This tutorial explains how to compile the GeoIP module with Nginx to block the visitors by country. This is made possible by the GeoIP database which maps users’ IP addresses to countries. Nginx must be compiled with the HttpGeoipModule to use the GeoIP database.
In this article I will provides step-by-step procedure to enable GeoIP support on your CentOS server.
Compile The GeoIP Module With Nginx
Nginx intoduced dynamic module support in v. 1.9.11. Follow the below steps to compile the GeoIP module.
1. Install and enable the EPEL and Nginx-Mainline repositories on you system.
2. Install the nginx-module-geoip using yum:
# yum install nginx-module-geoip
3. Add below line into your /etc/nginx/nginx.conf file.
load_module "modules/ngx_http_geoip_module.so";
4. Type below command to check the syntax error in nginx conf file.
# nginx -t
5. If there is no error print, reload Nginx using below command.
# nginx -s reload
6. Run the below command to verify the GeoIP module:
# nginx -V nginx version: nginx/1.13.5 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --with-http_geoip_module --add-module=/tmp/nginx-sticky-module-ng --add-module=/tmp/nginx_upstream_check_module
Configure Nginx To Use Geoip
Edit your /etc/nginx/nginx.conf file.
# vim /etc/nginx/nginx.conf
And place this in the http {} block, before any include lines:
[...]
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
FK no;
FM no;
EH no;
}
[...]
In above code I have configured to allows all contries, except the three countries.
Find a list of country code.
Block All Countries And Allow Only A Few
[...]
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
FK yes;
FM yes;
EH yes;
}
[...]
Thanks:)
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
thanks dear Santosh Prasad , its very usefull article
Hi Santosh.
Nice tutorial, but for first time installers, it would be worth mentioning, that you also have to deny the !allowed_country in each server section.
And for dynamically loaded modules it is not visible with nginx -V
Cheers
Chris