Skip to content

Commit

Permalink
fix geoip behind proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
noogen committed Sep 27, 2022
1 parent eb12290 commit 1f80088
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 14 deletions.
20 changes: 17 additions & 3 deletions files/etc/nginx/cdn-ips.conf
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# ref your cdn here, example bunnycdn below
include cdn/cdn-bunny.conf;

# Local cache/proxy
set_real_ip_from 0.0.0.0/0;
set_real_ip_from ::/0;
Expand All @@ -6,6 +9,17 @@ set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.0.0.0/24;

#real_ip_header X-Real-IP;
#real_ip_header X-Forwarded-For;
#real_ip_recursive on;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

# map realip to use with geolite2.conf
map $http_x_forwarded_for $forwarded_ip {
default $http_x_forwarded_for;
'' $realip_remote_addr;
}

# simply grab the first IP if there are multiples
map $forwarded_ip $realip {"~(?<IP>[^,]*),*.*" $IP;}


include geolite2.conf;
12 changes: 5 additions & 7 deletions files/etc/nginx/geoipme.conf
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
# usage: include /etc/nginx/geoipme.conf;
# this proxy pass to sites-enabled/geoip.conf
# use this with sites-enabled/1-geoip.conf
location ~ /(geoip|geoipme)+/(?<ip>.*) {
set $realip $ip;

if ($realip = '') {
set $realip $realip_remote_addr;
if ($ip) {
set $realip $ip;
}

proxy_set_header X-Real-IP $realip;
proxy_set_header X-Forwarded-For $realip;
proxy_set_header Host "127.0.0.1";
proxy_pass "http://127.0.0.1:9081";
}
}
5 changes: 1 addition & 4 deletions files/etc/nginx/geolite2.conf
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
map $http_x_forwarded_for $realip {
default $http_x_forwarded_for;
'' $realip;
}
# $realip is map inside of cdn-ips.conf

geoip2 /etc/nginx/GeoLite2-Country.mmdb {
auto_reload 60m;
Expand Down
File renamed without changes.

0 comments on commit 1f80088

Please sign in to comment.