0

I am trying to set up Nginx v. 1.24.0 and GeoIPupdate to work so that users not from a specific country do not get access to the web server.

However, as I'm following every guide I see that it is outdated, either the links do not work, because MaxMind deleted them, or they assume I have the module needed to be installed.

Even the official Nginx wiki has been of no help (https://nginx.org/en/docs/http/ngx_http_geoip_module.html)

I am at my wit's end and don't know what to do. All I want to do is know how to allow GeoIPupdate to work with Nginx, as I've got GeoIPupdate running.

I tried this guide: https://github.com/leev/ngx_http_geoip2_module But now I am getting this:

Apr 24 15:25:51 localhost nginx[175588]: nginx: [emerg] unknown directive "if($allowed_country" in /etc/nginx/sites-enabled/default:80
Apr 24 15:25:51 localhost nginx[175588]: nginx: configuration file /etc/nginx/nginx.conf test failed

The config in question (in the server part):

        if($allowed_country = no) {
                return 403;
        }

Upon checking Nginx modules I do see that 50-mod-http-geoip.conf does exist and should have loaded, but writing nginx -V does not input the module.

The most interesting part is, that the nginx.conf does work with allowed countries, as I do not get any errors from it.

Tomulis
  • 1
  • 1
  • read the error logs. – Gerald Schneider Apr 24 '23 at 13:49
  • Thank you, it did help. I have done that and now I can run Nginx, but without blocking countries, as for now everything is stored in my /etc/nginx/sites-available.default file. However, in that file I cannot run if($allowed_country = no) { return 403: } without saying it's a bad directive, even if I have the 50-mod-http-geoip.conf module installed. – Tomulis Apr 24 '23 at 15:47
  • Edit your configuration and actual error messages into your question and maybe somebody can help you. Currently it's blind guessing. – Gerald Schneider Apr 24 '23 at 16:01
  • Thank you, Gerald. – Tomulis Apr 24 '23 at 16:29
  • as i read debian inhere it could be that you did not installed the full available packages. did you checked that the geoip is available? – djdomi Apr 24 '23 at 16:53
  • Indeed, geoipupdate is installed and set up. – Tomulis Apr 24 '23 at 17:17

1 Answers1

0

I fixed it myself in the most hilarious and sad ways possible.

Keep in mind, I have been researching this weird bug for a few days now, and I found it it was because I added a tab so my OCD could be happy in the configuration files.

I copy and pasted this and it worked. https://gist.github.com/dunderrrrrr/8d3fced1f73de2d70ede38f39c88d215

Tomulis
  • 1
  • 1