Add GeoIP module about nginx-proxy-manager HOT 57 OPEN

Any updates on this? I think making it an optional config through env variables or something similar wouldn't sacrifice simplicity for basic use cases.

from nginx-proxy-manager.

Sounds doable. Makes sense to include with improvements in #38 as well.

from nginx-proxy-manager.

The PR above adds support for this geoip2 module: https://github.com/leev/ngx_http_geoip2_module.

The nginx_http_geoip2 module has been added to the base nginx configuration and can now be configured in Nginx Proxy Manager with the latest images. I'm not keen on providing a ton of support for this, but here's how I have my config set up.

I've got the GeoLite2-City database from MaxMind mounted in the container at /data/geoip2db/GeoLite2-City.mmdb.

I've got a conf file mounted in the container at /etc/nginx/modules/enable_ngx_http_geoip2_module.conf to enable the module.

load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;

I've got a conf file mounted in the container at /data/nginx/custom/http_top.conf to configure the module, tell it where the GeoLite2 db is located, and configure a log format.

geoip2 /data/geoip2db/GeoLite2-City.mmdb {
auto_reload 5m;
$geoip2_data_country_iso_code country iso_code;
$geoip2_data_city_name city names en;
}

log_format geoip '$remote_addr - $remote_user [$time_local]'
           '"$request" $status $body_bytes_sent'
           '"$http_referer" $host "$http_user_agent"'
           '"$request_time" "$upstream_connect_time"'
           '"$geoip2_data_city_name" "$geoip2_data_country_iso_code"';

Finally, I've got a conf file mounted in the container at /data/nginx/custom/server_proxy.conf to instruct NPM to add a logging configuration to each proxy host.

access_log /data/logs/geoip.log geoip;

Feel free to tweak as it meets your needs, but this should get you up and running. This issue & #3334 should be able to be closed now.

Big thanks to @jc21 for getting the module merged so quickly.

from nginx-proxy-manager.

This would be awesome because in order to use this

Currently nginx fails with this error when I add the custom log format:

2020/07/09 16:36:21 [emerg] 3022#3022: unknown "geoip2_data_city_name" variable

I need the geoIP information to send to InfluxDB custom format:

log_format custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" $host "$http_user_agent" "$request_time" "$upstream_connect_time" "$geoip2_data_city_name" "$geoip2_data_country_code"';

from nginx-proxy-manager.

@jc21 any update? I would be happy to help develop on this if y'all need an extra hand in order to get it included.

from nginx-proxy-manager.

Can someone make complete instruction how to add geoip2 module in NPM docker?

from nginx-proxy-manager.

from nginx-proxy-manager.

I think it should be better to make this possible over mounting the nginx dir to host system. So everyone can edit this as wanted (use other modules or databases)

And I think the geo2 module should be addet by nginx docker Mainter. Many modules are installed by defoult: https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine/Dockerfile

from nginx-proxy-manager.

Looking forward to this!

from nginx-proxy-manager.

@mouseron
Take a look at https://github.com/sherpya/geolite2legacy
and
https://www.miyuru.lk/geoiplegacy

from nginx-proxy-manager.

Should anyone want to look at adding the module:

• https://github.com/NginxProxyManager/docker-nginx-full/blob/master/docker/Dockerfile
• https://github.com/NginxProxyManager/docker-nginx-full/blob/master/scripts/build-openresty

from nginx-proxy-manager.

I've created a script that uses location data from db-ip.com to create country based access lists in nginx proxy manager.
They publish updated addresses monthly and you can just set up a cron schedule to run the script and update the access list that way.
More details here

from nginx-proxy-manager.

@webysther . Cool.
For me, I have use cases where I need the filter on a per rule basis so I can't block everything at the router level. But if you want to block all traffic from certain locations to your home that's a great solution 👍

from nginx-proxy-manager.

