欢迎来到尧图网

客户服务 关于我们

您的位置:首页 > 健康 > 养生 > nginx 基于 geoip 模块限制地区访问

nginx 基于 geoip 模块限制地区访问

2025/2/3 13:48:32 来源:https://blog.csdn.net/2301_77081516/article/details/144807631  浏览:    关键词:nginx 基于 geoip 模块限制地区访问

1、安装 geoip 库

[root@VM-0-15-centos ~]# yum -y install geoip geoip-devel

 2、下载并安装 MaxMind 的免费 GeoIP 数据库。这里我选择下载 GeoLite2 数据库,适用于大多数应用。

访问 maxmind 官网(https://www.maxmind.com/),注册一个账号

有两种下载方法

  • 方法一:使用wget命令下载(<your_license_key>换成自己注册账号的许可密码)
wget https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=<your_license_key>&suffix=tar.gz
  •  方法二:在官网直接下载,再上传到服务器(这里我用的方法二)

 

下载好之后上传到服务器的 /opt 目录

[root@VM-0-15-centos opt]# ls
GeoLite2-Country_20241129.tar.gz  rh

3、解压数据库文件

[root@VM-0-15-centos opt]# tar xf GeoLite2-Country_20241129.tar.gz -C /usr/share/GeoIP/

 4、安装nginx,下载依赖包

[root@VM-0-15-centos opt]# yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel pcre pcre-devel

5、创建 nginx 运行用户

[root@VM-0-15-centos opt]# useradd nginx -s /sbin/nologin -M

6、上传nginx源码文件到 /opt 目录,并解压编译

[root@VM-0-15-centos nginx-1.26.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-pcre --with-http_v2_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module  --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-threads --with-stream --with-stream_ssl_module --with-http_geoip_module
[root@VM-0-15-centos nginx-1.26.2]# make && make install

7、创建软连接

[root@VM-0-15-centos nginx-1.26.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/nginx

8、检查 nginx 已经启用 geoip 模块

[root@VM-0-15-centos nginx-1.26.2]# nginx -V 2>&1 | grep geoip

 9、确保数据库文件存在,确保你下载的数据库文件 GeoLite2-Country.mmdb 正确放置在 /usr/share/GeoIP 目录下,并且该目录对 Nginx 有读取权限。

[root@VM-0-15-centos ~]# find / -name GeoLite2-Country.mmdb
/usr/share/GeoIP/GeoLite2-Country_20241129/GeoLite2-Country.mmdb

10、启动 nginx 并且访问

[root@VM-0-15-centos ~]# /usr/local/nginx/sbin/nginx 
[root@VM-0-15-centos ~]# ps -aux | grep nginx
root     18577  0.0  0.0  48636  1212 ?        Ss   18:10   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx    18578  0.0  0.1  51112  2048 ?        S    18:10   0:00 nginx: worker process
root     18634  0.0  0.0 112812   972 pts/0    S+   18:10   0:00 grep --color=auto nginx

可以看到,目前没有做地区限制,nginx是可以访问状态

接下来我们限制 中国、香港、澳门三个地区的访问

11、编辑 nginx 配置文件,分别在 http 模块和 server 模块里面添加以下内容

[root@VM-0-15-centos ~]# vim /usr/local/nginx/conf/nginx.conf
http {geoip_country /usr/share/GeoIP/GeoLite2-Country_20241129/GeoLite2-Country.mmdb;map $geoip_country_code $block_country {default 0;CN 1;HK 1;MO 1;}
}server {listen       80;server_name  localhost;location / {if ($block_country) {return 403;}root   html;index  index.html index.htm;}
}

12、检查配置文件

[root@VM-0-15-centos ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

13、重启 nginx

[root@VM-0-15-centos ~]# killall nginx
[root@VM-0-15-centos ~]# /usr/local/nginx/sbin/nginx

14、访问测试

 

可以看到,已经无法访问了

15、添加 nginx 到系统服务

[root@VM-0-15-centos ~]# vim /etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target[Service]
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true[Install]
WantedBy=multi-user.target

重新加载 systemd 管理器 ,并启动设置开机自启

[root@VM-0-15-centos ~]# systemctl daemon-reload
[root@VM-0-15-centos ~]# systemctl enable --now nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /etc/systemd/system/nginx.service.
[root@VM-0-15-centos ~]# systemctl status nginx
● nginx.service - The NGINX HTTP and reverse proxy serverLoaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: active (running) since Sun 2024-12-29 18:29:09 CST; 4s agoMain PID: 22495 (nginx)CGroup: /system.slice/nginx.service‣ 22495 nginx: master process /usr/local/nginx/sbin/nginxDec 29 18:29:09 VM-0-15-centos systemd[1]: Started The NGINX HTTP and reverse proxy server.
Dec 29 18:29:09 VM-0-15-centos nginx[25153]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 29 18:29:10 VM-0-15-centos nginx[25153]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 29 18:29:10 VM-0-15-centos nginx[25153]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 29 18:29:11 VM-0-15-centos nginx[25153]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 29 18:29:11 VM-0-15-centos nginx[25153]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 29 18:29:12 VM-0-15-centos nginx[25153]: nginx: [emerg] still could not bind()

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com

相关资讯

热文排行

最新新闻

推荐新闻

热搜词

OpenAI 实战进阶教程 - 第一节:OpenAI API 架构与基础调用 JVM方法区 Java CAS操作 初始化mysql报错cannot open shared object file: No such file or directory react-bn-面试 树状数组讲解