Nginx uses GeoIP to restrict access and whitelist support

To use GeoIP, you need to recompile nginx, my system is centos6.5,nginx with Tengine, the required package:
GCC, gcc-c++, OpenSSL, Openssl-devel, GeoIP Library, GeoLite Country, GeoLite City, Pcre, Tengine2

1. Download the required Packages

wget http://tengine.taobao.org/download/tengine-2.0.3. Tar.gzwget http://geolite.maxmind.com/download/ geoip/database/GeoLiteCity.dat.gzwget http://geolite.maxmind.com/download/geoip/database/ geolitecountry/GeoIP.dat.gzwget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gzwget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.zip

2. Install software for compilation

Yum install gcc gcc-c++ OpenSSL openssl-devel

3. Compiling the GeoIP Library

Gunzip GeoIP.tar.gz && tar-xvf geoip.tar && cd GeoIP-1.4.8 . /configure && make && make install

If you do not compile the GeoIP library, you will be prompted when you compile Nginx

The GeoIP module requires the GeoIP library

4. Compiling Nginx
Unzip the pcre before executing the command:

./configure--prefix=/usr/local/nginx--with-http_realip_module--with-http_gzip_static_module--with-http_random_ Index_module--with-http_stub_status_module--without-select_module--without-poll_module--with-http_geoip_module --with-http_ssl_module--with-openssl-opt=enable-tlsext--with-pcre=. /pcre-8.33&& make install

5. Configure GeoIP

Gunzip GeoLiteCity.dat.gz  && gunzip GeoIP.dat.gz

Move the two extracted library files to the Nginx conf directory, then add the following in the nginx.conf:

Geoip_country/usr/local/nginx/conf/geoip.dat;
Geoip_city/usr/local/nginx/conf/geolitecity.dat;
#geoIP的白名单
Geo $remote _addr $ip _whitelist {
Default 0;
Include ip.conf;
}

Add the GeoIP configuration to the location in the virtual host where you want to use GeoIP, where you directly attach a configuration

Location/{
Proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
#白名单配置
if ($ip _whitelist = 1) {
Proxy_pass http://web;
Break
}
#屏蔽的国家返回403
if ($geoip _country_code ~ "(hk| tw| ph| mo| (US) ") {
return 403;
}
Proxy_pass http://web;
}

Create a new ip.conf as a GeoIP whitelist under Conf, support IP segment, content and format as:

8.8.8.8 1;
8.8.8.8/24 1;

Check Configuration

/usr/local/nginx/sbin/nginx-t

If a 64-bit system may report:

/nginx:error while loading shared libraries:libgeoip.so.1:cannot open Shared object file:no such file or directory

Workaround:

Ln-s/usr/local/lib/libgeoip.so*/lib64/

After

Verify that there is no library file with not found.
This configures Nginx, and restricts access to countries and cities through GeoIP, and supports whitelisting.

Original link: http://www.52os.net/articles/configure-nginx-using-geoip-allow-whitelist.html

Nginx uses GeoIP to restrict access and whitelist support