Last active
October 1, 2023 15:50
-
-
Save kmjones1979/fcabb4731bbf85b9c50189e90d76b1c1 to your computer and use it in GitHub Desktop.
Example NGINX configuration to route based on country code using GeoIP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # load dynamic modules | |
| load_module /etc/nginx/modules/ngx_http_geoip_module.so; | |
| user nginx; | |
| worker_processes auto; | |
| error_log /var/log/nginx/error.log info; | |
| pid /var/run/nginx.pid; | |
| events { worker_connections 1024; } | |
| http { | |
| default_type text/html; | |
| log_format main 'remote_addr: $remote_addr, remote_user: $remote_user [time_local: $time_local] request: "$request" ' | |
| 'status: $status, body_bytes_sent: $body_bytes_sent, http_referer: "$http_referer" ' | |
| 'http_user_agent: "$http_user_agent:", http_x_forwarded_for: "$http_x_forwarded_for" ' | |
| 'geoip_area_code: $geoip_area_code, geoip_city: $geoip_city, geoip_city_continent_code: $geoip_city_continent_code, geoip_city_country_code: $geoip_city_country_code, geoip_city_country_code3: $geoip_city_country_code3, geoip_city_country_name: $geoip_city_country_name, geoip_country_code: $geoip_country_code, geoip_country_code3: $geoip_country_code3, geoip_country_name: $geoip_country_name, geoip_dma_code: $geoip_dma_code, geoip_latitude: $geoip_latitude, geoip_longitude: $geoip_longitude, geoip_org: $geoip_org, geoip_postal_code: $geoip_postal_code, geoip_region: $geoip_region, geoip_region_name: $geoip_region_name'; | |
| access_log /var/log/nginx/access.log main; | |
| # load Maxmind GeoIP library | |
| geoip_country /etc/nginx/GeoIP/GeoIP.dat; | |
| geoip_city /etc/nginx/GeoIP/GeoLiteCity.dat; | |
| geoip_proxy 127.0.0.1; | |
| # map country code to specific NGINX upstream | |
| map $geoip_country_code $upstream { | |
| LR web_lr; | |
| US web_us; | |
| RU web_russia; | |
| default $subnet; | |
| } | |
| # map private subnets to $subnet variable (used in upstream map above) | |
| geo $subnet { | |
| 127.0.0.0/24 web_us; | |
| 10.0.0.0/24 web_us; | |
| 192.168.1.0/24 web_us; | |
| default web_default; | |
| } | |
| upstream web_lr { | |
| zone web-lr 64k; | |
| server 127.0.0.1:3001; | |
| } | |
| upstream web_russia { | |
| zone web-russia 64k; | |
| server 127.0.0.1:4001; | |
| } | |
| upstream web_us { | |
| zone web-us 64k; | |
| server 127.0.0.1:5001; | |
| } | |
| upstream web_default { | |
| zone web-default 64k; | |
| server 127.0.0.1:6001; | |
| } | |
| server { | |
| status_zone web-lr-backend; | |
| listen 3001; | |
| location / { | |
| return 200 "GeoIP has matched this request to a LR country code. | |
| http_x_realip:\t $http_x_real_ip\n | |
| http_x_forwarded_for:\t $http_x_forwarded_for\n | |
| geoip_country_code:\t $geoip_country_code\n"; | |
| } | |
| } | |
| server { | |
| status_zone web-russia-backend; | |
| listen 4001; | |
| location / { | |
| return 200 "GeoIP has matched this request to a RU country code. | |
| http_x_realip:\t $http_x_real_ip\n | |
| http_x_forwarded_for:\t $http_x_forwarded_for\n | |
| geoip_country_code:\t $geoip_country_code\n"; | |
| } | |
| } | |
| server { | |
| status_zone web-us-backend; | |
| listen 5001; | |
| location / { | |
| return 200 "GeoIP has matched this request to a US country code.\n | |
| http_x_realip:\t $http_x_real_ip\n | |
| http_x_forwarded_for:\t $http_x_forwarded_for\n | |
| geoip_country_code:\t $geoip_country_code\n"; | |
| } | |
| } | |
| server { | |
| status_zone web-default-backend; | |
| listen 6001; | |
| location / { | |
| return 200 "NGINX has routed this request to the default site.\n | |
| http_x_realip:\t $http_x_real_ip\n | |
| http_x_forwarded_for:\t $http_x_forwarded_for\n | |
| geoip_country_code:\t $geoip_country_code\n"; | |
| } | |
| } | |
| server { | |
| status_zone nginx-frontend; | |
| listen 80; | |
| location / { | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-GeoIP-Country-Code $geoip_country_code; | |
| real_ip_header X-Forwarded-For; | |
| proxy_pass http://$upstream; | |
| } | |
| } | |
| server { | |
| listen 8080; | |
| status_zone status-page; | |
| root /usr/share/nginx/html; | |
| location = /status.html { } | |
| location = /status-old.html { } | |
| location = / { | |
| return 301 /status.html; | |
| } | |
| location /status { | |
| status; | |
| status_format json; | |
| access_log off; | |
| } | |
| location /upstream_conf { | |
| upstream_conf; | |
| } | |
| } | |
| } |
Hi Ram,
Double check the refer is working as expected. Perhaps log the $upstream
variable and make sure it grabbing the correct country code. Also it would
be good to set a default maybe.
