This article is about using Nginx as a free alternative for Cloudflare workers. Ok. If you were behind a Cloudflare proxy and want to redirect incoming traffic based on Geolocation, You should use CF Workers as a best-practices solution, but it's costly when you get a lot of traffic to your website.
The best solution at a low price will be manually setting up Nginx webserver to use it as a GeoIP distributor proxy worker.
We will need to install the GeoIP
, Nginx
community module, to check if it's already installed on your server, you can run the following command
root@server /home/online # nginx -V nginx version: nginx/1.18.0 (Ubuntu) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-KTLRnK/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
Install Nginx GeoIP Module
If the Nginx GeoIP module does not exist, you can install it by running the following command.
# apt install nginx-extras
We need to catch the visitor's IP address, check the Country by IP, and then do redirect action based on the country information.
Using the GeoIP Nginx module, besides the Maxmind GeoIP Database, we can do the mission as the following.
We will need to install the MaxMind
GeoIP/GeoIP2 database updates package geoipupdate
.
# apt install geoipupdate
Create MaxMind GeoIP Account
We will use the free version of Maxmind GeoIP, called GeoLite it's less accurate because of late updates but works fine.
Using geoipupdate
will download the GeoLite2 database locally, keep it updating using cronjob, and connect it with Nginx GeoIP Module.
So let's Signup for free Maxmind GeoLite, and then generate our free license key
After Signup, and while generating your new license key, you will need to select Yes
the question: Old versions of our GeoIP Update program use a different license key format. Will this key be used for GeoIP Update?.
And select a suitable version of geoipupdate
package, you can detect the package version by running:
# geoipupdate --version
Configure Maxmind GeoIP
Edit the config file /etc/GeoIP.conf
and enter your Maxmind AccountID and LicenseKey values.
Now will create a cronjob
To auto-update the GeoIP database. and as we used the free version GeoLite, it updated weekly on Tuesday so that we could run our cronjob
weekly on Wednesday morning.
So insert the crontjob
below to your system crontab
0 0 * * WED /usr/bin/geoipupdate
Configure Nginx GeoIP
In http
context set up the path to the GeoIP country database to the NGINX configuration at the file /etc/nginx/nginx.conf
:
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb { $geoip2_data_country_iso_code country iso_code; }
And at server context, we can redirect as
Server { [.....] if ($geoip2_data_country_iso_code = "FR") { return 301 https://fr.default.com$request_uri; # France } }