Yeah, same. Considering switching back to baremetal nginx only because of this. :(

❯ Starting nginx ...
nginx: [emerg] unknown directive "geoip_country" in /data/nginx/custom/http_top.conf:1

Is there an easy way to migrate from NPM docker to baremetal nginx? (fedora/ubuntu)

from nginx-proxy-manager.

the geoip module is active by default so no worry. its just a bit of path mapping and edit config files :P

the main problem of geoip module is using legacy geoip databases that are deprecated.
from https://dev.maxmind.com/geoip/legacy/downloadable/
to https://dev.maxmind.com/geoip/geoip2/geolite2/ wich is using
maxmind databases

but the geoip module from nginx is using teh legacy databases. so i dont know if its an issue from nginx itselfs or from npm. it sounds nice to block countries etc but i thing nginx need to fix it first before this feature can addet by devs to the container or am i wrong ?
i wrote more to -> #78

from nginx-proxy-manager.

Yep I've found the legacy databases are not longer supplied anymore so everyone has to convert to geo2.

Seems it's trivial to add the new module: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/geoip2/

Also the geolite databases need to be baked in to the docker image.

from nginx-proxy-manager.

You can already do that if you want to. In any docker image there is no restriction in what you're mounting and where. Even though I bake in config or files you're always able to override them.

from nginx-proxy-manager.

I would really love this feature. :)

from nginx-proxy-manager.

Still missing and everything I'm waiting for! 👍

from nginx-proxy-manager.

That sounds great to me

from nginx-proxy-manager.

Likewise this will help massively in reducing attempted logons and bruteforcing on my network. Watching closely.

from nginx-proxy-manager.

Hi guys,
this would be great! I was trying to get the geoip module or to at least implement a kind of monitoring possibility for the ngxin proxy manager with telegraf and grafana. But my limited docker knowledge is just not enough.
I would appreciate if this feature would be available out of the box :)
Stay healthy!

from nginx-proxy-manager.

This would be great!

from nginx-proxy-manager.

+1

from nginx-proxy-manager.

Is there any way, to do this without it implemented? If I can set it up manually I may be able to make an PR out of it.

from nginx-proxy-manager.

Checking in to see if how this is going. @jc21 is there any update please. It would be great to have this implemented please and thank you!

from nginx-proxy-manager.

See #1202

from nginx-proxy-manager.

See #1202

Thanks and it's great to see there will be a V3! I wasn't aware.

It's not clear not me whether GeoIP2 will be part of this new version though... The closest statement I could find was "UI Configurable IP ranges for real_ip determination"

Will GeoIP2 be incorporated?

Thanks again!

from nginx-proxy-manager.

the geoip module is active by default so no worry. its just a bit of path mapping and edit config files :P

the main problem of geoip module is using legacy geoip databases that are deprecated.
from https://dev.maxmind.com/geoip/legacy/downloadable/
to https://dev.maxmind.com/geoip/geoip2/geolite2/ wich is using
maxmind databases

but the geoip module from nginx is using teh legacy databases. so i dont know if its an issue from nginx itselfs or from npm. it sounds nice to block countries etc but i thing nginx need to fix it first before this feature can addet by devs to the container or am i wrong ?
i wrote more to -> #78

Hey @wuast94 i was wondering how the geoip module is active by default when the openresty doesnt get compiled with the flag to enable the geoip module? It would be nice if you could explain in detail how you managed it. The anweres you've made arent detailed.

from nginx-proxy-manager.

Here some useful material to compile geoip2 in openresty
https://www.electrosoftcloud.com/en/compile-geoip2-in-openresty-and-how-to-use-it/

from nginx-proxy-manager.

Did this get progressed any? Or is it waiting for someone to pick it up?

from nginx-proxy-manager.

No, I don't think there is any progress, and I don't think there will come an official integration in v2 of npm, unless someone wants to get working on it and creates a PR.

from nginx-proxy-manager.

