-
-
Save m00zi/55e68aab48bba885bc40e599fe83b2bd to your computer and use it in GitHub Desktop.
Example NGINX configuration to route based on country code using GeoIP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# load dynamic modules | |
load_module /etc/nginx/modules/ngx_http_geoip_module.so; | |
user nginx; | |
worker_processes auto; | |
error_log /var/log/nginx/error.log info; | |
pid /var/run/nginx.pid; | |
events { worker_connections 1024; } | |
http { | |
default_type text/html; | |
log_format main 'remote_addr: $remote_addr, remote_user: $remote_user [time_local: $time_local] request: "$request" ' | |
'status: $status, body_bytes_sent: $body_bytes_sent, http_referer: "$http_referer" ' | |
'http_user_agent: "$http_user_agent:", http_x_forwarded_for: "$http_x_forwarded_for" ' | |
'geoip_area_code: $geoip_area_code, geoip_city: $geoip_city, geoip_city_continent_code: $geoip_city_continent_code, geoip_city_country_code: $geoip_city_country_code, geoip_city_country_code3: $geoip_city_country_code3, geoip_city_country_name: $geoip_city_country_name, geoip_country_code: $geoip_country_code, geoip_country_code3: $geoip_country_code3, geoip_country_name: $geoip_country_name, geoip_dma_code: $geoip_dma_code, geoip_latitude: $geoip_latitude, geoip_longitude: $geoip_longitude, geoip_org: $geoip_org, geoip_postal_code: $geoip_postal_code, geoip_region: $geoip_region, geoip_region_name: $geoip_region_name'; | |
access_log /var/log/nginx/access.log main; | |
# load Maxmind GeoIP library | |
geoip_country /etc/nginx/GeoIP/GeoIP.dat; | |
geoip_city /etc/nginx/GeoIP/GeoLiteCity.dat; | |
geoip_proxy 127.0.0.1; | |
# map country code to specific NGINX upstream | |
map $geoip_country_code $upstream { | |
LR web_lr; | |
US web_us; | |
RU web_russia; | |
default $subnet; | |
} | |
# map private subnets to $subnet variable (used in upstream map above) | |
geo $subnet { | |
127.0.0.0/24 web_us; | |
10.0.0.0/24 web_us; | |
192.168.1.0/24 web_us; | |
default web_default; | |
} | |
upstream web_lr { | |
zone web-lr 64k; | |
server 127.0.0.1:3001; | |
} | |
upstream web_russia { | |
zone web-russia 64k; | |
server 127.0.0.1:4001; | |
} | |
upstream web_us { | |
zone web-us 64k; | |
server 127.0.0.1:5001; | |
} | |
upstream web_default { | |
zone web-default 64k; | |
server 127.0.0.1:6001; | |
} | |
server { | |
status_zone web-lr-backend; | |
listen 3001; | |
location / { | |
return 200 "GeoIP has matched this request to a LR country code. | |
http_x_realip:\t $http_x_real_ip\n | |
http_x_forwarded_for:\t $http_x_forwarded_for\n | |
geoip_country_code:\t $geoip_country_code\n"; | |
} | |
} | |
server { | |
status_zone web-russia-backend; | |
listen 4001; | |
location / { | |
return 200 "GeoIP has matched this request to a RU country code. | |
http_x_realip:\t $http_x_real_ip\n | |
http_x_forwarded_for:\t $http_x_forwarded_for\n | |
geoip_country_code:\t $geoip_country_code\n"; | |
} | |
} | |
server { | |
status_zone web-us-backend; | |
listen 5001; | |
location / { | |
return 200 "GeoIP has matched this request to a US country code.\n | |
http_x_realip:\t $http_x_real_ip\n | |
http_x_forwarded_for:\t $http_x_forwarded_for\n | |
geoip_country_code:\t $geoip_country_code\n"; | |
} | |
} | |
server { | |
status_zone web-default-backend; | |
listen 6001; | |
location / { | |
return 200 "NGINX has routed this request to the default site.\n | |
http_x_realip:\t $http_x_real_ip\n | |
http_x_forwarded_for:\t $http_x_forwarded_for\n | |
geoip_country_code:\t $geoip_country_code\n"; | |
} | |
} | |
server { | |
status_zone nginx-frontend; | |
listen 80; | |
location / { | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-GeoIP-Country-Code $geoip_country_code; | |
real_ip_header X-Forwarded-For; | |
proxy_pass http://$upstream; | |
} | |
} | |
server { | |
listen 8080; | |
status_zone status-page; | |
root /usr/share/nginx/html; | |
location = /status.html { } | |
location = /status-old.html { } | |
location = / { | |
return 301 /status.html; | |
} | |
location /status { | |
status; | |
status_format json; | |
access_log off; | |
} | |
location /upstream_conf { | |
upstream_conf; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment