Commit db05f1e9 authored by hadret's avatar hadret

feat: replace built-in geoip with third-party geoip2.

parent 3679b259
nginx (1.14.2-1bionic0) bionic; urgency=medium
nginx (1.14.2-2bionic0) bionic; urgency=medium
* Non-maintainer upload.
* Replace built-in geoip with third-party geoip2.
-- Filip Chabik <hadret@gmail.com> Fri, 08 Feb 2019 10:13:59 +0000
nginx (1.14.2-1bionic0) bionic; urgency=medium
* New upstream version 1.14.2
* Fix debian/watch source default to version 1.14.
......
......@@ -4,7 +4,7 @@ Priority: optional
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
XSBC-Original-Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@lists.alioth.debian.org>
Uploaders: Christos Trochalakis <ctrochalakis@debian.org>
Build-Depends: debhelper (>= 10),
Build-Depends: debhelper (>= 9),
dh-systemd,
po-debconf,
dpkg-dev (>= 1.15.5),
......@@ -15,6 +15,7 @@ Build-Depends: debhelper (>= 10),
libldap2-dev,
liblua5.1-0-dev [!i386 !amd64 !kfreebsd-i386 !armel !armhf !powerpc !powerpcspe !mips !mipsel],
libluajit-5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc powerpcspe mips mipsel],
libmaxminddb-dev,
libmhash-dev,
libpam0g-dev,
libpcre3-dev,
......@@ -69,7 +70,7 @@ Description: small, powerful, scalable web/proxy server - common files
Package: nginx-core
Architecture: any
Depends: libnginx-mod-http-geoip (= ${binary:Version}),
Depends: libnginx-mod-http-geoip2 (= ${binary:Version}),
libnginx-mod-http-image-filter (= ${binary:Version}),
libnginx-mod-http-xslt-filter (= ${binary:Version}),
libnginx-mod-mail (= ${binary:Version}),
......@@ -94,7 +95,7 @@ Description: nginx web/proxy server (standard version)
GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
Referer, Rewrite, SCGI, Split Clients, UWSGI.
.
OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip,
OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP2, Gunzip,
Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP,
Slice, SSI, SSL, Stream, Stub Status, Substitution, Thread Pool, Upstream,
User ID, XSLT.
......@@ -107,7 +108,7 @@ Depends: libnginx-mod-http-auth-ldap (= ${binary:Version}),
libnginx-mod-http-auth-pam (= ${binary:Version}),
libnginx-mod-http-dav-ext (= ${binary:Version}),
libnginx-mod-http-echo (= ${binary:Version}),
libnginx-mod-http-geoip (= ${binary:Version}),
libnginx-mod-http-geoip2 (= ${binary:Version}),
libnginx-mod-http-image-filter (= ${binary:Version}),
libnginx-mod-http-subs-filter (= ${binary:Version}),
libnginx-mod-http-upstream-fair (= ${binary:Version}),
......@@ -136,7 +137,7 @@ Description: nginx web/proxy server (standard version)
GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
Referer, Rewrite, SCGI, Split Clients, UWSGI.
.
OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip,
OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP2, Gunzip,
Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP,
Slice, SSI, SSL, Stream, SSL Preread, Stub Status, Substitution, Thread Pool,
Upstream, User ID, XSLT.
......@@ -181,7 +182,7 @@ Depends: libnginx-mod-http-auth-ldap (= ${binary:Version}),
libnginx-mod-http-dav-ext (= ${binary:Version}),
libnginx-mod-http-echo (= ${binary:Version}),
libnginx-mod-http-fancyindex (= ${binary:Version}),
libnginx-mod-http-geoip (= ${binary:Version}),
libnginx-mod-http-geoip2 (= ${binary:Version}),
libnginx-mod-http-headers-more-filter (= ${binary:Version}),
libnginx-mod-http-image-filter (= ${binary:Version}),
libnginx-mod-http-lua (= ${binary:Version}),
......@@ -215,7 +216,7 @@ Description: nginx web/proxy server (extended version)
GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
Referer, Rewrite, SCGI, Split Clients, UWSGI.