I've actually made my own custom version of it with geoIP in order to use it with loki and grafana.
https://github.com/Pacerino/docker-nginx-full
https://github.com/Pacerino/nginx-proxy-manager

The only think is that i've ported the CI to Drone. There is an error appearing if creating the container about missing deps. I've temporary fixed it by installing libgeoip1_1.6 manually with DPKG

wget http://ftp.de.debian.org/debian/pool/main/g/geoip/libgeoip1_1.6.12-7_amd64.deb
dpkg -i libgeoip1_1.6.12-7_amd64.deb

After a reboot of the container everything works.

This is a quick and dirty implementation of it and not the latest release the main repo. The Frontend is missing the Logo but everything works. I should merge into the latest release and trying to get rid of the missing dep and the logo.

from nginx-proxy-manager.

Does anyone care about a geoip2 implementation? It would be a real pity if you have to give up the security of geoip2 for the really great and convenient variant of NPM.

from nginx-proxy-manager.

from nginx-proxy-manager.

from nginx-proxy-manager.

Hi, this would be great for me too !

from nginx-proxy-manager.

Hi, would like to have this as well!

from nginx-proxy-manager.

I am new to NPM, seeing if it can replace my custom config.
I am glad to see this will be in v3.

I note despite someone saying the geoip modules are loaded in the base docker used for npm an nginx -V reveals this is not the case :-(

For now with v2 is there anyway to get the geoip modules working?
(i use them for my csustom log format)

I copied over ngx_http_geoip_module.so and tried loading it using /data/nginx/custom/root.conf
however i get the error
nginx: [emerg] "load_module" directive is specified too late in /data/nginx/custom/root.conf:2

I assume this is because this is placed at the of the root conf rather than in the main block?
Is there any other workaround?

(in v3 can we have standard support for modules using the normal /modules-enabled/50*.conf files method?)

ok i see how to get modules loaded in npm, i mapped a volume to /etc/nginx/modules

i am now caught in dependency loop of finding just the right modules, i guess because i need the resty version of ngx_http_geoip_module.so (version 1019009) i am unclear where i can get that from?

from nginx-proxy-manager.

I've actually made my own custom version of it with geoIP in order to use it with loki and grafana. https://github.com/Pacerino/docker-nginx-full https://github.com/Pacerino/nginx-proxy-manager

The only think is that i've ported the CI to Drone. There is an error appearing if creating the container about missing deps. I've temporary fixed it by installing libgeoip1_1.6 manually with DPKG

wget http://ftp.de.debian.org/debian/pool/main/g/geoip/libgeoip1_1.6.12-7_amd64.deb
dpkg -i libgeoip1_1.6.12-7_amd64.deb

After a reboot of the container everything works.

This is a quick and dirty implementation of it and not the latest release the main repo. The Frontend is missing the Logo but everything works. I should merge into the latest release and trying to get rid of the missing dep and the logo.

Hey, just tried to look at your custom repo's, but they're not public anymore, or deleted.
Do you still have these? I'd love to use these as I'd like to setup:
https://grafana.com/grafana/dashboards/12559

Thanks!

from nginx-proxy-manager.

from nginx-proxy-manager.

I'm also interested in this.

from nginx-proxy-manager.

This geoip missing is what is stopping me to use this against the actual nginx.
My nginx confs work great what I miss is the actual ease of use of this software. But without geoip to protect my stuff and let only a country to access my websites and whitelist only some ip from the countrys i do not want to acess my stuff there is no way this is viable. Thanks for your consideration

from nginx-proxy-manager.

It's possible to install the module apt install libnginx-mod-http-geoip then create a custom file config nano /data/nginx/custom/http_top.conf Here you can add all your geo config then use created variable

from nginx-proxy-manager.

Maybe using this as reference: https://github.com/jlesage/docker-nginx-proxy-manager

from nginx-proxy-manager.

