Preface
So after some confusion reading some stackoverflow articles like this one install geoip2 nginx finnaly i understand whats wrong when i tried install the geoip2 instead of geoip in my nginx that run on top of rocky 9. Actually the problem seems like because only few people need to build customized version of nginx and add some random modules with it.
More than that, some deprecated part looks like not well documented. Based on that assumption i will try cover some things that you guys should keep eye on. Let’s start from The ingredients
prerequisites :
- libmaxminddb
- libmaxminddb-devel
- CRB rocky repo activated
- some package for compiling from scratch like cmake, zlib, gcc etc.
- Nginx sourcecode
- the module https://github.com/leev/ngx_http_geoip2_module
Maxminddb
So because i want to add a geoip detection support in my nginx, that’s mean i need a source of truth like a databases that contain or can tell people about from which nationality this User come from based on it’s IP
[root@rocky-9x ~] mmdblookup --file GeoLite2-Country_20241004/GeoLite2-Country.mmdb --ip some.some.some.some
{
"continent":
{
"code":
"AS" <utf8_string>
"geoname_id":
6255147 <uint32>
"names":
{
"de":
"Asien" <utf8_string>
"en":
"Asia" <utf8_string>
"es":
"Asia" <utf8_string>
"fr":
"Asie" <utf8_string>
"ja":
"アジア" <utf8_string>
"pt-BR":
"Ásia" <utf8_string>
"ru":
"Азия" <utf8_string>
"zh-CN":
"亚洲" <utf8_string>
}
}
"country":
{
"geoname_id":
1643084 <uint32>
"iso_code":
"ID" <utf8_string>
"names":
{
"de":
"Indonesien" <utf8_string>
"en":
"Indonesia" <utf8_string>
"es":
"Indonesia" <utf8_string>
"fr":
"Indonésie" <utf8_string>
"ja":
"インドネシア共和国" <utf8_string>
"pt-BR":
"Indonésia" <utf8_string>
"ru":
"Индонезия" <utf8_string>
"zh-CN":
"印度尼西亚" <utf8_string>
}
}
"registered_country":
{
"geoname_id":
1643084 <uint32>
"iso_code":
"ID" <utf8_string>
"names":
{
"de":
"Indonesien" <utf8_string>
"en":
"Indonesia" <utf8_string>
"es":
"Indonesia" <utf8_string>
"fr":
"Indonésie" <utf8_string>
"ja":
"インドネシア共和国" <utf8_string>
"pt-BR":
"Indonésia" <utf8_string>
"ru":
"Индонезия" <utf8_string>
"zh-CN":
"印度尼西亚" <utf8_string>
}
}
}
This is where Maxminddb taking places, so in short nginx officially support geoip checking with maxminddb as source of data, we can do a lookup checking etc based on ip and file that we download from maxmind you can download data based on city, country region etc. with various format such as mmdb and csv (for nginx mmdb format will be used).
If just wanna take a look how it’s look like using lite version is feasible just register to https://www.maxmind.com/en/account/sign-in and get to download page then download mmdb file
Rocky 9 towards maxmind
so when you want to build nginx from source and add geoip support with it, it’s already well known that we should add maxmind db geoip and a development package that allow us to call the geoip db to our nginx. The first time i try to install geoip2 i was go with GeoIP2 and GeoIP2-devel since i using rocky, and… i didn’t find any of them.
After browse some thread maybe related to it, i land on this forum rocky 9 forum pages and someone said that this package already deprecated and moved to libmaxminddb and libmaxminddb-devel but another things coming. When i tried to install it directly i can’t find it (still) after manually browse the package, turns out we need to enable CRB (Code Ready Builder) repo for rocky 9. Don’t try to install the obsolete version through remi repo or something else, it will cause collision in some cases. You can check the content of CRB here : crb rocky content
you can enable it using :
yum-config-manager enable crb
Once installation finish you can just go follow the guide for install GeoIP2 support for nginx, but to make sure all works well try to run these command. It should return a json data contain geo location of ip, depends on what version downloaded (city name, country name and code with 3 character etc. )
ngx_http_geoip2_module introduction
Like we all know, nginx need a some kind of “connector” that help it to gain some feature that owned by Operating System or some specific library to be specific. So for this purpose nginx hace several modules that contain a code that consume or implemented some Library or Operating System feature like syscall etc.
If we want to use geoip2 we need to install ngx_http_geoip2_module module, you can find the source here https://github.com/leev/ngx_http_geoip2_module. We can also read the docs because somehow this repo docs more straight forward and i gain some information from it.
