- If you want to see your client website region, you can install GeoIP module on Nginx
- The project I've worked on, using (Filebeat, Logstash, Elasticsearch) after GeoIP is installed then visualized using Kibana or Grafana :
sudo apt update
sudo apt install libnginx-mod-http-geoip
-
Install GeoIP
- You must sign up on https://dev.maxmind.com/geoip/geoip2/geolite2/
- Generate License Key on https://www.maxmind.com/en/accounts/current/license-key
-
Install GeoIP Package
sudo add-apt-repository ppa:maxmind/ppa
apt update
apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate
apt install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
- Configure GeoIP
nano /etc/GeoIP.conf
# /etc/GeoIP.conf
# Replace YOUR_ACCOUNT_ID_HERE and YOUR_LICENSE_KEY_HERE with an active account
# ID and license key combination associated with your MaxMind account. These
# are available from https://www.maxmind.com/en/my_license_key.
AccountID YOUR_ACCOUNT_ID_HERE
LicenseKey YOUR_LICENSE_KEY_HERE
# Enter the edition IDs of the databases you would like to update.
# Multiple edition IDs are separated by spaces.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
sudo geoipupdate
- Auto Update GeoIP Database
sudo crontab -e
0 2 * * 2 /usr/bin/geoipupdate
- Download GeoIP from dist
wget https://github.com/leev/ngx_http_geoip2_module/archive/master.tar.gz ngx_http_geoip2_module.tar.gz
tar zxvf ngx_http_geoip2_module.tar.gz
- Generate
nginx -v (assume we use nginx.1.18.0)
wget http://nginx.org/download/nginx-1.18.0.tar.gz
chmod +x nginx-1.18.0.tar.gz
tar -xzvf nginx-1.18.0.tar.gz
cd nginx-1.18.0/
./configure --add-dynamic-module=../ngx_http_geoip2_module-master $(nginx -V) --with-compat
make
cp objs/ngx_http_geoip2_module.so /usr/lib/nginx/modules/
echo "load_module modules/ngx_http_geoip2_module.so;" > /etc/nginx/modules-available/mod-http-geoip2.conf
ln -s /etc/nginx/modules-available/mod-http-geoip2.conf /etc/nginx/modules-enabled/60-mod-http-geoip2.conf
nano /etc/nginx/nginx.conf
http {
map $http_referer $httpReferer {
default "$http_referer";
"" "(direct)";
}
map $http_user_agent $httpAgent {
default "$http_user_agent";
"" "Unknown";
}
map $geoip_country_code $geoIP {
default "$geoip_country_code";
"" "Unknown";
}
geoip_country /usr/share/GeoIP/GeoIP.dat;
log_format json_analytics escape=json '{'
'"time_local": "$time_local", '
'"remote_addr": "$remote_addr", '
'"request_uri": "$request_uri", '
'"status": "$status", '
'"http_referer": "$httpReferer", '
'"http_user_agent": "$httpAgent", '
'"server_name": "$server_name", '
'"request_time": "$request_time", '
'"geoip_country_code": "$geoIP"'
'}';
}
- Change on your nginx block file
server {
access_log /var/log/nginx/analytics.log json_analytics;
}
nginx -t
service nginx reload
- Configurar
nano /etc/nginx/nginx.conf
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
$geoip2_data_city_name city names en;
$geoip2_data_country_iso_code country iso_code;
$geoip2_data_country_name country names en;
}
- Log
log_format main_ext '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$geoip2_data_city_name $geoip2_data_country_name';
service nginx reload
stream {
geoip_country /usr/share/GeoIP/GeoIP.dat;
log_format basic '$remote_addr - - [$time_local] "REQ / TCPUDP/0.0" '
'$status $bytes_sent "-" '
'"TCPUDP" "-" '
'"TCPUDP" sn="TCPUDP" '
'rt=$upstream_connect_time '
'ua="-" us="$status" '
'ut="0" ul="0" '
'cs=- '
'http_referer=(direct) '
'geoip_country_code="$geoip_country_code" '
'geoip_city_code="TCPnoCity" '
'tcpudpaddr="$upstream_addr" ';
access_log /var/log/nginx/access.log basic;
}