## Version 2020/10/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf # To enable, uncommment the Geoip2 config line in nginx.conf # Add the -e MAXMINDDB_LICENSE_KEY= to automatically download the Geolite2 database. # A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup geoip2 /config/geoip2db/GeoLite2-City.mmdb { auto_reload 1w; $geoip2_data_city_name city names en; $geoip2_data_postal_code postal code; $geoip2_data_latitude location latitude; $geoip2_data_longitude location longitude; $geoip2_data_state_name subdivisions 0 names en; $geoip2_data_state_code subdivisions 0 iso_code; $geoip2_data_continent_code continent code; $geoip2_data_country_iso_code country iso_code; } # GEOIP2 COUNTRY CONFIG map $geoip2_data_country_iso_code $allowed_country { # default must be yes or no # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below. default yes; # Below you will setup conditions with yes or no # ex: ; # allow United Kingdom. #GB yes; } # GEOIP2 CITY CONFIG map $geoip2_data_city_name $allowed_city { # default must be yes or no # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below. default yes; # Below you will setup conditions with yes or no # ex: ; # allow Inverness. #Inverness yes; } # ALLOW LOCAL ACCESS geo $allow_list { default yes; # Set this to no if $allowed_country or $allowed_city default is no. # IP/CIDR yes; # e.g. 192.168.1.0/24 yes; } # Server config example: # Add the following if statements inside any server context where you want to geo block countries. ######################################## # if ($allow_list = yes) { # set $allowed_country yes; # } # if ($allowed_country = no) { # return 444; # } ######################################### # Add the following if statements inside any server context where you want to geo block cities. ######################################## # if ($allow_list = yes) { # set $allowed_country yes; # } # if ($allowed_city = no) { # return 444; # } ######################################### # Example using a config from proxy-confs #server { # listen 443 ssl; # listen [::]:443 ssl; # # server_name unifi.*; # # include /config/nginx/ssl.conf; # # client_max_body_size 0; # # # enable for ldap auth, fill in ldap details in ldap.conf # #include /config/nginx/ldap.conf; # # # enable for Authelia # #include /config/nginx/authelia-server.conf; # # Allow lan access if default is set to no # if ($allow_list = yes) { # set $allowed_country yes; # } # # Country geo block # if ($allowed_country = no) { # return 444; # } # # location / { # # enable the next two lines for http auth # #auth_basic "Restricted"; # #auth_basic_user_file /config/nginx/.htpasswd; # # # enable the next two lines for ldap auth # #auth_request /auth; # #error_page 401 =200 /ldaplogin; # # # enable for Authelia # #include /config/nginx/authelia-location.conf; # # include /config/nginx/proxy.conf; # resolver 127.0.0.11 valid=30s; # set $upstream_app unifi-controller; # set $upstream_port 8443; # set $upstream_proto https; # proxy_pass $upstream_proto://$upstream_app:$upstream_port; # # proxy_buffering off; # } #}