IP2LOCATION-LITE-DB1.IPV6.BIN manually download and use not working ?

Tob1as commented 10 months ago

Hello,

I have a question because I don't understand something.

Basically the plugin works fine. My config: In Traefik 2.x docker-compose as command:

- "--experimental.plugins.geoblock.modulename=github.com/nscuro/traefik-plugin-geoblock"
- "--experimental.plugins.geoblock.version=v0.11.0"

Volume - ./traefik-plugins/:/plugins-local/ Traefik dynamic config:

http:
  middlewares:
    geoblock:
      plugin:
        geoblock:
          # Enable this plugin?
          enabled: true
          # Path to ip2location database file
          #databaseFilePath: /plugins-storage/sources/gop-<random-numbers>/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN
          databaseFilePath: /plugins-local/IP2LOCATION-LITE-DB1.IPV6.BIN
          # Whitelist of countries to allow (ISO 3166-1 alpha-2)
          allowedCountries: [ "DE" ]
          # Allow requests from private / internal networks?
          allowPrivate: true
          # HTTP status code to return for disallowed requests (default: 403)
          disallowedStatusCode: 403
          # Add CIDR to be whitelisted, even if in a non-allowed country
          allowedIPBlocks: ["x.x.x.x/32"]

For Service (test with whoami) i add in compose file: - "traefik.http.routers.whoami.middlewares=geoblock@file"

First i use /plugins-storage/sources/gop-<random-numbers>/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN as databaseFilePath. But with every Traefik restart the numbers in the path change, so I copied the file to /plugins-local/ and changed the databaseFilePath to this path.
(Path /plugins-local/src/github.com/nscuro/traefik-plugin-geoblock/ from project Readme default not exists.)
This also works, not allowed countries are blocked!

But now I want to use the latest version of IP2LOCATION-LITE-DB1.IPV6.BIN and have downloaded it from the website https://lite.ip2location.com/database/ip-country and overwrite the old file. (The permissions are the same: chmod 755 and root user.)(The bin file is a bit larger.) But this not working, it does not work even after restarting Traefik and the service. No errors are displayed in Traefik Dashboard. I have access from allowed country and all others (tested over VPN).

What could be the reason for this? Can I somehow see the logs from Geoblock to see if there is an error when reading the file? (My Traefik log-level is debug.)

nscuro commented 10 months ago

Hey @Tob1as, TBH I don't know what is causing the issue you're having.

The dynamic plugin file path is new to me, that didn't use to happen when I originally built the plugin. I personally install the plugin in local mode (see https://plugins.traefik.io/install), so I always have static file paths.

Your latest approach should work, and I don't see a reason why it doesn't. As for the logging, the plugin checks on startup if the database file exists and can be opened successfully. If that doesn't work, it will return an error:

https://github.com/nscuro/traefik-plugin-geoblock/blob/069f3ec4b950b3ee3cf938866ebbfc0b9bc19156/plugin.go#L74-L81

Maybe give this a try:

docker exec into the traefik container, as the traefik user
Try to access the database file (e.g. od IP2LOCATION-LITE-DB1.IPV6.BIN | head)

Tob1as commented 10 months ago

Hi, i don't get any of these two errors or other. Access also works.

Now i make update from 0.11.0 to Version 0.13.0 and copy the new database contained in the plugin (path) to my path. Now I have the same problem as when I load the database from the manufacturer's website, my blocks are ignored. If I use the database from 0.11.0 again (copy in my path), the blocking works again. (Also not working when i use plugin path /plugins-storage/sources/gop-19****51/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN. If i use a wrong path, then i get an error.)

I will continue to test it.

disaderp commented 5 months ago

Hi

I have come up with a custom solution, but it does not look very nice. I changed the entrypoint to create a link to /plugins-storage/sources/gop-<randomid> directory. However this directory does not exist before starting traefik, so we can delay a creation by using sleep. Then we can use static path in the middleware definition in dynamic.yml file .

docker-compose.yml - traefik section:

    entrypoint: 
       - /bin/sh
       - -c
    command:
       - rm -f /mnt/gop;
         ( ( sleep 5s ; ln -s /plugins-storage/sources/gop-* /mnt/gop;) & /entrypoint.sh traefik );

dynamic.yml - middlewares section:

  geoblock:
      plugin:
        geoblock:
          # Enable this plugin?
          enabled: true
          # Path to ip2location database file
          databaseFilePath: /mnt/gop/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN

nscuro / traefik-plugin-geoblock

IP2LOCATION-LITE-DB1.IPV6.BIN manually download and use not working ? #76