Use IPInfo as secondary source

nextcloud / vm

💻☁📦 The Nextcloud VM (virtual machine appliance), Home/SME Server and scripts for RPi (4). Community developed and maintained.

https://download.nextcloudvm.com

GNU General Public License v3.0

1.32k stars 663 forks source link

Use IPInfo as secondary source #2683

Closed enoch85 closed 2 months ago

enoch85 commented 2 months ago

Fix https://github.com/nextcloud/vm/issues/2682

enoch85 commented 2 months ago

Hmm, this doesn't seem to work. Allowing "SE" in the list still blocks it when trying to reach the site.

@abdullahdevrel Are your mmdb different from Maxminds?

enoch85 commented 2 months ago

Example from CSV:

start_ip    end_ip  country country_name    continent   continent_name
1.0.0.0 1.0.0.255   AU  Australia   OC  Oceania
1.0.1.0 1.0.3.255   CN  China   AS  Asia
1.0.4.0 1.0.7.255   AU  Australia   OC  Oceania
1.0.8.0 1.0.15.255  CN  China   AS  Asia
1.0.16.0    1.0.31.255  JP  Japan   AS  Asia

In the Apache conf, we use different "tags". This might not work after all?

enoch85 commented 2 months ago

Found this now: https://community.ipinfo.io/t/migrating-from-maxmind-geolite2-country-to-ipinfo-country-mmdb-edition/56

enoch85 commented 2 months ago

So, since IPInfo doesn't run it's own Apache module, I'm afraid this won't work. :|

abdullahdevrel commented 2 months ago

@enoch85 Thank you for reviewing. The scheme is different from MaxMind's, and you have found the post that I would have linked.

I believe the Apache module (https://github.com/maxmind/mod_maxminddb) is schema agnostic, like all the other MMDB reader libraries out there (https://community.ipinfo.io/t/list-of-mmdb-reader-libraries/2821).

Looking at this bit of code:

https://github.com/nextcloud/vm/blob/6a111c790e6d0207a5778d14c71af26bbf3a100e/network/geoblock.sh#L224-L227

So, with respect to our database schema, I assume this will be:

  MaxMindDBEnv MM_CONTINENT_CODE DB/continent
  MaxMindDBEnv MM_COUNTRY_CODE DB/country

Can you see if it would work?

enoch85 commented 2 months ago

Yes, I can confirm, the change works.

Now I need to get my head around how we want to do this...

enoch85 commented 2 months ago

Found a solution!

<IfModule mod_maxminddb.c>
  MaxMindDBEnable On

  # Check for IPinfo mmdb
  <IfFile "/usr/share/GeoIP/IPInfo-Country.mmdb">
    MaxMindDBFile DB /usr/share/GeoIP/IPInfo-Country.mmdb
    MaxMindDBEnv MM_CONTINENT_CODE DB/continent
    MaxMindDBEnv MM_COUNTRY_CODE DB/country
  </IfFile>
  # Check for Maxmind mmdb
  <IfFile "/usr/share/GeoIP/GeoLite2-Country.mmdb">
    MaxMindDBFile DB /usr/share/GeoIP/GeoLite2-Country.mmdb
    MaxMindDBEnv MM_CONTINENT_CODE DB/continent/code
    MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
  </IfFile>
</IfModule>

enoch85 commented 2 months ago

OK, so this is tested and works!

@abdullahdevrel Please confirm that the "attribution requirements" are enough.