From b58ee45818f160a10359e523911f0c811b469f95 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Tue, 22 Sep 2020 19:53:40 -0500 Subject: [PATCH] Adjust geoip2 instructions --- root/defaults/default | 2 +- root/defaults/geoip2.conf | 58 ++++++++++++++++++++++++++------------- 2 files changed, 40 insertions(+), 20 deletions(-) diff --git a/root/defaults/default b/root/defaults/default index e290c6e..c4b27ae 100644 --- a/root/defaults/default +++ b/root/defaults/default @@ -31,7 +31,7 @@ server { #include /config/nginx/authelia-server.conf; # enable for geo blocking - # See /config/nginx/geoip2.conf for more information. + # See /config/nginx/geoip2.conf for more information. #if ($allowed_country = no) { #return 444; #} diff --git a/root/defaults/geoip2.conf b/root/defaults/geoip2.conf index 4d63bdc..68ce8cd 100644 --- a/root/defaults/geoip2.conf +++ b/root/defaults/geoip2.conf @@ -2,32 +2,52 @@ # To enable, uncommment the Geoip2 config line in nginx.conf # Add the -e MAXMINDDB_LICENSE_KEY= to automatically download the Geolite2 database. # A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup -# The below config is for geoblocking any country/city you add. The default config is blocking all countries/cities except the ones you set to "yes". -# If you want to do the opposite, set default to "yes", and the countries/cities to "no". -# As the default config blocks all IP's except the ones in the GeoLite2-City.mmdb database set to yes, you will need to allow your lan ip for local access. - -geoip2 /config/geoip2db/GeoLite2-City.mmdb { - auto_reload 5m; - $geoip2_data_country_code country iso_code; - $geoip2_data_city_name city names en; +geoip2 /config/geoip2db//GeoLite2-City.mmdb { + auto_reload 1w; + $geoip2_data_city_name city names en; + $geoip2_data_postal_code postal code; + $geoip2_data_latitude location latitude; + $geoip2_data_longitude location longitude; + $geoip2_data_state_name subdivisions 0 names en; + $geoip2_data_state_code subdivisions 0 iso_code; + $geoip2_data_continent_code continent code; + $geoip2_data_country_iso_code country iso_code; } # GEOIP2 COUNTRY CONFIG -map $geoip2_data_country_code $allowed_country { - default no; - yes; # e.g GB yes; for United Kingdom - IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access. +map $geoip2_data_country_iso_code $allowed_country { + # default must be yes or no + default yes; + + # Below you will setup conditions with yes or no + # ex: ; + # If your default is set to yes you can setup conditions that would set it to no (and vice versa) + # Conditions are either network address (CIDR notation) or country code + + # allow United Kingdom. + #GB yes; + + # allow local access. + #192.168.1.0/24 yes; } -#(Optional) # GEOIP2 CITY CONFIG -# map $geoip2_data_city_name $allowed_city { -# default no; -# yes; # e.g Inverness yes; -# IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access. -# } +map $geoip2_data_city_name $allowed_city { + # default must be yes or no + default yes; + # Below you will setup conditions with yes or no + # ex: ; + # If your default is set to yes you can setup conditions that would set it to no (and vice versa) + # Conditions are either network address (CIDR notation) or city name + + # allow Inverness. + #Inverness yes; + + # allow local access. + #192.168.1.0/24 yes; +} # Server config example: # Add the following if statement inside any server context where you want to geo block countries. @@ -64,7 +84,7 @@ map $geoip2_data_country_code $allowed_country { # #include /config/nginx/authelia-server.conf; -# # Country geo block +# # Country geo block # if ($allowed_country = no) { # return 444; # }