Nginx禁止国外ip访问
#安装ip数据库
yum install gcc gcc-c++ make -y
wget https://github.com/maxmind/libmaxminddb/releases/download/1.4.2/libmaxminddb-1.4.2.tar.gz
tar -xzf libmaxminddb-1.4.2.tar.gz
cd libmaxminddb-1.4.2/
./configure
make
make check
make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/geoip.conf
ldconfig#安装ngx_http_geoip2_module 模块
useradd -M -s /sbin/nologin www
cd /usr/local/src
tar -zxf ngx_http_geoip2_module-master.zip
unzip ngx_http_geoip2_module-master.zip
mv ngx_http_geoip2_module-master ngx_http_geoip2_module
cd ngx_http_geoip2_module/
./configure --user=www --group=www --prefix=/usr/local/nginx \
--with-ld-opt="-Wl,-rpath -Wl,/usr/local/lib" \
--with-http_sub_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_ssl_module \
--with-http_v2_module \
--add-module=/usr/local/src/ngx_http_geoip2_module #注意路径
make && make install创建maxmaind账号(登录官网创建www.maxmind.com)
生成Account/User ID 和 License key
生成密钥后登录
cd /usr/local/src/
wget https://github.com/maxmind/geoipupdate/releases/download/v4.2.0/geoipupdate_4.2.0_linux_amd64.rpm
rpm -ivh geoipupdate_4.2.0_linux_amd64.rpm
#如果报错就卸载相关文件使用rpm -e GeoIP-1.5.0-11.el7.x86_64 --nodeps
vi /etc/GeoIP.conf
AccountID **** (这里填写刚刚生成的id)
LicenseKey **** (密钥)
#运行geoipupdate
/usr/bin/geoipupdate
cd /usr/share/GeoIP/
#把GeoLite2-City.mmdb文件cp到需要使用的目录
mkdir -p /usr/local/nginx/geoip/
cp -rf /usr/share/GeoIP/GeoLite2-City.mmdb /usr/local/nginx/geoip/maxmind-city.mmdb配置nginx
http {
...
geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb {
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
$geoip2_data_country_name country names en;
$geoip2_data_city_name default=London city names en;
$geoip2_data_province_name subdivisions 0 names en;
$geoip2_data_province_isocode subdivisions 0 iso_code;
}
....
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
fastcgi_param CITY_NAME $geoip2_data_city_name;
....
}#nginx配置中的变量名如,geoip2_data_country_code,geoip2_data_country_name 等等,都是自定义的名称,可以加在日志字段中添加 Nginx 配置 获取访问者的IP和国家代码。
location /get_ip {
default_type text/plain;
return 200 "$remote_addr $geoip2_data_country_code\n";
}在nginx 中配置黑名单国家的变量 $blacklist_country
在http{} 字段,任何include之前,添加如下配置
map geoip2_data_country_code $allowed_country {
default yes;
US no;
JP no;
SG no;
}
#以上配置将允许所有的国家,除了美国,日本,和新加坡
#也可以只允许中国访问,
map geoip2_data_country_code $allowed_country {
default no;
CN yes;
}#把下面的代码放到server{}字段, 这个代码也可以放到location{}字段
if ($allowed_country = no) {
return 403;
}最后nginx重载
nginx配置
worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb {
10 $geoip2_data_country_code default=US source=$remote_addr country iso_code;
11 $geoip2_data_country_name country names en;
12 $geoip2_data_city_name default=London city names en;
13 $geoip2_data_province_name subdivisions 0 names en;
14 $geoip2_data_province_isocode subdivisions 0 iso_code;
15 }
16 fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
17 fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
18 fastcgi_param CITY_NAME $geoip2_data_city_name;
19
20 keepalive_timeout 65;
21
22 server {
23 listen 80;
24 server_name localhost;
25
26 location / {
27 root html;
28 index index.html index.htm;
29 if ($allowed_country = no) {
30 return 403;
31 }
32 }
33 location /get_ip {
34 default_type text/plain;
35 return 200 "$remote_addr $geoip2_data_country_code\n";
36 }
37 error_page 500 502 503 504 /50x.html;
38 location = /50x.html {
39 root html;
40 }
41 }
42 map geoip2_data_country_code $allowed_country {
43 default no;
44 CN yes;
45 }
46 }
