用NGINX的GeoIp库做国外ip屏蔽

发表于 | 分类于

安装GeoIp模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

## 安装模块,nginx也是通过yum安装

yum install nginx-module-geoip

## 安装对应nginx 版本的 模块

yum --showduplicate list nginx-module-geoip

nginx-module-geoip.x86_64    1:1.12.0-1.el7.ngx       nginx
nginx-module-geoip.x86_64    1:1.12.1-1.el7.ngx       nginx
nginx-module-geoip.x86_64    1:1.12.2-1.el7_4.ngx     nginx
nginx-module-geoip.x86_64    1:1.14.0-1.el7_4.ngx     nginx

yum install nginx-module-geoip-1:1.12.2-1.el7_4.ngx.x86_64


ls /usr/lib64/nginx/modules/
ngx_http_geoip_module-debug.so  ngx_http_geoip_module.so  ngx_stream_geoip_module-debug.so  ngx_stream_geoip_module.so

下载ip库

本地下载GeoIP库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

## 下载ip库信息文件并放在/etc/nginx/geoip/目录

mkdir -p /etc/nginx/geoip/

## 旧版本库,官网将在201902停止提供下载
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz -O /etc/nginx/geoip/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -O /etc/nginx/geoip/GeoLiteCity.dat.gz

## 新版数据库不支持,第三方插件地址: https://github.com/leev/ngx_http_geoip2_module
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz -O /etc/nginx/geoip/GeoLite2-Country.tar.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz -O /etc/nginx/geoip/GeoLite2-City.tar.gz

gunzip /etc/nginx/geoip/GeoIP.dat.gz 
gunzip /etc/nginx/geoip/GeoLiteCity.dat.gz

修改nginx配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
vi /etc/nginx/nginx.conf

## 模块加载最好放在顶部,必须放在event配置项前面,否则报错
load_module modules/ngx_http_geoip_module.so;
#load_module modules/ngx_stream_geoip_module.so;
......

http
{

    geoip_country /etc/nginx/geoip/GeoIP.dat;
    
    #不按城市划分,就不需要加载
    #geoip_city /etc/nginx/geoip/GeoLiteCity.dat;
    ## 如果前端有反向代理的话
    #geoip_proxy           192.168.100.0/24;
    #geoip_proxy           2001:0db8::/32;
    #geoip_proxy_recursive on;

    ## 用于php-fpm
    fastcgi_param GEOIP_COUNTRY_CODE  $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME  $geoip_country_name;

    server {
        listen 80;
        server_name localhost;

        location / {

            set $adminflag 0;

            if ( $request_uri ~* "/+(downloader|admin)" )
            {
                set $adminflag 1;
                #rewrite ^/(.*)$ $scheme://$host/myip permanent;
            }

            if ( $geoip_country_code != CN ) {
                set $adminflag "${adminflag}1";
                #return 301 $scheme://$host/myip;
            }

            if ( $adminflag = "11" )
            {
                return 403;
            }


            root /usr/share/nginx/html;
            index index.html index.htm;
        }

        location /myip {
            default_type text/plain;
            return 200 "$remote_addr $geoip_country_name $geoip_country_code $geoip_city";
        }
    }


}

GeoIP参数

http://nginx.org/en/docs/http/ngx_http_geoip_module.html




Syntax:     geoip_country file;
Default:     —
Context:     http

Specifies a database used to determine the country depending on the client IP address. The following variables are available when using this database:

$geoip_country_code
    two-letter country code, for example, “RU”, “US”. 
$geoip_country_code3
    three-letter country code, for example, “RUS”, “USA”. 
$geoip_country_name
    country name, for example, “Russian Federation”, “United States”. 





Syntax:     geoip_city file;
Default:     —
Context:     http

Specifies a database used to determine the country, region, and city depending on the client IP address. The following variables are available when using this database:

$geoip_area_code
    telephone area code (US only).

        This variable may contain outdated information since the corresponding database field is deprecated. 

$geoip_city_continent_code
    two-letter continent code, for example, “EU”, “NA”. 
$geoip_city_country_code
    two-letter country code, for example, “RU”, “US”. 
$geoip_city_country_code3
    three-letter country code, for example, “RUS”, “USA”. 
$geoip_city_country_name
    country name, for example, “Russian Federation”, “United States”. 
$geoip_dma_code
    DMA region code in US (also known as “metro code”), according to the geotargeting in Google AdWords API. 
$geoip_latitude
    latitude.
$geoip_longitude
    longitude.
$geoip_region
    two-symbol country region code (region, territory, state, province, federal land and the like), for example, “48”, “DC”. 
$geoip_region_name
    country region name (region, territory, state, province, federal land and the like), for example, “Moscow City”, “District of Columbia”. 
$geoip_city
    city name, for example, “Moscow”, “Washington”. 
$geoip_postal_code
    postal code.