I decide to use like you @lavinir but in router direct with firewall and ip set, I just make download of geoip2 and use pandas to convert in CIDR ip list based on my needs. This solution have the advantage to remove the load from NPM, but will be great to have this. For someone that want to implement:

import pandas as pd

loc = pd.read_csv('data/GeoLite2-Country-Locations-en.csv')
ip4 = pd.read_csv('data/GeoLite2-Country-Blocks-IPv4.csv')

ip4loc = pd.merge(loc, ip4, on='geoname_id')

# countries you want to allow/block
country_list = ["BR","IT","NL","PT","CA"]

ip4loc = ip4loc[ip4loc['country_iso_code'].isin(country_list)]

path = 'data/allowed.zone.txt'
ip4loc.to_csv(path, columns = ["network"], header = False, index = False)

In my case I put this on a docker I make the update on Openwrt

from nginx-proxy-manager.

Yes my solution dont work per rule or domain.

from nginx-proxy-manager.

Hello,
Any news regarding implementation of geo module ?

Thanks for info

from nginx-proxy-manager.

Hi,

Unfortunately no, I haven't had the time to get back to this project yet..

from nginx-proxy-manager.

If you install it directly on your server just install the dep : apt install libnginx-mod-http-geoip
If you use docker, create a dockerfile and RUN apt install libnginx-mod-http-geoip

from nginx-proxy-manager.

I don't think is a good ideia, the new version is coming and in some time in future, maybe add to the new version or make this new version flexible to support this kind of feature like mod of lsio

from nginx-proxy-manager.

I don't think is a good ideia, the new version is coming and in some time in future, maybe add to the new version or make this new version flexible to support this kind of feature like mod of lsio

What is this mod site ?

from nginx-proxy-manager.

I don't think is a good ideia, the new version is coming and in some time in future, maybe add to the new version or make this new version flexible to support this kind of feature like mod of lsio

What is this mod site ?

https://mods.linuxserver.io/?mod=create

from nginx-proxy-manager.

I'm waiting too

from nginx-proxy-manager.

I'm waiting too

from nginx-proxy-manager.

+1 for the implementation of geoblock in nginx-proxy-manager

from nginx-proxy-manager.

The PR above adds support for this geoip2 module: https://github.com/leev/ngx_http_geoip2_module.

The nginx_http_geoip2 module has been added to the base nginx configuration and can now be configured in Nginx Proxy Manager with the latest images. I'm not keen on providing a ton of support for this, but here's how I have my config set up.

I've got the GeoLite2-City database from MaxMind mounted in the container at /data/geoip2db/GeoLite2-City.mmdb.

I've got a conf file mounted in the container at /etc/nginx/modules/enable_ngx_http_geoip2_module.conf to enable the module.

load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;

I've got a conf file mounted in the container at /data/nginx/custom/http_top.conf to configure the module, tell it where the GeoLite2 db is located, and configure a log format.

geoip2 /data/geoip2db/GeoLite2-City.mmdb {
auto_reload 5m;
$geoip2_data_country_iso_code country iso_code;
$geoip2_data_city_name city names en;
}

log_format geoip '$remote_addr - $remote_user [$time_local]'
           '"$request" $status $body_bytes_sent'
           '"$http_referer" $host "$http_user_agent"'
           '"$request_time" "$upstream_connect_time"'
           '"$geoip2_data_city_name" "$geoip2_data_country_iso_code"';

Finally, I've got a conf file mounted in the container at /data/nginx/custom/server_proxy.conf to instruct NPM to add a logging configuration to each proxy host.

access_log /data/logs/geoip.log geoip;

Feel free to tweak as it meets your needs, but this should get you up and running. This issue & #3334 should be able to be closed now.

Big thanks to @jc21 for getting the module merged so quickly.

Hello,
would be possible to add more detail step by step tutorial and put it to documentation maybe ?
I was not able to get it working in latest version of NPM :(

Thank in advance!

from nginx-proxy-manager.