靳闯博客 记录是一种习惯 、分享是一种态度
  • 波浪
  • 波浪
  • 波浪
  • 波浪
在Nginx中配置使用Geoip2模块
发表于: | 分类: 技术积累 | 标签: Centos7 Nginx Geoip

nginx使用geoip2模块来限制用户地区的访问


安装 libmaxminddb: libmaxminddb-1.6.0.tar.gz

tar xf libmaxminddb-1.6.0.tar.gz
cd libmaxminddb-1.6.0/
./configure && make && make install
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

下载 geoip2模块: https://github.com/leev/ngx_http_geoip2_module

# 下载到你自定义目录中然后解压
cd /usr/local/nginx/src/
tar xf ngx_http_geoip2_module-3.3.tar.gz

nginx重新编译增加新的模块

# 查看现有nginx的配置参数
nginx -V

nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) 
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/usr/local/nginx/client_temp --http-proxy-temp-path=/usr/local/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/nginx/scgi_temp --user=nginx --group=nginx --with-mail --with-stream --with-threads --with-file-aio --with-poll_module --with-select_module --with-http_v2_module --with-http_flv_module --with-http_mp4_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_ssl_module --with-http_geoip_module --with-http_slice_module --with-http_gunzip_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-pcre=/source/pcre-8.44 --with-openssl=/source/openssl-1.1.1f --with-zlib=/source/zlib-1.2.11


# 进入到原来的nginx源码目录中,重新configure,把之前的配置参数复制过来,然后最后增加geoip2模块支持(--add-module)
./configure --prefix=/usr/local/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/usr/local/nginx/client_temp --http-proxy-temp-path=/usr/local/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/nginx/scgi_temp --user=nginx --group=nginx --with-mail --with-stream --with-threads --with-file-aio --with-poll_module --with-select_module --with-http_v2_module --with-http_flv_module --with-http_mp4_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_ssl_module --with-http_geoip_module --with-http_slice_module --with-http_gunzip_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-pcre=/source/pcre-8.44 --with-openssl=/source/openssl-1.1.1f --with-zlib=/source/zlib-1.2.11 --add-module=/usr/local/src/ngx_http_geoip2_module

# 看configure输出有Geoip的,没有什么错误就通过了
······
configuring additional modules
adding module in /usr/local/nginx/src/ngx_http_geoip2_module-3.3
checking for MaxmindDB library ... found
 + ngx_geoip2_module was configured
checking for GD library ... found
checking for GD WebP support ... not found
checking for GeoIP library ... found
checking for GeoIP IPv6 support ... found
creating objs/Makefile
······

# 编译(不要安装)
make

# 替换原来的nginx命令(二进制文件)
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_old
cp objs/nginx /usr/local/nginx/sbin/

重启下nginx,验证模块是否已经有了

nginx -V

nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) 
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/usr/local/nginx/client_temp --http-proxy-temp-path=/usr/local/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/nginx/scgi_temp --user=nginx --group=nginx --with-mail --with-stream --with-threads --with-file-aio --with-poll_module --with-select_module --with-http_v2_module --with-http_flv_module --with-http_mp4_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_ssl_module --with-http_geoip_module --with-http_slice_module --with-http_gunzip_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-pcre=/source/pcre-8.44 --with-openssl=/source/openssl-1.1.1f --with-zlib=/source/zlib-1.2.11 --add-module=/usr/local/nginx/src/ngx_http_geoip2_module-3.3

nmodule.png

nginx加载geoip数据文件,添加访问策略(ip数据库文件请自行网上查找下载)

# 修改nginx配置文件((添加在http段里面server段外面)
http{
······
    # 国家代码缩写
    geoip2 /usr/local/nginx/geoip2/GeoLite2-Country.mmdb {
        $geoip2_country_code country iso_code;
    }
    # 城市地区名称
    geoip2 /usr/local/nginx/geoip2/GeoLite2-City.mmdb {
        $geoip2_city_names location time_zone;
    }
    # 映射
    map $geoip2_country_code $allowed_country {
        default yes;
        CN no;
    }
    map $geoip2_city_names $allowed_city {
        default yes;
        Asia/Shanghai no;
    }

server {
    ······
    #添加响应头,方便查看是否生效
    add_header country $geoip2_country_code;
    add_header city $geoip2_city_names;

    # 访问地区匹配规则
    # 匹配城市名称定义为no的,禁止访问
    #if ( $allowed_city = no ) { return 403; }
    # 匹配国家代码定义为no的,禁止访问
    #if ( $allowed_country = no ) { return 403; }

}
}

发送请求,查看响应头信息

nggeoip.png

开启匹配上海地区的禁止访问,查看日志确认下是否返回403

nggeoip1.png


商业转载请联系作者获得授权,非商业转载请注明出处 本文地址:https://me.jinchuang.org/archives/1169.html

如果这篇文章帮助到了你,我感到十分荣幸!


📑 留言内容 ↴

  1. 牛逼~ 666

📬 评论留言 ↴

TOP