From 136608798dac002d87e0ea668ce30e58de546cbb Mon Sep 17 00:00:00 2001 From: yurymuski Date: Fri, 12 Jul 2024 23:45:54 +0400 Subject: [PATCH] add City DB usage, fix IPv6, improved logs --- README.md | 14 +++++++- conf/nginx.conf | 81 +++++++++++++++++++++++++++++++++++++------- docker-entrypoint.sh | 2 +- helm/values.yaml | 4 +-- 4 files changed, 84 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index d962a95..9ecebbc 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,10 @@ Based on openresty (nginx) and maxmind geo DB (build-in cron for geoipupdate). # Retrive GEOIP credentials from `maxmind.com` and set variables export GEOIP_ACCOUNTID="AccountID" export GEOIP_LICENSEKEY="LicenseKey" -export GEOIP_EDITIONID="GeoLite2-Country" # "GeoLite2-Country" or "GeoIP2-Country" +export GEOIP_EDITIONID="GeoLite2-Country" # "GeoLite2-Country", "GeoIP2-Country" or "GeoIP2-City" # OPTIONAL: set custom GEOIP_CRONTAB, default is '48 14 * * 3,6' +# NOTE: maxmind databases are updated twice weekly, every Tuesday and Friday. export GEOIP_CRONTAB="48 14 * * 3" # start docker container @@ -34,6 +35,9 @@ curl localhost:8080 -H "X-Custom-Real-Ip: 8.8.8.8" curl localhost:8080 -H "X-Real-Ip: 8.8.8.8" curl localhost:8080 -H "CF-Connecting-IP: 8.8.8.8" curl localhost:8080/ip/8.8.8.8 +curl localhost:8080/ip/city/8.8.8.8 +curl localhost:8080/ip/2a03:2880:f189:80:face:b00c:0:25de +curl localhost:8080/ip/city/2a03:2880:f189:80:face:b00c:0:25de ``` @@ -85,3 +89,11 @@ helm package ../ cd ../ helm repo index . --url https://yurymuski.github.io/geo-checker/helm/ ``` + +--- +## refs: +[leev/ngx_http_geoip2_module](https://github.com/leev/ngx_http_geoip2_module) +[man mmdblookup](https://maxmind.github.io/libmaxminddb/mmdblookup.html) +[mmdbinspect examples](https://github.com/maxmind/mmdbinspect?tab=readme-ov-file#examples) +[maxmind DB accuracy](https://www.maxmind.com/en/geoip2-city-accuracy-comparison) +[maxmind geoip demo](https://www.maxmind.com/en/geoip-web-services-demo) diff --git a/conf/nginx.conf b/conf/nginx.conf index 608785b..079ce31 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,10 +5,20 @@ map $http_cf_connecting_ip $header_x_real_ip { } geoip2 /usr/share/geoip/GEOIP_EDITIONID.mmdb { - $geoip2_data_country_code source=$header_x_real_ip country iso_code; - $geoip2_data_country_name source=$header_x_real_ip country names en; - $geoip2_data_country_code_by_uri source=$ip_uri country iso_code; - $geoip2_data_country_name_by_uri source=$ip_uri country names en; + $geoip2_data_country_code source=$header_x_real_ip country iso_code; + $geoip2_data_country_name source=$header_x_real_ip country names en; + $geoip2_data_city_name source=$header_x_real_ip city names en; + $geoip2_data_continent_name source=$header_x_real_ip continent names en; + $geoip2_data_subdivision_code source=$header_x_real_ip subdivisions 0 iso_code; + $geoip2_data_subdivision_name source=$header_x_real_ip subdivisions 0 names en; + + $geoip2_data_country_code_by_uri source=$ip_uri country iso_code; + $geoip2_data_country_name_by_uri source=$ip_uri country names en; + $geoip2_data_city_name_by_uri source=$ip_uri city names en; + $geoip2_data_continent_name_by_uri source=$ip_uri continent names en; + $geoip2_data_subdivision_code_by_uri source=$ip_uri subdivisions 0 iso_code; + $geoip2_data_subdivision_name_by_uri source=$ip_uri subdivisions 0 names en; + } server_tokens off; @@ -19,12 +29,41 @@ add_header X-Forwarded-For $http_x_forwarded_for; add_header X-Geo-Country-Code $geoip2_data_country_code; add_header X-Geo-Country-Name $geoip2_data_country_name; -log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" "$http_user_agent" ' - '"$http_x_forwarded_for" "$http_x_real_ip" "$http_x_custom_real_ip" "$http_x_header_real_ip" "$http_cf_connecting_ip" ' - '"$geoip2_data_country_code" "$geoip2_data_country_name" "$geoip2_data_country_code_by_uri" "$geoip2_data_country_name_by_uri"'; - -access_log /usr/local/openresty/nginx/logs/access.log main_geo; +log_format geoip_plain_txt '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" "$http_user_agent" ' + '"$http_x_forwarded_for" "$http_x_real_ip" "$http_x_custom_real_ip" "$http_x_header_real_ip" "$http_cf_connecting_ip" ' + '"$geoip2_data_country_code" "$geoip2_data_country_name" "$geoip2_data_country_code_by_uri" "$geoip2_data_country_name_by_uri"'; + +log_format geoip_extended_json '{ "remote_ip": "$remote_addr", ' + '"remote_user": "$remote_user", ' + '"time": "$time_local", ' + '"host": "$host", ' + '"request": "$request", ' + '"status": "$status", ' + '"body_bytes_sent": "$body_bytes_sent", ' + '"http_referer": "$http_referer", ' + '"agent": "$http_user_agent", ' + '"request_time": "$request_time", ' + '"x_forwarded_for": "$http_x_forwarded_for", ' + '"x_real_ip": "$http_x_real_ip", ' + '"x_custom_real_ip": "$http_x_custom_real_ip", ' + '"x_header_real_ip": "$http_x_header_real_ip", ' + '"cf_connecting_ip": "$http_cf_connecting_ip", ' + '"geoip2_data_country_code": "$geoip2_data_country_code", ' + '"geoip2_data_country_name": "$geoip2_data_country_name", ' + '"geoip2_data_city_name": "$geoip2_data_city_name", ' + '"geoip2_data_continent_name": "$geoip2_data_continent_name", ' + '"geoip2_data_subdivision_code": "$geoip2_data_subdivision_code", ' + '"geoip2_data_subdivision_name": "$geoip2_data_subdivision_name", ' + '"geoip2_data_country_code_by_uri": "$geoip2_data_country_code_by_uri", ' + '"geoip2_data_country_name_by_uri": "$geoip2_data_country_name_by_uri", ' + '"geoip2_data_city_name_by_uri": "$geoip2_data_city_name_by_uri", ' + '"geoip2_data_continent_name_by_uri": "$geoip2_data_continent_name_by_uri", ' + '"geoip2_data_subdivision_code_by_uri": "$geoip2_data_subdivision_code_by_uri", ' + '"geoip2_data_subdivision_name_by_uri": "$geoip2_data_subdivision_name_by_uri" }'; + + +access_log /usr/local/openresty/nginx/logs/access.log geoip_extended_json; error_log /usr/local/openresty/nginx/logs/error.log; server { @@ -54,7 +93,7 @@ server { if ngx.var.geoip2_data_country_code and ngx.var.geoip2_data_country_name then ngx.say("{\"IP\":\"" .. ngx.var.header_x_real_ip .. "\",\"iso2Code\":\"" .. ngx.var.geoip2_data_country_code .. "\",\"name\":\"" .. ngx.var.geoip2_data_country_name .. "\"}") else - ngx.say("{\"status\":\"error\"}") + ngx.say("{\"status\":\"header_error\"}") end } @@ -70,7 +109,7 @@ server { return 200 "OK"; } - location ~ ^/ip/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ { + location /ip/ { default_type "application/json"; set $ip_uri ''; @@ -79,7 +118,23 @@ server { if ngx.var.geoip2_data_country_code_by_uri and ngx.var.geoip2_data_country_name_by_uri then ngx.say("{\"IP\":\"" .. ngx.var.ip_uri .. "\",\"iso2Code\":\"" .. ngx.var.geoip2_data_country_code_by_uri .. "\",\"name\":\"" .. ngx.var.geoip2_data_country_name_by_uri .. "\"}") else - ngx.say("{\"status\":\"error\"}") + ngx.say("{\"status\":\"ip_error\"}") + end + } + + } + + # NOTE: for GeoIP2-City DB + location /ip/city/ { + + default_type "application/json"; + set $ip_uri ''; + content_by_lua_block { + ngx.var.ip_uri = ngx.re.sub(ngx.var.uri, "/ip/city/", "") + if ngx.var.geoip2_data_country_code_by_uri and ngx.var.geoip2_data_country_name_by_uri and ngx.var.geoip2_data_city_name_by_uri and ngx.var.geoip2_data_continent_name_by_uri and ngx.var.geoip2_data_subdivision_code_by_uri and ngx.var.geoip2_data_subdivision_name_by_uri then + ngx.say("{\"IP\":\"" .. ngx.var.ip_uri .. "\",\"country_iso_code\":\"" .. ngx.var.geoip2_data_country_code_by_uri .. "\",\"country_name\":\"" .. ngx.var.geoip2_data_country_name_by_uri .. "\",\"city_name\":\"" .. ngx.var.geoip2_data_city_name_by_uri .. "\",\"continent_name\":\"" .. ngx.var.geoip2_data_continent_name_by_uri .. "\",\"subdivisions1_iso_code\":\"" .. ngx.var.geoip2_data_subdivision_code_by_uri .. "\",\"subdivision_name\":\"" .. ngx.var.geoip2_data_subdivision_name_by_uri .. "\"}") + else + ngx.say("{\"status\":\"ip_error\"}") end } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4175e41..035bce6 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -8,7 +8,7 @@ sed -i s/GEOIP_EDITIONID/$GEOIP_EDITIONID/g /opt/geoip.conf; sed -i s/GEOIP_EDITIONID/$GEOIP_EDITIONID/g /etc/nginx/conf.d/nginx.conf; # Update geoipupdate cron -GEOIP_CRONTAB="${GEOIP_CRONTAB:-48 14 * * 3,6}" +GEOIP_CRONTAB="${GEOIP_CRONTAB:-48 14 * * 3,6}" # NOTE: maxmind databases are updated twice weekly, every Tuesday and Friday. sed -i s/GEOIP_CRONTAB/"$GEOIP_CRONTAB"/g /opt/crontab.txt; /usr/bin/crontab /opt/crontab.txt diff --git a/helm/values.yaml b/helm/values.yaml index c53f33d..1773f84 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -107,9 +107,9 @@ affinity: {} maxmind: geoipAccountid: "AccountID" # NOTE: Mandatory vars. Set your creds from maxmind.com geoipLicensekey: "LicenseKey" # NOTE: Mandatory vars. Set your creds from maxmind.com - geoipEditionid: "GeoLite2-Country" # NOTE: "GeoLite2-Country" or "GeoIP2-Country" + geoipEditionid: "GeoLite2-Country" # NOTE: "GeoLite2-Country", "GeoIP2-Country" or "GeoIP2-City" existingSecret: "" env: - GEOIP_CRONTAB: '48 14 * * 3,6' + GEOIP_CRONTAB: '48 14 * * 3,6' # NOTE: maxmind databases are updated twice weekly, every Tuesday and Friday.