On Sat, Apr 9, 2022 at 4:32 AM Ram Pal ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Hello, how to make setup with geoip2 .mmdb file. I want to run
GeoIP2+Nginx+NginxLoadBalancer for tomcat country wise. My current file is
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb{
$geoip2_data_country_code $upstream;
}
map $geoip2_data_country_code $upstream {
IN in_lb;
DE de_lb;
CA ca_lb;
}
upstream in_lb {
server 192.168.1.5:8080;
}
upstream de_lb {
server 192.168.5.10:8080;
}
upstream ca_lb {
server 192.168.10.10:8080;
}
server {
listen 80;
server_name my.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-GeoIP-Country-Code $geoip2_data_country_code;
real_ip_header X-Forwarded-For;
proxy_pass http://$upstream;
}
}
Error: 500 Internal Server Error
nginx
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/fcabb4731bbf85b9c50189e90d76b1c1#gistcomment-4126798>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABUDLSZJWN6HONBEGYQ5X4LVEE6A3ANCNFSM5S6U4DZA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
Kevin Jones
kevinjonescreates.com
Thanks @kmjones1979 for reply
Now I not going to set multi upstream here and main issue was in variables. New configurations working fine as below
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb{
$geoip2_data_country_iso_code country iso_code;
}
map $geoip2_data_country_iso_code $upstream {
IN 192.168.1.5: (there is already load balancer working on 192.168.1.5 )
DE 192.168.5.10; (there is already load balancer working on 192.168.5.10)
}
It seems me good way, Is there any loop fall in this .conf ?
Hello, I am getting output "502 bad gateway" using below configuration. What may issue ? if I mentioned port with IP under upstream and and remove port in proxy_pass then its working but that will not fulfill my requirement. Actually there are running 5 tomcat with 5 different ports on single server like 172.16.1.5 only
upstream lb_ind {
server 172.16.1.5;
server 172.16.1.6;
}
upstream lb_france {
server 172.17.1.7;
}
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb{
$geoip2_data_country_iso_code country iso_code;
}
map $geoip2_data_country_iso_code $itsupstream {
IN lb_ind;
DE lb_german;
CA lb_canada;
FR lb_france;
US lb_france;
}
server {
listen 80;
server_name my.domain.com;
location /oauth2/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://$itsupstream:8282$request_uri/;
}
location /producer/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://$itsupstream:8181$request_uri;
}
}
Hi Ram,
Can you log the variables? Also what happens when you test using curl -iL
on the target URL, send the log as well but I’m guessing there’s an issue
with your proxy pass line.
Try and see if this works? Under /producer make this change then test.
set $port 8181:
proxy_pass http://$itsupstream:$port$request_uri;
If that doesn’t work revert and send me the outputs I requested.
On Sat, Apr 30, 2022 at 2:44 AM Ram Pal ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Hello, I am getting output "502 bad gateway" using below configuration.
What may issue ? if I mentioned port with IP under upstream and and remove
port in proxy_pass then its working but that will not fulfill my requirement
upstream lb_ind {
server 172.16.1.5;
server 172.16.1.6;
}
upstream lb_france {
server 172.17.1.7;
}
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb{
$geoip2_data_country_iso_code country iso_code;
}
map $geoip2_data_country_iso_code $itsupstream {
IN lb_ind;
DE lb_german;
CA lb_canada;
FR lb_france;
US lb_france;
}
server {
listen 80;
server_name my.domain.com;
location /oauth2/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://$itsupstream:8282$request_uri/;
}
location /producer/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://$itsupstream:8181$request_uri;
}
}
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/fcabb4731bbf85b9c50189e90d76b1c1#gistcomment-4150024>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABUDLS4ZISAB26QQVR736U3VHT6H7ANCNFSM5S6U4DZA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Kevin Jones
kevinjonescreates.com
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, how to make setup with geoip2 .mmdb file. I want to run GeoIP2+Nginx+NginxLoadBalancer for tomcat country wise. My current file is
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb{
$geoip2_data_country_code $upstream;
}
map $geoip2_data_country_code $upstream {
IN in_lb;
DE de_lb;
CA ca_lb;
}
upstream in_lb {
server 192.168.1.5:8080;
}
upstream de_lb {
server 192.168.5.10:8080;
}
upstream ca_lb {
server 192.168.10.10:8080;
}
server {
listen 80;
server_name my.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-GeoIP-Country-Code $geoip2_data_country_code;
real_ip_header X-Forwarded-For;
proxy_pass http://$upstream;
}
}
Error: 500 Internal Server Error
nginx