I am using a public repo for nginx configured for geolocation with geoip, but I am getting dashes in the fields $geoip2_data_country_code $geoip2_data_country_name'
. I have the following Dockerfile
:
FROM alpine:3.11
COPY GeoLite2-Country.mmdb /usr/share/geoip/
# Install libmaxminddb and ngx_http_geoip2_module
ENV MAXMIND_VERSION=1.2.1
RUN set -x
&& apk add --no-cache --virtual .build-deps
alpine-sdk
perl
&& git clone https://github.com/leev/ngx_http_geoip2_module /ngx_http_geoip2_module
&& wget https://github.com/maxmind/libmaxminddb/releases/download/${MAXMIND_VERSION}/libmaxminddb-${MAXMIND_VERSION}.tar.gz
&& tar xf libmaxminddb-${MAXMIND_VERSION}.tar.gz
&& cd libmaxminddb-${MAXMIND_VERSION}
&& ./configure
&& make
&& make check
&& make install
&& apk del .build-deps
# TODO fix issue with non zero return code
RUN ldconfig || :
# Install nginx
ENV NGINX_VERSION 1.15.11
RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8
&& CONFIG="
--prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib/nginx/modules
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_stub_status_module
--with-http_auth_request_module
--with-http_xslt_module=dynamic
--with-http_image_filter_module=dynamic
--with-http_geoip_module=dynamic
--with-threads
--with-stream
--with-stream_ssl_module
--with-stream_ssl_preread_module
--with-stream_realip_module
--with-stream_geoip_module=dynamic
--with-http_slice_module
--with-mail
--with-mail_ssl_module
--with-compat
--with-file-aio
--with-http_v2_module
--add-dynamic-module=/ngx_http_geoip2_module
"
&& addgroup -S nginx
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx
&& apk add --no-cache --virtual .build-deps
gcc
libc-dev
make
openssl-dev
pcre-dev
zlib-dev
linux-headers
curl
gnupg1
libxslt-dev
gd-dev
geoip-dev
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz
&& curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc
&& export GNUPGHOME="$(mktemp -d)"
&& found='';
for server in
ha.pool.sks-keyservers.net
hkp://keyserver.ubuntu.com:80
hkp://p80.pool.sks-keyservers.net:80
pgp.mit.edu
; do
echo "Fetching GPG key $GPG_KEYS from $server";
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break;
done;
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1;
gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz
&& rm -rf "$GNUPGHOME" nginx.tar.gz.asc
&& mkdir -p /usr/src
&& tar -zxC /usr/src -f nginx.tar.gz
&& rm nginx.tar.gz
&& cd /usr/src/nginx-$NGINX_VERSION
&& ./configure $CONFIG --with-debug
&& make -j$(getconf _NPROCESSORS_ONLN)
&& mv objs/nginx objs/nginx-debug
&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so
&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so
&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so
&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so
&& ./configure $CONFIG
&& make -j$(getconf _NPROCESSORS_ONLN)
&& make install
&& rm -rf /etc/nginx/html/
&& mkdir /etc/nginx/conf.d/
&& mkdir -p /usr/share/nginx/html/
&& install -m644 html/index.html /usr/share/nginx/html/
&& install -m644 html/50x.html /usr/share/nginx/html/
&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug
&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so
&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so
&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so
&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so
&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules
&& strip /usr/sbin/nginx*
&& strip /usr/lib/nginx/modules/*.so
&& rm -rf /usr/src/nginx-$NGINX_VERSION
# Bring in gettext so we can get `envsubst`, then throw
# the rest away. To do this, we need to install `gettext`
# then move `envsubst` out of the way so `gettext` can
# be deleted completely, then move `envsubst` back.
&& apk add --no-cache --virtual .gettext gettext
&& mv /usr/bin/envsubst /tmp/
&& runDeps="$(
scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst
| tr ',' 'n'
| sort -u
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }'
)"
&& apk add --no-cache --virtual .nginx-rundeps $runDeps
&& apk del .build-deps
&& apk del .gettext
&& mv /tmp/envsubst /usr/local/bin/
# Bring in tzdata so users could set the timezones through the environment
# variables
&& apk add --no-cache tzdata
# forward request and error logs to docker log collector
&& ln -sf /dev/stdout /var/log/nginx/access.log
&& ln -sf /dev/stderr /var/log/nginx/error.log
COPY nginx.conf /etc/nginx/nginx.conf
COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
STOPSIGNAL SIGTERM
CMD ["nginx", "-g", "daemon off;"]
And the two files nginx.conf
:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
load_module modules/ngx_http_geoip2_module.so; # GeoIP2
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# GeoIP2
geoip2 /usr/share/geoip/GeoLite2-Country.mmdb {
$geoip2_data_country_code source=$remote_addr country iso_code;
$geoip2_data_country_name source=$remote_addr country names en;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# GeoIP2
log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$geoip2_data_country_code $geoip2_data_country_name';
access_log /var/log/nginx/access.log main_geo; # GeoIP2
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
And nginx.vh.default.conf
:
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
According to this page if I do docker run --rm -p 80:80 bubelov/nginx-alpine-geoip2
then I will get the correct log:
183.88.21.120 - - [16/Apr/2019:09:08:55 +0000] "GET / HTTP/1.1"
200 612 "-"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0" "-"
TH Thailand
But in my case it is the following:
192.168.3.1 - - [15/Jun/2022:10:46:11 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" "10.0.8.83" - -
The actual nginx configuration file is the following:
events{}
# See blow link for Creating NGINX Plus and NGINX Configuration Files
# https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# The identifier Backend is internal to nginx, and used to name this specific upstream
upstream backend {
# BACKEND_HOST is the internal DNS name used by the Backend Service inside the Kubernetes cluster
# or in the services list of the docker-compose.
server ${BACKEND_HOST}:${BACKEND_PORT};
}
server {
listen ${NODE_PORT};
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
resolver 127.0.0.11;
#nginx will not crash if host is not found
# The following statement will proxy traffic to the upstream
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
2
Answers
Wait a second, your IP
192.168.3.1
is a private one. So it can not have a location identified.More on IP ranges: https://www.arin.net/reference/research/statistics/address_filters/
Below is the list of Private Network Subnets. Inside your VPN (Virtual Private Network) network admins can assign any subnet to any location.
Only Public IP addresses can be found in
GeoLite2-Country.mmdb
. That’s why the your IP192.168.3.1
does not return any location.