Nginx+GeoIP2处理不同地区请求

发表于: 2022-04-06

公司的官网分为CN和EN两个站点，Web服务中间件为Nginx，通过GeoIP2实现根据请求来源IP自动转发到不同的站点，以下为配置记录

# 下载libmaxminddb依赖，用于打开GeoIP地址数据库文件
wget https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz

# 下载Nginx
wget https://nginx.org/download/nginx-1.21.6.tar.gz

# 下载geoip2模块
wget https://github.com/leev/ngx_http_geoip2_module/archive/3.3.tar.gz

# 安装编译工具
yum install gcc gcc-c++ automake pcre pcre-devel zlip zlib-devel openssl openssl-devel  -y

# 解压并进入libmaxminddb目录
make
make install
echo /usr/local/lib  >> /etc/ld.so.conf.d/local.conf
ldconfig

# 解压Nginx和geoip2模块，进入nginx目录编译
./configure  --prefix=/usr/local/nginx  --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/var/log/nginx/error.log  --http-log-path=/var/log/nginx/access.log  --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock  --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre --add-dynamic-module=/root/ngx_http_geoip2_module-3.3 --with-stream --with-compat

#注意修改--add-dynamic-module指向到geoip2模块目录
make
make install

# 编译完成后将obj中的模块转移出来防止误删除
mkdir /usr/local/nginx/dynamic-modules
cp objs/*.so /usr/local/nginx/dynamic-modules/

# 下载最新的geoip数据库（需要注册账号，不要下载csv格式）
https://www.maxmind.com/en/accounts/711281/geoip/downloads

# 解压数据库文件到本地
/usr/local/nginx/GeoLite2-Country_20220419/GeoLite2-Country.mmdb

# 创建Nginx用户及client目录
useradd -r -s /sbin/nologin nginx
mkdir /var/tmp/nginx/client/


user  nginx nginx;
worker_processes  8;

#include modules.conf;
# 引用geoip2模块
load_module /usr/local/nginx/dynamic-modules/ngx_http_geoip2_module.so;
load_module /usr/local/nginx/dynamic-modules/ngx_stream_geoip2_module.so;


error_log  /var/log/nginx/error.log  crit;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    use epoll;
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    client_max_body_size 100M;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    proxy_read_timeout 300;
    send_timeout 300;

    # 引入geoip数据库，将来源地址转换为iso国际编码
    geoip2 /usr/local/nginx/GeoLite2-Country_20220419/GeoLite2-Country.mmdb {
    $geoip2_country_code default=- source=$remote_addr country iso_code;
    }

    server {
        listen          80;
        server_name    sla.transwarp.io;
        location / {
                # 判断来源IP国际编码是否为CN
                if ($geoip2_country_code !~ CN) {
                return 403;
                #proxy_pass  http://172.16.1.41;
                break;
                }
                proxy_pass  http://172.16.158.52;
        }
    }
}