Add GeoIP module

[teodorch85]

Hi! As I am noob with nginx is it possible to enable the GeoIP module so we can limit access also by location? https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/

Thank you!

[jc21]

Sounds doable. Makes sense to include with improvements in #38 as well.

[wuast94]

the geoip module is active by default so no worry. its just a bit of path mapping and edit config files :P

the main problem of geoip module is using legacy geoip databases that are deprecated. from https://dev.maxmind.com/geoip/legacy/downloadable/ to https://dev.maxmind.com/geoip/geoip2/geolite2/ wich is using maxmind databases

but the geoip module from nginx is using teh legacy databases. so i dont know if its an issue from nginx itselfs or from npm. it sounds nice to block countries etc but i thing nginx need to fix it first before this feature can addet by devs to the container or am i wrong ? i wrote more to -> #78

[jc21]

Yep I've found the legacy databases are not longer supplied anymore so everyone has to convert to geo2.

Seems it's trivial to add the new module: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/geoip2/

Also the geolite databases need to be baked in to the docker image.

[wuast94]

I think it should be better to make this possible over mounting the nginx dir to host system. So everyone can edit this as wanted (use other modules or databases)

And I think the geo2 module should be addet by nginx docker Mainter. Many modules are installed by defoult: https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine/Dockerfile

[jc21]

You can already do that if you want to. In any docker image there is no restriction in what you're mounting and where. Even though I bake in config or files you're always able to override them.

[corvy]

I would really love this feature. :)

[ghallford]

This would be awesome because in order to use this

Currently nginx fails with this error when I add the custom log format:

2020/07/09 16:36:21 [emerg] 3022#3022: unknown "geoip2_data_city_name" variable

I need the geoIP information to send to InfluxDB custom format:

log_format custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" $host "$http_user_agent" "$request_time" "$upstream_connect_time" "$geoip2_data_city_name" "$geoip2_data_country_code"';

[joggs]

Looking forward to this!

[brokoler]

Still missing and everything I'm waiting for! 👍

[risiman]

That sounds great to me

[andyshutak]

Likewise this will help massively in reducing attempted logons and bruteforcing on my network. Watching closely.

[Br3b]

Hi guys, this would be great! I was trying to get the geoip module or to at least implement a kind of monitoring possibility for the ngxin proxy manager with telegraf and grafana. But my limited docker knowledge is just not enough. I would appreciate if this feature would be available out of the box :) Stay healthy!

[rh535]

This would be great!

[danner26]

@jc21 any update? I would be happy to help develop on this if y'all need an extra hand in order to get it included.

[mgutt]

+1

[phrogg]

Is there any way, to do this without it implemented? If I can set it up manually I may be able to make an PR out of it.

[mouseron]

Checking in to see if how this is going. @jc21 is there any update please. It would be great to have this implemented please and thank you!

[jc21]

See #1202

[mouseron]

See #1202

Thanks and it's great to see there will be a V3! I wasn't aware.

It's not clear not me whether GeoIP2 will be part of this new version though... The closest statement I could find was "UI Configurable IP ranges for real_ip determination"

Will GeoIP2 be incorporated?

Thanks again!

[Pacerino]

@mouseron Take a look at https://github.com/sherpya/geolite2legacy and https://www.miyuru.lk/geoiplegacy

[Pacerino]

the geoip module is active by default so no worry. its just a bit of path mapping and edit config files :P

the main problem of geoip module is using legacy geoip databases that are deprecated. from https://dev.maxmind.com/geoip/legacy/downloadable/ to https://dev.maxmind.com/geoip/geoip2/geolite2/ wich is using maxmind databases

but the geoip module from nginx is using teh legacy databases. so i dont know if its an issue from nginx itselfs or from npm. it sounds nice to block countries etc but i thing nginx need to fix it first before this feature can addet by devs to the container or am i wrong ? i wrote more to -> #78

Hey @wuast94 i was wondering how the geoip module is active by default when the openresty doesnt get compiled with the flag to enable the geoip module? It would be nice if you could explain in detail how you managed it. The anweres you've made arent detailed.

[jc21]

Should anyone want to look at adding the module:

• https://github.com/NginxProxyManager/docker-nginx-full/blob/master/docker/Dockerfile
• https://github.com/NginxProxyManager/docker-nginx-full/blob/master/scripts/build-openresty

[ghost]

Here some useful material to compile geoip2 in openresty https://www.electrosoftcloud.com/en/compile-geoip2-in-openresty-and-how-to-use-it/

[OuticNZ]

Did this get progressed any? Or is it waiting for someone to pick it up?

