in ,

Nginx Redirect Based on Geolocation

Cloudflar Nginx

This article is about using Nginx as a free alternative for Cloudflare workers. Ok. If you were behind a Cloudflare proxy and want to redirect incoming traffic based on Geolocation, You should use CF Workers as a best-practices solution, but it’s costly when you get a lot of traffic to your website.

The best solution at a low price will be manually setting up Nginx webserver to use it as a GeoIP distributor proxy worker.

We will need to install the GeoIP, Nginx community module, to check if it’s already installed on your server, you can run the following command

root@server /home/online # nginx -V
nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-KTLRnK/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module

Install Nginx GeoIP Module

If the Nginx GeoIP module does not exist, you can install it by running the following command.

# apt install nginx-extras

We need to catch the visitor’s IP address, check the Country by IP, and then do redirect action based on the country information.

Using the GeoIP Nginx module, besides the Maxmind GeoIP Database, we can do the mission as the following.

We will need to install the MaxMind GeoIP/GeoIP2 database updates package geoipupdate .

# apt install geoipupdate

Create MaxMind GeoIP Account

We will use the free version of Maxmind GeoIP, called GeoLite it’s less accurate because of late updates but works fine.

Using geoipupdate  will download the GeoLite2 database locally, keep it updating using cronjob, and connect it with Nginx GeoIP Module.

So let’s Signup for free Maxmind GeoLite, and then generate our free license key

maxmind free account

After Signup, and while generating your new license key, you will need to select Yes the question: Old versions of our GeoIP Update program use a different license key format. Will this key be used for GeoIP Update?.

And select a suitable version of geoipupdate package, you can detect the package version by running:

 # geoipupdate --version

maxmind geolite generate license key

Configure Maxmind GeoIP

Edit the config file /etc/GeoIP.conf and enter your Maxmind AccountID and LicenseKey values.

Now will create a cronjob To auto-update the GeoIP database. and as we used the free version GeoLite, it updated weekly on Tuesday so that we could run our cronjob weekly on Wednesday morning.

So insert the crontjob below to your system crontab

0 0 * * WED /usr/bin/geoipupdate

Configure Nginx GeoIP

In http context set up the path to the GeoIP country database to the NGINX configuration at the file /etc/nginx/nginx.conf:

geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
           $geoip2_data_country_iso_code country iso_code;
}

And at server context, we can redirect as

Server {
[.....]
if ($geoip2_data_country_iso_code = "FR") {

   return 301 https://fr.default.com$request_uri; # France

 }

}

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

cryptocurrency mining epic beyond blunderdome simpsons

WTF! Homer Simpson Catch In Cryptocurrency Mining Training.. Here Is The Truth.

MySQL Database

Make Linux Only Swapping MySQL As A Last Resort