Nginx启用Geoip2模块实现国家城市识别 —— 筑梦之路

• geoip2_module https://github.com/leev/ngx_http_geoip2_module/releases
• libmaxminddb(api库) https://github.com/maxmind/libmaxminddb/releases
• DB https://www.maxmind.com/en/account/login 登录后选择Download Databases可下载

推荐使用最新版，有些数据会变化

# 安装 api 库 1.6.0版本

tar -zxf libmaxminddb-1.6.0.tar.gz

cd libmaxminddb-1.6.0

./configure && sudo make && sudo make install

echo /usr/local/lib  >> /etc/ld.so.conf.d/local.conf

ldconfig

# 下载模块

wget  https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/3.4.tar.gz

# 编译nginx

./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --add-module=/data/geoip2/ngx_http_geoip2_module-3.4

make  

make install

# 配置示例

#http模块
#确认需要使用的IP，不推荐使用这种方式
#realip取值：若x-forward-for不为空，则取第一个ip；否则取remote_addr
map $http_x_forwarded_for $realip {
        ~^(\d+\.\d+\.\d+\.\d+) $1;
        default $remote_addr;
}
#http模块
#引入geoip2的配置文件，配置文件内容见下面部分
include /etc/nginx/conf.d/geoip2.conf;
#location模块
#把城市国家信息放入header
#geoip2相关变量定义在下面部分
proxy_set_header Country_Code $geoip2_country_code;
proxy_set_header City_Code $geoip2_city_name_en;


# 添加geoip2基础配置

解压 GeoLite2-City_20220111.tar.gz GeoLite2-Country_20220111.tar.gz2个文件，把2个.mmdb格式的文件放入任意目录（如/data/geo2_db/）


#配置geoip2配置文件 /etc/nginx/conf.d/geoip2.conf
geoip2 /data/geo2_db/GeoLite2-Country.mmdb {
         auto_reload 5m;
         $geoip2_metadata_country_build metadata build_epoch;
         #国家编码
         $geoip2_country_code source=$realip country iso_code;
         #国家英文名
         $geoip2_country_name_en source=$realip country names en;
         #国家中文名
         $geoip2_country_name_cn source=$realip country names zh-CN;
}
geoip2 /data/geo2_db/GeoLite2-City.mmdb {
      $geoip2_metadata_city_build metadata build_epoch;
      #城市英文名，大多是拼音，有重复情况
      $geoip2_city_name_en source=$realip city names en;
      #城市中文名，部分城市没有中文名
      $geoip2_city_name_cn source=$realip city names zh-CN;
      #城市id，maxmaind 库里的id，非国际标准
      $geoip2_data_city_code source=$realip city geoname_id;
}


#  测试

#添加测试location,把地理位置返回
location = /geo {
        default_type text/plain;
       # return 200 "haha";
        return 200 'countryCode:$geoip2_country_code\n countryNameEn: $geoip2_country_name_en\n countryNameCn: $geoip2_country_name_cn\n cityNameEn: $geoip2_city_name_en\n cityNameCn: $geoip2_city_name_cn\n cityCode: $geoip2_data_city_code\n'；
    }

#测试nginx配置是否正确
sudo /usr/local/nginx/sbin/nginx -t
#若无问题则会输出
#nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
#nginx: configuration file /etc/nginx/nginx.conf test is successful

#启动nginx
sudo /usr/local/nginx/sbin/nginx

# #无域名的可以使用host测试
curl -H "X-Forwarded-For: 124.72.237.255,42.248.50.9,202.5.56.71" your.domain.com/geo

#nginx 配置示例

#user nobody;
worker_processes  2;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

load_module modules/ngx_http_geoip2_module.so;


events {
worker_connections  4096;
}


http {
include       mime.types;
default_type  application/octet-stream;