[chaptergy]

No, I don't think there is any progress, and I don't think there will come an official integration in v2 of npm, unless someone wants to get working on it and creates a PR.

[Pacerino]

I've actually made my own custom version of it with geoIP in order to use it with loki and grafana. https://github.com/Pacerino/docker-nginx-full https://github.com/Pacerino/nginx-proxy-manager

The only think is that i've ported the CI to Drone. There is an error appearing if creating the container about missing deps. I've temporary fixed it by installing libgeoip1_1.6 manually with DPKG

wget http://ftp.de.debian.org/debian/pool/main/g/geoip/libgeoip1_1.6.12-7_amd64.deb
dpkg -i libgeoip1_1.6.12-7_amd64.deb

After a reboot of the container everything works.

This is a quick and dirty implementation of it and not the latest release the main repo. The Frontend is missing the Logo but everything works. I should merge into the latest release and trying to get rid of the missing dep and the logo.

[firebowl]

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

[danner26]

I personally do.

On Sat, Jan 1, 2022, 13:58 firebowl @.***> wrote:

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

— Reply to this email directly, view it on GitHub https://github.com/jc21/nginx-proxy-manager/issues/46#issuecomment-1003601029, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6JNIY4BQSLDMNGMXLQ2YTUT5FEFANCNFSM4GOX4ASA . You are receiving this because you commented.Message ID: @.***>

[ghallford]

I do as well!

⁣-- Geoff​

On Jan. 1, 2022, 2:03 p.m., at 2:03 p.m., Daniel Anner @.***> wrote:

I personally do.

On Sat, Jan 1, 2022, 13:58 firebowl @.***> wrote:

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

— Reply to this email directly, view it on GitHub

https://github.com/jc21/nginx-proxy-manager/issues/46#issuecomment-1003601029, or unsubscribe

https://github.com/notifications/unsubscribe-auth/AB6JNIY4BQSLDMNGMXLQ2YTUT5FEFANCNFSM4GOX4ASA . You are receiving this because you commented.Message ID: @.***>

-- Reply to this email directly or view it on GitHub: https://github.com/jc21/nginx-proxy-manager/issues/46#issuecomment-1003601979 You are receiving this because you commented.

Message ID: @.***>

[Pl1997]

Hi, this would be great for me too !

[spiezmaestro]

Hi, would like to have this as well!

[scyto]

I am new to NPM, seeing if it can replace my custom config. I am glad to see this will be in v3.

I note despite someone saying the geoip modules are loaded in the base docker used for npm an nginx -V reveals this is not the case :-(

For now with v2 is there anyway to get the geoip modules working? (i use them for my csustom log format)

I copied over ngx_http_geoip_module.so and tried loading it using /data/nginx/custom/root.conf however i get the error nginx: [emerg] "load_module" directive is specified too late in /data/nginx/custom/root.conf:2

I assume this is because this is placed at the of the root conf rather than in the main block? Is there any other workaround?

(in v3 can we have standard support for modules using the normal /modules-enabled/50*.conf files method?)

ok i see how to get modules loaded in npm, i mapped a volume to /etc/nginx/modules

i am now caught in dependency loop of finding just the right modules, i guess because i need the resty version of ngx_http_geoip_module.so (version 1019009) i am unclear where i can get that from?

[TehloWasTaken]

I've actually made my own custom version of it with geoIP in order to use it with loki and grafana. https://github.com/Pacerino/docker-nginx-full https://github.com/Pacerino/nginx-proxy-manager

The only think is that i've ported the CI to Drone. There is an error appearing if creating the container about missing deps. I've temporary fixed it by installing libgeoip1_1.6 manually with DPKG

wget http://ftp.de.debian.org/debian/pool/main/g/geoip/libgeoip1_1.6.12-7_amd64.deb
dpkg -i libgeoip1_1.6.12-7_amd64.deb

After a reboot of the container everything works.

This is a quick and dirty implementation of it and not the latest release the main repo. The Frontend is missing the Logo but everything works. I should merge into the latest release and trying to get rid of the missing dep and the logo.

Hey, just tried to look at your custom repo's, but they're not public anymore, or deleted. Do you still have these? I'd love to use these as I'd like to setup: https://grafana.com/grafana/dashboards/12559

Thanks!

[Pacerino]

Im back at Friday and can take a Look. Ive probably deleted it.

Von meinem iPhone gesendet

Am 02.03.2022 um 14:52 schrieb Tehlo @.***>:



I've actually made my own custom version of it with geoIP in order to use it with loki and grafana. https://github.com/Pacerino/docker-nginx-full https://github.com/Pacerino/nginx-proxy-manager

The only think is that i've ported the CI to Drone. There is an error appearing if creating the container about missing deps. I've temporary fixed it by installing libgeoip1_1.6 manually with DPKG

wget http://ftp.de.debian.org/debian/pool/main/g/geoip/libgeoip1_1.6.12-7_amd64.deb dpkg -i libgeoip1_1.6.12-7_amd64.deb

After a reboot of the container everything works.