.
OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, FLV, GeoIP,
OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, FLV, GeoIP2,
Gunzip, Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log,
MP4, Embedded Perl, Random Index, Real IP, Slice, Secure Link, SSI, SSL,
Stream, SSL Preread, Stub Status, Substitution, Thread Pool, Upstream,
......@@ -227,11 +228,11 @@ Description: nginx web/proxy server (extended version)
Headers More, Embedded Lua, HTTP Substitutions, Nchan, Upload Progress,
Upstream Fair Queue.
Package: libnginx-mod-http-geoip
Package: libnginx-mod-http-geoip2
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: GeoIP HTTP module for Nginx
The ngx_http_geoip module creates variables with values depending on the
Description: GeoIP2 HTTP module for Nginx
The ngx_http_geoip2 module creates variables with values depending on the
client IP address, using the precompiled MaxMind databases.
.
Those variables include country, region, city, latitude, longitude, postal
......
load_module modules/ngx_http_geoip_module.so;
load_module modules/ngx_http_geoip2_module.so;
......@@ -80,3 +80,7 @@ Version: master
Module: http-upstream-check
Homepage: https://github.com/xiaokai-wang/nginx_upstream_check_module
Version: 219131a
Module: http-geoip2
Homepage: https://github.com/leev/ngx_http_geoip2_module
Version: 3.2
Copyright (c) 2014, Lee Valentine <lee@leev.net>
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Description
===========
**ngx_http_geoip2_module** - creates variables with values from the maxmind geoip2 databases based on the client IP (default) or from a specific variable (supports both IPv4 and IPv6)
The module now supports nginx streams and can be used in the same way the http module can be used.
## Installing
First install [libmaxminddb](https://github.com/maxmind/libmaxminddb) as described in its [README.md
file](https://github.com/maxmind/libmaxminddb/blob/master/README.md#installing-from-a-tarball).
#### Download nginx source
```
wget http://nginx.org/download/nginx-VERSION.tar.gz
tar zxvf nginx-VERSION.tar.gz
cd nginx-VERSION
```
##### To build as a dynamic module (nginx 1.9.11+):
```
./configure --add-dynamic-module=/path/to/ngx_http_geoip2_module
make
make install
```
This will produce ```objs/ngx_http_geoip2_module.so```. It can be copied to your nginx module path manually if you wish.
Add the following line to your nginx.conf:
```
load_module modules/ngx_http_geoip2_module.so;
```
##### To build as a static module:
```
./configure --add-module=/path/to/ngx_http_geoip2_module
make
make install
```
## Download Maxmind GeoLite2 Database (optional)
The free GeoLite2 databases are available from [Maxminds website](http://dev.maxmind.com/geoip/geoip2/geolite2/)
[GeoLite2 City](http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz)
[GeoLite2 Country](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz)
## Example Usage:
```
http {
...
geoip2 /etc/maxmind-country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code default=US source=$variable_with_ip country iso_code;
$geoip2_data_country_name country names en;
}
geoip2 /etc/maxmind-city.mmdb {
$geoip2_data_city_name default=London city names en;
}
....
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
fastcgi_param CITY_NAME $geoip2_data_city_name;
....
}
stream {
...
geoip2 /etc/maxmind-country.mmdb {
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
}
...
}
```
##### Metadata:
Retrieve metadata regarding the geoip database.
```
$variable_name metadata <field>
```
Available fields:
- build_epoch: the build timestamp of the maxmind database.
- last_check: the last time the database was checked for changes (when using auto_reload)
- last_change: the last time the database was reloaded (when using auto_reload)
##### Autoreload (default: disabled):
Enabling auto reload will have nginx check the modification time of the database at the specified
interval and reload it if it has changed.
```
auto_reload <interval>
```
##### GeoIP:
```
$variable_name [default=<value] [source=$variable_with_ip] path ...
```
If default is not specified, the variable will be empty if not found.
If source is not specified, $remote_addr will be used to perform the lookup.