log_format  main ' 1234mutouren "$http_x_forwarded_for" - $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$connection" "$request_time"'
' - "$geoip2_country_name_en" "$geoip2_city_name_en" '
' = "$geoip2_longitude" "$geoip2_latitude"' ;
#access_log logs/access.log main;
log_format json_logs escape=json
'{"@timestamp":"$time_iso8601",'
'"host":"$hostname",'
'"server_ip":"$server_addr",'
'"client_ip":"$remote_addr",'
'"remote_user":"$remote_user",'
'"xff":"$http_x_forwarded_for",'
'"domain":"$host",'
'"url":"$uri",'
'"referer":"$http_referer",'
'"upstreamtime":"$upstream_response_time",'
'"responsetime":"$request_time",'
'"request_method":"$request_method",'
'"status":"$status",'
'"size":"$body_bytes_sent",'
'"request_length":"$request_length",'
'"protocol":"$server_protocol",'
'"upstreamhost":"$upstream_addr",'
'"file_dir":"$request_filename",'
'"http_user_agent":"$http_user_agent",'
#获取国家英文名称
'"geoip2_country_name_en":"$geoip2_country_name_en",'
'"number":"$status",'
#获取城市英文名称
'"name":"$geoip2_city_name_en",'
#获取经纬度
'"logLat":"$geoip2_longitude,$geoip2_latitude"'
'}';

sendfile        on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout  300;
client_body_buffer_size 15M;
client_body_temp_path clientpath 3 2;
client_max_body_size 30M;
gzip  off;
gzip_static on;
gzip_min_length 10k;
gzip_buffers 4 16k;
gzip_comp_level 6;
gzip_types *;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
# 配置解析的IP地址，作为获取地理信息的IP地址：
map $http_x_forwarded_for $realip {
~^(\d+\.\d+\.\d+\.\d+) $1;
default $remote_addr;
}
# 配置国家和城市检索需要的数据文件：
#测试 mmdblookup --file /data/app/geo2db/GeoLite2-City.mmdb --ip 202.175.105.131
geoip2 /data/app/geo2db/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
#国家编码
$geoip2_country_code source=$realip country iso_code;
#国家英文名
$geoip2_country_name_en source=$realip country names en;
#国家中文名
$geoip2_country_name_cn source=$realip country names zh-CN;
}
geoip2 /data/app/geo2db/GeoLite2-City.mmdb {
$geoip2_metadata_city_build metadata build_epoch;
#城市英文名，大多是拼音，有重复情况
$geoip2_city_name_en source=$realip city names en;
#城市中文名，部分城市没有中文名
$geoip2_city_name_cn source=$realip city names zh-CN;
#城市id，maxmaind 库里的id，非国际标准
$geoip2_data_city_code source=$realip city geoname_id;
#经度，longitude
$geoip2_longitude source=$realip location longitude ;
#维度，latitude
$geoip2_latitude source=$realip location latitude ;
}

# HTTPS server
#
server {
listen 443 ssl;
server_name XXX.XXX.com;
#       server_name XXX.XXX.com;

ssl_certificate cert/data.com.pem;
ssl_certificate_key cert/data.com.key;

ssl_session_timeout 5m;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256::!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

access_log /data/log/nginx/access.log json_logs;
location / {
try_files $uri $uri/ /index.html;
root /data/app/pos ;#静态资源目录
index index.html index.htm;
}
location /api/pos/ {
proxy_pass http://10.50.XXX.XXX:9999/;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /WeChat {
alias /data/app/WeChat ;#静态资源目录
index cfca.html;
}
}
server {
listen 80;
location /nginx_status {
stub_status on;
access_log off;
}
access_log logs/access.log json_logs;

# 测试URI

location = /geo {
    default_type text/plain;
    return 200 'countryCode:$geoip2_country_code\n countryNameEn: $geoip2_country_name_en\n             countryNameCn: $geoip2_country_name_cn\n cityNameEn: $geoip2_city_name_en\n cityNameCn: $geoip2_city_name_cn\n cityCode: $geoip2_data_city_code\n';
}
}
}

# 测试

#curl -H "X-Forwarded-For: 124.72.XXX.255,42.248.50.9,202.5.XX.71" 10.XX.133.159/geo

countryCode:CN
countryNameEn: China
countryNameCn: 中国
cityNameEn: xxzhou
cityNameCn: XX市
cityCode: 18x0821

 参考资料：

Nginx启用Geoip2，实现国家、城市识别 - 简书

Nginx的geo2模块实现获取地理信息

搭建日志聚合grafana&loki 收集Nginx日志_Zz_糖小七的博客-CSDN博客_grafana nginx日志

Grafana展示精美的nginx访问日志图表_code小博客的技术博客_51CTO博客 

Nginx配置GeoIP库或者直接通过修改Logstash将日志写入ES - 走看看 

grafana展示ES中的nginx日志-地图展示_大葱的技术博客_51CTO博客 

https://www.jb51.net/article/241689.htm 

Nginx GEOIP Statistic dashboard for Grafana | Grafana Labs

grafana+elk 监控nginx | 碎玉轩·华裳绕指柔