From 57b70d654b0f5ae74cd627faad6ccca2deffa9fe Mon Sep 17 00:00:00 2001
From: gilbN <gilberg@gmail.com>
Date: Sun, 20 Sep 2020 23:30:06 +0200
Subject: [PATCH] added geoip2 configs

---
 readme-vars.yml           |  2 +
 root/defaults/geoip2.conf | 83 +++++++++++++++++++++++++++++++++++++++
 root/defaults/nginx.conf  |  7 ++++
 3 files changed, 92 insertions(+)
 create mode 100644 root/defaults/geoip2.conf

diff --git a/readme-vars.yml b/readme-vars.yml
index 3b86a01..7f7bfd4 100755
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -57,6 +57,7 @@ opt_param_env_vars:
   - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
   - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
   - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
+  - { env_var: "MAXMINDDB_LICENSE_KEY", env_value: "". desc: "Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly."}
 opt_param_usage_include_vols: false
 opt_param_volumes:
   - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
@@ -148,6 +149,7 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "20.09.20:", desc: "Update nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."}
   - { date: "08.09.20:", desc: "Add php7-xsl." }
   - { date: "01.09.20:", desc: "Update nginx.conf and proxy.conf (and various proxy samples) to better handle websockets." }
   - { date: "03.08.20:", desc: "Initial release." }
diff --git a/root/defaults/geoip2.conf b/root/defaults/geoip2.conf
new file mode 100644
index 0000000..3b348ac
--- /dev/null
+++ b/root/defaults/geoip2.conf
@@ -0,0 +1,83 @@
+## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
+# To enable, uncommment the Geoip2 config line in nginx.conf
+# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
+# A Maxmind lisence key can be aqiured here: https://www.maxmind.com/en/geolite2/signup
+# The below config is for geoblocking any country/city you add. The default config is blocking all countries/cities except the ones you set to "yes". 
+# If you want to do the opposite, set default to "yes", and the countries/cities to "no".
+# As the default config blocks all IP's except the ones in the GeoLite2-City.mmdb database set to yes, you will need to allow your lan ip for local access. 
+
+
+geoip2 /config/geoip2db/GeoLite2-City.mmdb {
+    auto_reload 5m;
+    $geoip2_data_country_code country iso_code;
+    $geoip2_data_city_name city names en;
+}
+
+# GEOIP2 COUNTRY CONFIG
+map $geoip2_data_country_code $allowed_country {
+    default no;
+    <COUNTRY-CODE> yes; # e.g GB yes; for United Kingdom
+    IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access.
+}
+
+#(Optional)
+# GEOIP2 CITY CONFIG
+#    map $geoip2_data_city_name $allowed_city {
+#    default no;
+#    <CITY-NAME> yes; # e.g Inverness yes;
+#    IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access.
+#    }
+
+
+# Server config example:
+# Add the following if statement inside any server context you want to geo block.
+
+# COUNTRY GEO BLOCK	
+#	if ($allowed_country = no) {
+#	return 444;
+#	}
+
+# Full example:
+
+# sample config for "default" with the geo block added
+#server {
+#	listen 443 ssl http2 default_server;
+#	listen [::]:443 ssl http2 default_server;
+#
+#	root /config/www;
+#	index index.html index.htm index.php;
+#
+#	server_name _;
+
+
+# COUNTRY GEO BLOCK	
+#	if ($allowed_country = no) {
+#	return 444;
+#	}
+
+
+#	# enable subfolder method reverse proxy confs
+#	include /config/nginx/proxy-confs/*.subfolder.conf;
+#
+#	# all ssl related config moved to ssl.conf
+#	include /config/nginx/ssl.conf;
+#
+#	# enable for ldap auth
+#	#include /config/nginx/ldap.conf;
+#
+#	# enable for Authelia
+#	#include /config/nginx/authelia-server.conf;
+#
+#	client_max_body_size 0;
+#
+#	location / {
+#		try_files $uri $uri/ /index.html /index.php?$args =404;
+#	}
+#
+#	location ~ \.php$ {
+#		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+#		fastcgi_pass 127.0.0.1:9000;
+#		fastcgi_index index.php;
+#		include /etc/nginx/fastcgi_params;
+#	}
+#}
diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf
index 10b56d8..25bec0d 100644
--- a/root/defaults/nginx.conf
+++ b/root/defaults/nginx.conf
@@ -87,6 +87,13 @@ http {
 	include /config/nginx/site-confs/*;
 	lua_load_resty_core off;
 
+	##
+	# Geoip2 config
+	##
+	# Uncomment to add the Geoip2 configs needed to geo block countries/cities. 
+	##
+	
+	#include /config/nginx/geoip2.conf;
 }