In my case i want this module become static module, all i need is adding this flag to my build script.
after add ngx_http_geoip2_module as static modules you don’t need to call module manually via load_module because the modules already loaded by nginx
Nginx Build From Source
Actually this section will be straight to how to run it, but i’ll try to describe some packages that will be needed with assumption the crb repo already activated
./configure --add-module=~/nginx/ngx_http_geoip2_module --with-stream
make
make install
When configure command is success the output will be like this
...
...
checking for MaxmindDB library ... found
+ ngx_geoip2_module was configured
checking for PCRE2 library ... found
checking for zlib library ... found
creating objs/Makefile
Configuration summary
+ using system PCRE2 library
+ OpenSSL library is not used
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
And just continue to make if configure command succeeded and will be got output like this
...
...
objs/src/stream/ngx_stream_upstream_random_module.o \
objs/src/stream/ngx_stream_upstream_zone_module.o \
objs/addon/ngx_http_geoip2_module/ngx_http_geoip2_module.o \
objs/addon/ngx_http_geoip2_module/ngx_stream_geoip2_module.o \
objs/ngx_modules.o \
-lcrypt -lmaxminddb -lmaxminddb -lpcre2-8 -lz \
-Wl,-E
sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
-e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
-e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \
-e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory '/root/nginx/nginx-1.27.0'
and this for make install
...
...
cp conf/scgi_params \
'/usr/local/nginx/conf/scgi_params.default'
test -f '/usr/local/nginx/conf/nginx.conf' \
|| cp conf/nginx.conf '/usr/local/nginx/conf/nginx.conf'
cp conf/nginx.conf '/usr/local/nginx/conf/nginx.conf.default'
test -d '/usr/local/nginx/logs' \
|| mkdir -p '/usr/local/nginx/logs'
test -d '/usr/local/nginx/logs' \
|| mkdir -p '/usr/local/nginx/logs'
test -d '/usr/local/nginx/html' \
|| cp -R html '/usr/local/nginx'
test -d '/usr/local/nginx/logs' \
|| mkdir -p '/usr/local/nginx/logs'
make[1]: Leaving directory '/root/nginx/nginx-1.27.0'
As you see above the module successfully installed when you got ngx_geoip2_module was configured messages when run configure command and as i told above i intend to install it as a static module so we don’t need mention or load module manually inside our config and the nginx have been builded inside /usr/local/nginx/sbin but you can specify the default directory with --prefix= and --sbin-path= or for more param take a look at this http://nginx.org/en/docs/configure.html
To run it just execute the executable file and run /usr/local/nginx/sbin/nginx -V you will got output like this ( I installed it with stream module, you know just in case ;) )
[root@rocky-9x nginx-1.27.0] /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.27.0
built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)
configure arguments: --add-module=/root/nginx/ngx_http_geoip2_module --with-stream
You can check your nginx already runnin or not with access your machine via web browser or curl command
GeoIP setup
If you already read this far, i assume maxminddb and other things that needed to done this already prepared and installed. Actually after yapping that much this steps is quiet simple. When setup GeoIP all you need is setup header of nginx and some variables. So here is my config :
http{
...
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
auto_reload 60m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code country iso_code;
$geoip2_data_country_name country names en;
}
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
...
}
after apply above config, try rung nginx -t and make sure no error appear. If your nginx got warning messages and it’s not related to geoip just ignore it but if it related to geoip try check it and look for it in google. Then reload or restart nginx to make sure changes of config applied.
One interesting part is when you build nginx with geoip modules, automatically you can see it’s will add .mmdb file by it self. Now let’s test it
Testing : set header and set log for geolocation
So after a long yapping sessions, Next it to proof that our work is done. Let’s check it already applied or not. So actually there is many way to apply it. But the simplest way that i found in internet is to change header of responses with this config;
http {
...
## for header
add_header "X-country-code" "$geoip2_data_country_code";
## for logging contry code
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" - ehe "$geoip2_data_country_name" - "$geoip2_data_country_code"';
access_log logs/access.log main;
...
}
add this config inside the http directive then reload or restart your nginx services, then lets try it;
panji@machine :: curl -I http://some.some.some.some/
HTTP/1.1 200 OK
Server: nginx/1.27.0
Date: Sun, 06 Oct 2024 09:10:14 GMT
Last-Modified: Sun, 06 Oct 2024 08:49:39 GMT
Connection: keep-alive
ETag: "67024f23-293"
X-country-code: ID
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 659
you can see that the header that we add before mentioned to the responses. Next i try curl from various nation origin :
this one from germany
this one from france
last one from US
Also we can show from log like these :
Nginx log
Done that’s it
Conclusion
So when you need to do some kind of circus attraction sometimes to obtain something in nginx. Geo Location come handy when you need either apply a rate limiting rules with nationality constraint or maybe you just wanna redirect user from exact country to specific pages of your sites. But don’t limit your self to this kind of approach i believe there is many way to do them both. What your thoughts about it?
Cheers !