This is a quick and dirty implementation of it and not the latest release the main repo. The Frontend is missing the Logo but everything works. I should merge into the latest release and trying to get rid of the missing dep and the logo.

Hey, just tried to look at your custom repo's, but they're not public anymore, or deleted. Do you still have these? I'd love to use these as I'd like to setup: https://grafana.com/grafana/dashboards/12559

Thanks!

— Reply to this email directly, view it on GitHubhttps://github.com/NginxProxyManager/nginx-proxy-manager/issues/46#issuecomment-1057016139, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFJKPD3HOXB3UX2342N4X63U556DTANCNFSM4GOX4ASA. You are receiving this because you commented.Message ID: @.***>

[jgramling17]

Any updates on this? I think making it an optional config through env variables or something similar wouldn't sacrifice simplicity for basic use cases.

[benisai]

I'm also interested in this.

[hellcry37]

This geoip missing is what is stopping me to use this against the actual nginx. My nginx confs work great what I miss is the actual ease of use of this software. But without geoip to protect my stuff and let only a country to access my websites and whitelist only some ip from the countrys i do not want to acess my stuff there is no way this is viable. Thanks for your consideration

[nfacciolo]

It's possible to install the module apt install libnginx-mod-http-geoip then create a custom file config nano /data/nginx/custom/http_top.conf Here you can add all your geo config then use created variable

[webysther]

Maybe using this as reference: https://github.com/jlesage/docker-nginx-proxy-manager

[lavinir]

I've created a script that uses location data from db-ip.com to create country based access lists in nginx proxy manager. They publish updated addresses monthly and you can just set up a cron schedule to run the script and update the access list that way. More details here

[webysther]

I decide to use like you @lavinir but in router direct with firewall and ip set, I just make download of geoip2 and use pandas to convert in CIDR ip list based on my needs. This solution have the advantage to remove the load from NPM, but will be great to have this. For someone that want to implement:

import pandas as pd

loc = pd.read_csv('data/GeoLite2-Country-Locations-en.csv')
ip4 = pd.read_csv('data/GeoLite2-Country-Blocks-IPv4.csv')

ip4loc = pd.merge(loc, ip4, on='geoname_id')

# countries you want to allow/block
country_list = ["BR","IT","NL","PT","CA"]

ip4loc = ip4loc[ip4loc['country_iso_code'].isin(country_list)]

path = 'data/allowed.zone.txt'
ip4loc.to_csv(path, columns = ["network"], header = False, index = False)

In my case I put this on a docker I make the update on Openwrt

[lavinir]

@webysther . Cool. For me, I have use cases where I need the filter on a per rule basis so I can't block everything at the router level. But if you want to block all traffic from certain locations to your home that's a great solution 👍

[webysther]

Yes my solution dont work per rule or domain.

[GamerClassN7]

Hello, Any news regarding implementation of geo module ?

Thanks for info

[lavinir]

Hi,

Unfortunately no, I haven't had the time to get back to this project yet..

[nfacciolo]

If you install it directly on your server just install the dep : apt install libnginx-mod-http-geoip If you use docker, create a dockerfile and RUN apt install libnginx-mod-http-geoip

[corvy]

We should just fork and add it...

On Fri, 15 Sept 2023, 07:53 facciolo, @.***> wrote:

If you install it directly on your server just install the dep : apt install libnginx-mod-http-geoip If you use docker, create a dockerfile and RUN apt install libnginx-mod-http-geoip

— Reply to this email directly, view it on GitHub https://github.com/NginxProxyManager/nginx-proxy-manager/issues/46#issuecomment-1720715568, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABBYNEZ53EUH5PBZGKMUFLX2PUONANCNFSM4GOX4ASA . You are receiving this because you commented.Message ID: @.***>

[webysther]

I don't think is a good ideia, the new version is coming and in some time in future, maybe add to the new version or make this new version flexible to support this kind of feature like mod of lsio

[GamerClassN7]

I don't think is a good ideia, the new version is coming and in some time in future, maybe add to the new version or make this new version flexible to support this kind of feature like mod of lsio

What is this mod site ?

[webysther]

I don't think is a good ideia, the new version is coming and in some time in future, maybe add to the new version or make this new version flexible to support this kind of feature like mod of lsio

What is this mod site ?

https://mods.linuxserver.io/?mod=create