diff --git a/Dockerfile b/Dockerfile index 5f7a768..c7fb76d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,15 @@ -FROM ubuntu:20.04 AS buildstep +FROM ubuntu:22.04 AS buildstep ENV TERM=xterm container=docker DEBIAN_FRONTEND=noninteractive \ NGINX_DEVEL_KIT_VERSION=0.3.1 NGINX_SET_MISC_MODULE_VERSION=0.32 \ - NGINX_VERSION=1.20.2 + NGINX_VERSION=1.22.0 ADD ./build/ /tmp/ RUN bash /tmp/ubuntu.sh -FROM ubuntu:20.04 +FROM ubuntu:22.04 LABEL maintainer="noogen " ENV TERM=xterm container=docker DEBIAN_FRONTEND=noninteractive \ - NGINX_VERSION=_1.20.2-1~focal_amd64.deb \ + NGINX_VERSION=_1.22.0-1~jammy_amd64.deb \ NGINX_DEBUG=-dbg${NGINX_VERSION} COPY --from=buildstep /usr/src/nginx/nginx${NGINX_VERSION} /tmp @@ -17,16 +17,15 @@ COPY --from=buildstep /usr/src/nginx/nginx${NGINX_VERSION} /tmp RUN cd /tmp \ && echo "\n\n* soft nofile 800000\n* hard nofile 800000\n\n" >> /etc/security/limits.conf \ && apt-get update -y && apt-get upgrade -y --no-install-recommends --no-install-suggests \ - && apt-get install -y --no-install-recommends --no-install-suggests \ - curl gpg-agent nano libgd3 gettext-base unzip rsync cron \ - apt-transport-https software-properties-common \ - ca-certificates \ + && apt-get install -y --no-install-recommends --no-install-suggests curl gpg-agent nano \ + libgd3 gettext-base unzip rsync cron apt-transport-https software-properties-common \ + ca-certificates libmaxminddb0 libmaxminddb-dev mmdb-bin \ && dpkg --configure -a \ && touch /var/log/cron.log \ && curl -s https://nginx.org/keys/nginx_signing.key | apt-key add - \ && cp /etc/apt/sources.list /etc/apt/sources.list.bak \ - && echo "deb http://nginx.org/packages/ubuntu/ focal nginx" | tee -a /etc/apt/sources.list \ - && echo "deb-src http://nginx.org/packages/ubuntu/ focal nginx" | tee -a /etc/apt/sources.list \ + && echo "deb http://nginx.org/packages/ubuntu/ jammy nginx" | tee -a /etc/apt/sources.list \ + && echo "deb-src http://nginx.org/packages/ubuntu/ jammy nginx" | tee -a /etc/apt/sources.list \ && apt-get update -y \ && dpkg -i nginx${NGINX_VERSION} \ && apt-get install --no-install-recommends --no-install-suggests -y nginx-module-njs gettext-base \ @@ -44,6 +43,7 @@ ADD ./files/root/ /root/ ADD ./files/sbin/ /sbin/ RUN bash /root/bin/placeholder-ssl.sh \ + && bash /etc/cron.daily/geoip2-update \ && mkdir -p /app-start/etc \ && mv /etc/nginx /app-start/etc/nginx \ && rm -rf /etc/nginx \ diff --git a/build/ubuntu.sh b/build/ubuntu.sh index c877c5c..62886da 100644 --- a/build/ubuntu.sh +++ b/build/ubuntu.sh @@ -3,10 +3,12 @@ export NGINX_BUILD_DIR=/usr/src/nginx/nginx-${NGINX_VERSION} cd /tmp +add-apt-repository ppa:maxmind/ppa apt-get update apt-get install -y --no-install-recommends --no-install-suggests curl apt-transport-https \ apt-utils software-properties-common build-essential ca-certificates libssl-dev \ - zlib1g-dev dpkg-dev libpcre3 libpcre3-dev libgd-dev gpg-agent + zlib1g zlib1g-dev dpkg-dev libpcre3 libpcre3-dev libgd-dev gpg-agent +apt-get install -y libmaxminddb0 libmaxminddb-dev mmdb-bin dpkg --configure -a @@ -22,14 +24,18 @@ rm ngx-misc.tar.gz curl -s https://nginx.org/keys/nginx_signing.key | apt-key add - cp /etc/apt/sources.list /etc/apt/sources.list.bak -echo "deb http://nginx.org/packages/ubuntu/ focal nginx" | tee -a /etc/apt/sources.list -echo "deb-src http://nginx.org/packages/ubuntu/ focal nginx" | tee -a /etc/apt/sources.list +echo "deb http://nginx.org/packages/ubuntu/ jammy nginx" | tee -a /etc/apt/sources.list +echo "deb-src http://nginx.org/packages/ubuntu/ jammy nginx" | tee -a /etc/apt/sources.list apt-get update && apt-get upgrade -y --no-install-recommends --no-install-suggests mkdir -p /usr/src/nginx cd /usr/src/nginx +git clone https://github.com/leev/ngx_http_geoip2_module ngx_http_geoip2_module +curl -sL https://github.com/leev/ngx_http_geoip2_module/archive/master.tar.gz -o ngx_http_geoip2_module.tar.gz +tar zxvf ngx_http_geoip2_module.tar.gz +mv ngx_http_geoip2_module-master ngx_http_geoip2_module apt-get source nginx=${NGINX_VERSION} -y pwd @@ -38,7 +44,7 @@ ls -la cd ${NGINX_BUILD_DIR} patch src/http/modules/ngx_http_image_filter_module.c /tmp/image_filter.patch -sed -i "s/--with-http_ssl_module/--with-http_ssl_module --with-http_image_filter_module --add-module=\/usr\/src\/nginx\/ngx_devel_kit --add-module=\/usr\/src\/nginx\/set-misc-nginx-module /g" \ +sed -i "s/--with-http_ssl_module/--with-http_ssl_module --with-http_image_filter_module --add-module=\/usr\/src\/nginx\/ngx_http_geoip2_module --add-module=\/usr\/src\/nginx\/ngx_devel_kit --add-module=\/usr\/src\/nginx\/set-misc-nginx-module /g" \ ${NGINX_BUILD_DIR}/debian/rules cd /usr/src/nginx diff --git a/files/etc/cron.daily/geoip2-update b/files/etc/cron.daily/geoip2-update new file mode 100755 index 0000000..16b890c --- /dev/null +++ b/files/etc/cron.daily/geoip2-update @@ -0,0 +1,6 @@ +#!/bin/bash +# download geolite2 file +mkdir -p /usr/share/GeoIP/ +./root/bin/my-download.sh /usr/share/GeoIP/GeoLite2-ASN.mmdb https://git.io/GeoLite2-ASN.mmdb +./root/bin/my-download.sh /usr/share/GeoIP/GeoLite2-City.mmdb https://git.io/GeoLite2-City.mmdb +./root/bin/my-download.sh /usr/share/GeoIP/GeoLite2-Country.mmdb https://git.io/GeoLite2-Country.mmdb diff --git a/files/etc/nginx/geoipme.conf b/files/etc/nginx/geoipme.conf new file mode 100644 index 0000000..9fe5ea6 --- /dev/null +++ b/files/etc/nginx/geoipme.conf @@ -0,0 +1,32 @@ + location ~ /(geoip|geoipme)/?(?.*) { + charset utf-8; + add_header Cache-Control no-cache; + set $realip $ip; + + if ($ip = '') { + set $realip $remote_addr; + } + + include /etc/nginx/geolite2.conf; + + default_type application/json; + set $mybody '{"ip":"$realip","country_code":"$geoip2_country_code","region_code":"$geoip2_region","region_name":"$geoip2_region_name","city":"$geoip2_city","zip_code":"$geoip2_postal_code","latitude":"$geoip2_latitude","longitude":"$geoip2_longitude","metro_code":"$geoip2_dma_code"}'; + + if ($arg_format = "xml") { + add_header Content-Type application/xml; + + set $mybody '$realip$geoip2_country_code$geoip2_country_name$geoip2_region$geoip2_region_name$geoip2_city$geoip2_postal_code$geoip2_latitude$geoip2_longitude$geoip2_dma_code'; + } + + if ($arg_format = "csv") { + add_header Content-Type text/csv; + set $mybody '$realip,$geoip2_country_code,$geoip2_region,$geoip2_region_name,$geoip2_city,$geoip2_postal_code,$geoip2_latitude,$geoip2_longitude,$geoip2_dma_code'; + } + + if ($arg_callback) { + add_header Content-Type application/javascript; + return 200 '$arg_callback($mybody);'; + } + + return 200 $mybody; +} \ No newline at end of file diff --git a/files/etc/nginx/geolite2.conf b/files/etc/nginx/geolite2.conf new file mode 100644 index 0000000..420231a --- /dev/null +++ b/files/etc/nginx/geolite2.conf @@ -0,0 +1,34 @@ +if ($realip = '') { + set $realip $remote_addr +} + +geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + auto_reload 60m; + + $geoip2_metadata_country_build metadata build_epoch; + $geoip2_data_country source=$realip country names en; + $geoip2_data_country_code source=$realip country iso_code; +} + +geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + auto_reload 60m; + + $geoip2_continent_code source=$realip continent code; + $geoip2_country source=$realip country names en; + $geoip2_country_code source=$realip country iso_code; + $geoip2_region source=$realip subdivisions 0 names en; + $geoip2_region_code source=$realip subdivisions 0 iso_code; + $geoip2_city source=$realip city names en; + $geoip2_postal_code source=$realip postal code; + $geoip2_latitude source=$realip location latitude; + $geoip2_longitude source=$realip location longitude; + $geoip2_time_zone source=$realip location time_zone; + $geoip2_dma_code source=$realip location metro_code; +} + +geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb { + auto_reload 60m; + + $geoip2_asn source=$realip autonomous_system_number; + $geoip2_organization source=$realip autonomous_system_organization; +} diff --git a/files/root/bin/my-download.sh b/files/root/bin/my-download.sh new file mode 100755 index 0000000..6cb26eb --- /dev/null +++ b/files/root/bin/my-download.sh @@ -0,0 +1,10 @@ +#!/bin/bash +file=$1 +uri=$2 + +if test -e "$file" +then zflag=(-z "$file") +else zflag=() +fi +curl -sLo "$file" "${zflag[@]}" "$uri" +