitude"';
...
server {
listen 40000;
location / {
root html;
index index.html index.htm;
if ( $geoip_country_code != 'CN') {
return 403;
}
proxy_pass http://127.0.0.1:8080;
}
}
}
|
5. 重新加载nginx配置文件
1
| $ /data/nginx2/sbin/nginx -s reload
|
扩展
参考