To find the path of the data you want (eg: country names en), use the [mmdblookup tool](https://maxmind.github.io/libmaxminddb/mmdblookup.html):
```
$ mmdblookup --file /usr/share/GeoIP/GeoIP2-Country.mmdb --ip 8.8.8.8
{
"country":
{
"geoname_id":
6252001 <uint32>
"iso_code":
"US" <utf8_string>
"names":
{
"de":
"USA" <utf8_string>
"en":
"United States" <utf8_string>
}
}
}
$ mmdblookup --file /usr/share/GeoIP/GeoIP2-Country.mmdb --ip 8.8.8.8 country names en
"United States" <utf8_string>
```
This translates to:
```
$country_name "default=United States" source=$remote_addr country names en
```
ngx_feature="MaxmindDB library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_incs="#include <maxminddb.h>"
ngx_feature_libs=-lmaxminddb
ngx_feature_test="MMDB_s mmdb"
. auto/feature
ngx_addon_name="ngx_geoip2_module"
if [ $ngx_found = yes ]; then
if test -n "$ngx_module_link"; then
if [ $HTTP != NO ]; then
ngx_module_type=HTTP
ngx_module_name="ngx_http_geoip2_module"
ngx_module_incs=
ngx_module_deps=
ngx_module_srcs="$ngx_addon_dir/ngx_http_geoip2_module.c"
ngx_module_libs="$ngx_feature_libs"
. auto/module
fi
nginx_version=`awk '/^#define nginx_version / {print $3}' src/core/nginx.h`
if [ $STREAM != NO -a $nginx_version -gt 1011001 ]; then
ngx_module_type=STREAM
ngx_module_name="ngx_stream_geoip2_module"
ngx_module_incs=
ngx_module_deps=
ngx_module_srcs="$ngx_addon_dir/ngx_stream_geoip2_module.c"
ngx_module_libs="$ngx_feature_libs"
. auto/module
fi
else
HTTP_MODULES="$HTTP_MODULES ngx_http_geoip2_module"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_geoip2_module.c"
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
fi
else
cat << END
$0: error: the geoip2 module requires the maxminddb library.
END
exit 1
fi
This diff is collapsed.
This diff is collapsed.
......@@ -13,7 +13,7 @@ DYN_MODS := \
http-dav-ext \
http-echo \
http-fancyindex \
http-geoip \
http-geoip2 \
http-headers-more-filter \
http-image-filter \
http-lua \
......@@ -90,7 +90,6 @@ light_configure_flags := \
core_configure_flags := \
$(common_configure_flags) \
--with-http_addition_module \
--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
......@@ -99,12 +98,12 @@ core_configure_flags := \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-mail=dynamic \
--with-mail_ssl_module
--with-mail_ssl_module \
--add-dynamic-module=$(MODULESDIR)/http-geoip2
full_configure_flags := \
$(common_configure_flags) \
--with-http_addition_module \
--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
......@@ -121,6 +120,7 @@ full_configure_flags := \
--add-dynamic-module=$(MODULESDIR)/http-auth-pam \
--add-dynamic-module=$(MODULESDIR)/http-dav-ext \
--add-dynamic-module=$(MODULESDIR)/http-echo \
--add-dynamic-module=$(MODULESDIR)/http-geoip2 \
--add-dynamic-module=$(MODULESDIR)/http-upstream-fair \
--add-dynamic-module=$(MODULESDIR)/http-subs-filter \
--add-dynamic-module=$(MODULESDIR)/http-vhost-traffic-status
......@@ -129,7 +129,6 @@ extras_configure_flags := \
$(common_configure_flags) \
--with-http_addition_module \
--with-http_flv_module \
--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
......@@ -154,6 +153,7 @@ extras_configure_flags := \
--add-dynamic-module=$(MODULESDIR)/http-ndk \
--add-dynamic-module=$(MODULESDIR)/http-echo \
--add-dynamic-module=$(MODULESDIR)/http-fancyindex \
--add-dynamic-module=$(MODULESDIR)/http-geoip2 \
--add-dynamic-module=$(MODULESDIR)/nchan \
--add-dynamic-module=$(MODULESDIR)/http-lua \
--add-dynamic-module=$(MODULESDIR)/rtmp \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment