diff --git a/readme-vars.yml b/readme-vars.yml index f2afdac..10af9f4 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -58,7 +58,6 @@ opt_param_env_vars: - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" } - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." } - - { env_var: "MAXMINDDB_LICENSE_KEY", env_value: "", desc: "Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly."} opt_param_usage_include_vols: false opt_param_volumes: - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." } @@ -155,6 +154,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "30.11.21:", desc: "Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)" } - { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." } - { date: "20.11.21:", desc: "Added support for dnspod validation." } - { date: "15.11.21:", desc: "Added support for deSEC DNS for wildcard certificate generation." } diff --git a/root/defaults/default b/root/defaults/default index 3593668..82e19e8 100644 --- a/root/defaults/default +++ b/root/defaults/default @@ -32,12 +32,6 @@ server { # enable for Authelia #include /config/nginx/authelia-server.conf; - # enable for geo blocking - # See /config/nginx/geoip2.conf for more information. - #if ($allowed_country = no) { - #return 444; - #} - client_max_body_size 0; location / { diff --git a/root/defaults/geoip2.conf b/root/defaults/geoip2.conf deleted file mode 100644 index 846c5b5..0000000 --- a/root/defaults/geoip2.conf +++ /dev/null @@ -1,123 +0,0 @@ -## Version 2020/10/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf -# To enable, uncommment the Geoip2 config line in nginx.conf -# Add the -e MAXMINDDB_LICENSE_KEY= to automatically download the Geolite2 database. -# A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup - -geoip2 /config/geoip2db/GeoLite2-City.mmdb { - auto_reload 1w; - $geoip2_data_city_name city names en; - $geoip2_data_postal_code postal code; - $geoip2_data_latitude location latitude; - $geoip2_data_longitude location longitude; - $geoip2_data_state_name subdivisions 0 names en; - $geoip2_data_state_code subdivisions 0 iso_code; - $geoip2_data_continent_code continent code; - $geoip2_data_country_iso_code country iso_code; -} - -# GEOIP2 COUNTRY CONFIG -map $geoip2_data_country_iso_code $allowed_country { - # default must be yes or no - # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below. - default yes; - - # Below you will setup conditions with yes or no - # ex: ; - - # allow United Kingdom. - #GB yes; -} - -# GEOIP2 CITY CONFIG -map $geoip2_data_city_name $allowed_city { - # default must be yes or no - # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below. - default yes; - - # Below you will setup conditions with yes or no - # ex: ; - - # allow Inverness. - #Inverness yes; -} - -# ALLOW LOCAL ACCESS -geo $allow_list { - default yes; # Set this to no if $allowed_country or $allowed_city default is no. - # IP/CIDR yes; # e.g. 192.168.1.0/24 yes; -} - -# Server config example: -# Add the following if statements inside any server context where you want to geo block countries. - -######################################## -# if ($allow_list = yes) { -# set $allowed_country yes; -# } -# if ($allowed_country = no) { -# return 444; -# } -######################################### - -# Add the following if statements inside any server context where you want to geo block cities. -######################################## -# if ($allow_list = yes) { -# set $allowed_country yes; -# } -# if ($allowed_city = no) { -# return 444; -# } -######################################### - -# Example using a config from proxy-confs - -#server { -# listen 443 ssl; -# listen [::]:443 ssl; -# -# server_name unifi.*; -# -# include /config/nginx/ssl.conf; -# -# client_max_body_size 0; -# -# # enable for ldap auth, fill in ldap details in ldap.conf -# #include /config/nginx/ldap.conf; -# -# # enable for Authelia -# #include /config/nginx/authelia-server.conf; - - -# # Allow lan access if default is set to no -# if ($allow_list = yes) { -# set $allowed_country yes; -# } -# # Country geo block -# if ($allowed_country = no) { -# return 444; -# } - - -# -# location / { -# # enable the next two lines for http auth -# #auth_basic "Restricted"; -# #auth_basic_user_file /config/nginx/.htpasswd; -# -# # enable the next two lines for ldap auth -# #auth_request /auth; -# #error_page 401 =200 /ldaplogin; -# -# # enable for Authelia -# #include /config/nginx/authelia-location.conf; -# -# include /config/nginx/proxy.conf; -# resolver 127.0.0.11 valid=30s; -# set $upstream_app unifi-controller; -# set $upstream_port 8443; -# set $upstream_proto https; -# proxy_pass $upstream_proto://$upstream_app:$upstream_port; -# -# proxy_buffering off; -# } -#} diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf index ea2830c..ae21a63 100644 --- a/root/defaults/nginx.conf +++ b/root/defaults/nginx.conf @@ -115,14 +115,6 @@ http { ## include /config/nginx/site-confs/*; #Removed lua. Do not remove this comment - - ## - # Geoip2 config - ## - # Uncomment to add the Geoip2 configs needed to geo block countries/cities. - ## - - #include /config/nginx/geoip2.conf; } #mail { diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index 84e86ee..abe45b1 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -76,8 +76,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local cp /defaults/authelia-server.conf /config/nginx/authelia-server.conf [[ ! -f /config/nginx/authelia-location.conf ]] && \ cp /defaults/authelia-location.conf /config/nginx/authelia-location.conf -[[ ! -f /config/nginx/geoip2.conf ]] && \ - cp /defaults/geoip2.conf /config/nginx/geoip2.conf [[ ! -f /config/www/502.html ]] && cp /defaults/502.html /config/www/502.html @@ -362,18 +360,6 @@ fi rm -rf /var/lib/libmaxminddb [[ ! -d /var/lib/libmaxminddb ]] && \ ln -s /config/geoip2db /var/lib/libmaxminddb -# check GeoIP2 database -if [ -n "$MAXMINDDB_LICENSE_KEY" ]; then - sed -i "s|.*MAXMINDDB_LICENSE_KEY.*|MAXMINDDB_LICENSE_KEY=\"${MAXMINDDB_LICENSE_KEY}\"|g" /etc/libmaxminddb.cron.conf - if [ ! -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then - echo "Downloading GeoIP2 City database." - /etc/periodic/weekly/libmaxminddb - fi -elif [ -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then - echo -e "Currently using the user provided GeoLite2-City.mmdb.\nIf you want to enable weekly auto-updates of the database, retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key." -else - echo -e "Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key." -fi # logfiles needed by fail2ban [[ ! -f /config/log/nginx/error.log ]] && \ diff --git a/root/etc/cont-init.d/70-templates b/root/etc/cont-init.d/70-templates index 6b60ed1..40125c1 100644 --- a/root/etc/cont-init.d/70-templates +++ b/root/etc/cont-init.d/70-templates @@ -3,7 +3,6 @@ nginx_confs=( \ authelia-location.conf \ authelia-server.conf \ - geoip2.conf \ ldap.conf \ nginx.conf \ proxy.conf \