在 nGinx 中检查 GeoIP 不起作用
Posted
技术标签:
【中文标题】在 nGinx 中检查 GeoIP 不起作用【英文标题】:Checking for GeoIP in nGinx does not work 【发布时间】:2022-01-23 20:14:54 【问题描述】:我有一个国家列表,我想限制对 Web 应用程序的访问。例如,应该禁止来自俄罗斯的用户访问我的 Web 应用程序。我下载了国家数据库并创建了一个带有地图的单独文件。然后我在nginx.conf 中注册了配置,但访问没有被阻止。可能是什么问题?
基地:
https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/GeoIP.dat.gz
这个文件的路径是:/etc/nginx/geoip/GeoIP.dat
带有地图 block.map.include 的新包含文件:
这个文件的路径是:/etc/nginx/block.map.include
geoip_country /etc/nginx/geoip/GeoIP.dat;
map $geoip_country_code $allowed_country
default yes;
RU no;
...//and more contries
在 nginx.conf 我添加了包含模块:
include /etc/nginx/modules-enabled/*;
然后在http添加:
#GeoIP
include /etc/nginx/block.map.include;
在我添加的所有server 组中:
if ($allowed_country = no)
return 403;
我的完整nginx.conf
user root;
include /etc/nginx/modules-enabled/*;
worker_processes auto;
worker_rlimit_nofile 20960;
events
worker_connections 1024;
multi_accept on;
use epoll;
epoll_events 512;
http
#GeoIP
include /etc/nginx/block.map.include;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/warn.log warn;
server_tokens off;
upstream thumbor
server localhost:8888;
upstream solr
server localhost:8983;
upstream minio
server localhost:9000;
upstream activemq
server localhost:8161;
upstream wildfly
ip_hash;
server localhost:8008;
server localhost:8018;
server
if ($allowed_country = no)
return 403;
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/__****.crt;
ssl_certificate_key /etc/ssl/private.key;
ssl_verify_client off;
root /var/www/special/not/exist/html;
server_name ****.ru;
location /
try_files $uri $uri/ =404;
server
if ($allowed_country = no)
return 403;
listen 80;
server_name ****.ru;
rewrite ^ https://****.ru$request_uri? permanent;
server
if ($allowed_country = no)
return 403;
listen 443 ssl;
server_name ****.ru;
ssl_certificate /etc/ssl/__****.crt;
ssl_certificate_key /etc/ssl/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
client_body_buffer_size 8k;
client_max_body_size 20m;
client_body_in_single_buffer on;
client_header_buffer_size 1m;
large_client_header_buffers 4 8k;
location /****/thumbor/
proxy_pass http://thumbor/;
location /solr
proxy_pass http://solr;
location /minio
proxy_pass http://minio;
location /activemq
proxy_pass http://activemq;
location /
proxy_pass http://wildfly/;
proxy_buffer_size 16k;
proxy_buffers 16 16k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_read_timeout 180s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ )
return 405;
附:服务器位于DEBIAN。 nGinx 中没有警告和错误。
【问题讨论】:
【参考方案1】:您可以按照http://nginx.org/en/docs/debugging_log.html 中提到的那样打开调试模式
【讨论】:
以上是关于在 nGinx 中检查 GeoIP 不起作用的主要内容,如果未能解决你的问题,请参考以下文章
python-geoip 在 python3.4 上不起作用?