I'm a Fedora 29 enduser looking for a way perform GeoIP blocking via NGINX without having to pay a lot of $$ for Nginx Plus. I saw NGINX can be setup to include modules and wanted to ask if there are any open-source modules that can be used to perform basic GeoIP blocking.
Thanks,
You can build nginx and add the geoip module from nginx https://nginx.org/en/docs/http/ngx_http_geoip_module.html by adding "--with-http_geoip_module" to the nginx build configuration.
Then in your nginx.conf you specify geoip_country or geoip_city followed by a path to a geoip db
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/ can also help with setting up geoip for either open-source or nginx plus
Edit: GeoIP is deprecated but will still work for existing installs.
You can build GeoIP2 from source here https://github.com/leev/ngx_http_geoip2_module with nginx in a similar manner as before
Here is the newer geoip2 database Geolite2 Country
Related
I have Nginx configuration where I want to allow a DNS name as I cant be certain on IP address.
{
satisfy any;
allow www.domain.com; // want to achieve this
}
With Nginx we cant achieve this.
Looked at this https://github.com/flant/nginx-http-rdns as a solution.
This module says it does reverse lookup but it didnt work and repo is very old and well maintained.
Another alternative is to use a shell script and do a dig or host on IP address but we dont want to use shell script with Nginx.
Alternate solution is to use a side car to do the DNS resolution and to add allow/deny rules.
If this still works you'll need to compile it for the same version of nginx that is installed. If you're using nginx from a repo then dynamically compile it and see if the following helps:
Download nginx src matching installed version and extract it.
$ cd nginx-1.x.x
$ ./configure --with-compat --add-dynamic-module=/path/to/nginx_module
$ make modules
make modules should result in a nginx module that you need to copy to /usr/lib/nginx/modules/ and load it with load_module modules/modulename.so in your nginx.conf.
I have a two nodes WebLogic (and a positively ancient version of WebLogic to boot) cluster that I plan to retire where WebLogic will be replaced by WildFly and Apache with Nginx. The problem I am facing right now is how to replace mod_weblogic from the Apache configuration:
<IfModule mod_weblogic.c>
WebLogicHost 192.168.0.1
WebLogicPort 7003
</IfModule>
<LocationMatch "/services/.*/(buy|sell|status)">
SetHandler weblogic-handler
WebLogicCluster 192.168.0.1:7003,192.168.0.2:7003
PathTrim /services
PathPrepend /requestprocessor
WLIOTimeoutSecs 600
</LocationMatch>
In this example, from what I understand, provides mod_weblogic load balancing between the two nodes, right? I have to admit that I have no idea how this module works, only that I am about to replace it… :-)
How can I achieve the same result with Nginx and WildFly?
I found a guide on the Nginx website about load balancing ( https://docs.nginx.com/nginx/deployment-guides/jboss-load-balancing-nginx-plus/) and I guess the big question is if there is anything in the functionality of mod_weblogic that I am missing or if doing as the guide suggests will provide the desired result?
You can do load balancing with a lot of tools now. for example haproxy
http://biemond.blogspot.com/2010/04/high-availability-load-balancer-for.html
or nginx https://www.nginx.com/blog/load-balance-oracle-weblogic-server/
or apache https://theheat.dk/blog/?p=916
or varnish https://varnish-cache.org/
they all have similar abilities. as far as I know, now mod_weblogic does not have any specialty other then nginx or varnish or haproxy. apache proxy module can be hard to configure but still does the job.
long time ago there was no nginx or varnish there people start using mod_weblogic. it was a default product for weblogic. now we have all other options. you just need to test and fine-tune your choice.
I'm using vagrant (VVV actually) to run local wordpress installs. I want to test different behaviors for different GEO's on my local machine instead of upload it every time to the server which is annoying.
So, I've tried to install the GeoIP nginx module to the local machine with the following guide https://piwik.org/faq/how-to/faq_166/ (and a bit more google but it doesn't matter at the moment).
When I'm using ./configure the following is exists:
checking for GeoIP library ... found
checking for GeoIP IPv6 support ... found
I've also set the .dat files in my conf file, and set the $_SERVER (fastcgi_param) parameters - so they displayed when I'm printing the $_SERVER var.
But those GeoIP vars are empty. I'm not sure about the reason, but 2 things is bothering me. First, when I'm write nginx -V in the terminal the argument --with-http_geoip_module is missing. Second, could it actually works if the REMOTE_ADDR (IP) is not my real IP? (192.168.1.50 for example).
nginx is a bit strange for me, so sorry if something isn't exact..
--
Operating system - macOS, nginx version - 1.3.15, running with VVV (vagrant box)
If there is a reverse proxy in front of your nginx, use geoip_proxy to set IPs whose X-Forwarded-For-Header can be trusted.
You can also use that without actually having a reverse proxy when you're developing. Add your local IP to the geoip_proxy-list and set the X-Forwarded-For-Header to your public IP in your browser (use a plugin like Modify Headers).
I am having a website which is working on nginx already .
nginx conf file is in /etc/nginx.conf folder.
Now i want to integrate lua into that project so i installed Openresty .
I created a folder with name "work" as per instruction in doc .And website is working fine at port 8080 as per instructions.
Now i want to use same code into my /etc/nginx/nginx.conf file.
like i can use statements like 'content_by_lua ' there .
I am not able to configure this .
I am getting below error.
Starting nginx: nginx: [emerg] unknown directive "content_by_lua" in /etc/nginx/nginx.conf:25
nginx: configuration file /etc/nginx/nginx.conf test failed
Let me know what i am doing wrong
I started from the same point. Had nginx, had lua, installed openresty and went from there. I was getting the exact same error. After spending considerable time, trying to make the openresty packages play nice with my nginx installation, I found it easiest to uninstall nginx and move forward just with openresty's nginx. Just make backups of your current nginx.conf and any vhost files.
When installing openresty I was sure to include the --with-luajit option. Set up a "hello, world" test, and everything worked wonderfully. My biggest complaint was not being able to start and stop nginx as a service anymore. The issue is a lack of init.d file in the openresty installation. Luckily I ran across this:
https://groups.google.com/forum/#!topic/openresty-en/7UOz-y77CY4
just change the name to openresty (instead of openresty.init.d) and place in /etc/init.d/ (assumed for Ubuntu). and start/stop/reload as sudo service openresty start
The error shows that your nginx don't compiled with the right module.
try type nginx -V to see if your nginx configured with nginx_lua_module
Maybe you should find out where the openresty nginx is and use this nginx instead of the default one.
I would like to run CKAN behind Nginx. Does it make sense to run the CKAN site through the paster process:
paster serve production.ini
... and then just point Nginx at it through a reverse proxy?
server {
listen 80;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
Or is there a way to run as a FastCGI process? Perhaps a FastCGI daemon process similar to Django?
The default installation of CKAN (the one done via package install) sets up CKAN running on Apache with mod_wsgi with Nginx on top. Have at look at the Apache and Nginx configuration files for details on how it is done.
Regarding using paster on a production environment, I'd imagine that sooner or later you will hit performance problems, so I would avoid it. You may find this answer useful:
Can I use paster on production site?