Add GeoIP module

[teodorch85]

Hi! As I am noob with nginx is it possible to enable the GeoIP module so we can limit access also by location? https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/

Thank you!

[jc21]

Sounds doable. Makes sense to include with improvements in #38 as well.

[wuast94]

the geoip module is active by default so no worry. its just a bit of path mapping and edit config files :P

the main problem of geoip module is using legacy geoip databases that are deprecated. from https://dev.maxmind.com/geoip/legacy/downloadable/ to https://dev.maxmind.com/geoip/geoip2/geolite2/ wich is using maxmind databases

but the geoip module from nginx is using teh legacy databases. so i dont know if its an issue from nginx itselfs or from npm. it sounds nice to block countries etc but i thing nginx need to fix it first before this feature can addet by devs to the container or am i wrong ? i wrote more to -> #78

[jc21]

Yep I've found the legacy databases are not longer supplied anymore so everyone has to convert to geo2.

Seems it's trivial to add the new module: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/geoip2/

Also the geolite databases need to be baked in to the docker image.

[wuast94]

I think it should be better to make this possible over mounting the nginx dir to host system. So everyone can edit this as wanted (use other modules or databases)

And I think the geo2 module should be addet by nginx docker Mainter. Many modules are installed by defoult: https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine/Dockerfile

[jc21]

You can already do that if you want to. In any docker image there is no restriction in what you're mounting and where. Even though I bake in config or files you're always able to override them.

[corvy]

I would really love this feature. :)

[ghallford]

This would be awesome because in order to use this

Currently nginx fails with this error when I add the custom log format:

2020/07/09 16:36:21 [emerg] 3022#3022: unknown "geoip2_data_city_name" variable

I need the geoIP information to send to InfluxDB custom format:

log_format custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" $host "$http_user_agent" "$request_time" "$upstream_connect_time" "$geoip2_data_city_name" "$geoip2_data_country_code"';

[joggs]

Looking forward to this!

[brokoler]

Still missing and everything I'm waiting for! 👍

[risiman]

That sounds great to me

[andyshutak]

Likewise this will help massively in reducing attempted logons and bruteforcing on my network. Watching closely.

[Br3b]

Hi guys, this would be great! I was trying to get the geoip module or to at least implement a kind of monitoring possibility for the ngxin proxy manager with telegraf and grafana. But my limited docker knowledge is just not enough. I would appreciate if this feature would be available out of the box :) Stay healthy!

[rh535]

This would be great!

[danner26]

@jc21 any update? I would be happy to help develop on this if y'all need an extra hand in order to get it included.

[mgutt]

+1

[phrogg]

Is there any way, to do this without it implemented? If I can set it up manually I may be able to make an PR out of it.

[mouseron]

Checking in to see if how this is going. @jc21 is there any update please. It would be great to have this implemented please and thank you!

[jc21]

See #1202

[mouseron]

See #1202

Thanks and it's great to see there will be a V3! I wasn't aware.

It's not clear not me whether GeoIP2 will be part of this new version though... The closest statement I could find was "UI Configurable IP ranges for real_ip determination"

Will GeoIP2 be incorporated?

Thanks again!

[Pacerino]

@mouseron Take a look at https://github.com/sherpya/geolite2legacy and https://www.miyuru.lk/geoiplegacy

[Pacerino]

the geoip module is active by default so no worry. its just a bit of path mapping and edit config files :P

the main problem of geoip module is using legacy geoip databases that are deprecated. from https://dev.maxmind.com/geoip/legacy/downloadable/ to https://dev.maxmind.com/geoip/geoip2/geolite2/ wich is using maxmind databases

but the geoip module from nginx is using teh legacy databases. so i dont know if its an issue from nginx itselfs or from npm. it sounds nice to block countries etc but i thing nginx need to fix it first before this feature can addet by devs to the container or am i wrong ? i wrote more to -> #78

Hey @wuast94 i was wondering how the geoip module is active by default when the openresty doesnt get compiled with the flag to enable the geoip module? It would be nice if you could explain in detail how you managed it. The anweres you've made arent detailed.

[jc21]

Should anyone want to look at adding the module:

• https://github.com/NginxProxyManager/docker-nginx-full/blob/master/docker/Dockerfile
• https://github.com/NginxProxyManager/docker-nginx-full/blob/master/scripts/build-openresty

[ghost]

Here some useful material to compile geoip2 in openresty https://www.electrosoftcloud.com/en/compile-geoip2-in-openresty-and-how-to-use-it/

[OuticNZ]

Did this get progressed any? Or is it waiting for someone to pick it up?

[chaptergy]

No, I don't think there is any progress, and I don't think there will come an official integration in v2 of npm, unless someone wants to get working on it and creates a PR.

[Pacerino]

I've actually made my own custom version of it with geoIP in order to use it with loki and grafana. https://github.com/Pacerino/docker-nginx-full https://github.com/Pacerino/nginx-proxy-manager

The only think is that i've ported the CI to Drone. There is an error appearing if creating the container about missing deps. I've temporary fixed it by installing libgeoip1_1.6 manually with DPKG

wget http://ftp.de.debian.org/debian/pool/main/g/geoip/libgeoip1_1.6.12-7_amd64.deb
dpkg -i libgeoip1_1.6.12-7_amd64.deb

After a reboot of the container everything works.

This is a quick and dirty implementation of it and not the latest release the main repo. The Frontend is missing the Logo but everything works. I should merge into the latest release and trying to get rid of the missing dep and the logo.

[firebowl]

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

[danner26]

I personally do.

On Sat, Jan 1, 2022, 13:58 firebowl @.***> wrote:

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

— Reply to this email directly, view it on GitHub https://github.com/jc21/nginx-proxy-manager/issues/46#issuecomment-1003601029, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6JNIY4BQSLDMNGMXLQ2YTUT5FEFANCNFSM4GOX4ASA . You are receiving this because you commented.Message ID: @.***>

[ghallford]

I do as well!

⁣-- Geoff​

On Jan. 1, 2022, 2:03 p.m., at 2:03 p.m., Daniel Anner @.***> wrote:

I personally do.

On Sat, Jan 1, 2022, 13:58 firebowl @.***> wrote:

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

— Reply to this email directly, view it on GitHub

https://github.com/jc21/nginx-proxy-manager/issues/46#issuecomment-1003601029,

or unsubscribe

https://github.com/notifications/unsubscribe-auth/AB6JNIY4BQSLDMNGMXLQ2YTUT5FEFANCNFSM4GOX4ASA

. You are receiving this because you commented.Message ID: @.***>

-- Reply to this email directly or view it on GitHub: https://github.com/jc21/nginx-proxy-manager/issues/46#issuecomment-1003601979 You are receiving this because you commented.

Message ID: @.***>

[Pl1997]

Hi, this would be great for me too !