move nginx geoip blocking to GeoIP database version 2, simplyfing geoip installation

2026-03-25 19:17:22 +01:00 · 2023-03-10 21:33:08 +01:00
parent 4e4055b956
commit 87d871a480
6 changed files with 31 additions and 71 deletions
--- a/setup/geoiptoolssetup.sh
+++ b/setup/geoiptoolssetup.sh
@@ -17,6 +17,10 @@ else
  echo skipping goiplookup database update
 fi

+# Install geoip update cron job
+cp -f conf/cron/update_geoipdb /etc/cron.weekly
+chmod +x /etc/cron.weekly/update_geoipdb
+
 # Install geo ip filter script
 cp -f setup/geoipfilter.sh /usr/local/bin/
 chmod +x /usr/local/bin/geoipfilter.sh
@@ -43,62 +47,3 @@ else
    sed -i '/sshd: /d' /etc/hosts.allow
    echo "sshd: ALL: aclexec /usr/local/bin/geoipfilter.sh %a %s" >> /etc/hosts.allow
 fi
-
-# geo ip filtering of nginx access log, based on 
-# https://guides.wp-bullet.com/blocking-country-and-continent-with-nginx-geoip-on-ubuntu-18-04/
-
-## Install geo ip lookup files
-
-# check that GeoIP.dat is older then 2 months, to not hit the server too often 
-if [[ ! -d /usr/share/GeoIP || ! -f /usr/share/GeoIP/GeoIP.dat || $(find "/usr/share/GeoIP/GeoIP.dat" -mtime +60 -print) ]]; then
-  echo updating GeoIP database
-  
-  # Move old file away if it exists
-  if [ -f "/usr/share/GeoIP/GeoIP.dat" ]; then
-    mv -f /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat.bak
-  fi
-
-  hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/country/maxmind.dat.gz
-
-  if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then
-    gunzip -c /usr/share/GeoIP/maxmind.dat.gz > /usr/share/GeoIP/GeoIP.dat
-    rm -f /usr/share/GeoIP/maxmind.dat.gz
-  else
-    echo Did not correctly download maxmind geoip country database
-  fi
-
-  # If new file is not created, move the old file back
-  if [ ! -f "/usr/share/GeoIP/GeoIP.dat" ]; then
-    echo GeoIP.dat was not created
-    
-    if [ -f "/usr/share/GeoIP/GeoIP.dat.bak" ]; then
-        mv /usr/share/GeoIP/GeoIP.dat.bak /usr/share/GeoIP/GeoIP.dat
-    fi
-  fi
-
-  # Move old file away if it exists
-  if [ -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then
-    mv -f /usr/share/GeoIP/GeoIPCity.dat /usr/share/GeoIP/GeoIPCity.dat.bak
-  fi
-
-  hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/city/maxmind.dat.gz
-
-  if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then
-    gunzip -c /usr/share/GeoIP/maxmind.dat.gz > /usr/share/GeoIP/GeoIPCity.dat
-    rm -f /usr/share/GeoIP/maxmind.dat.gz
-  else
-    echo Did not correctly download maxmind geoip city database
-  fi
-
-  # If new file is not created, move the old file back
-  if [ ! -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then
-    echo GeoIPCity.dat was not created
-    
-    if [ -f "/usr/share/GeoIP/GeoIPCity.dat.bak" ]; then
-        mv /usr/share/GeoIP/GeoIPCity.dat.bak /usr/share/GeoIP/GeoIPCity.dat
-    fi
-  fi
-else
-  echo skipping GeoIP database update
-fi
-
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -19,7 +19,7 @@ fi

 echo "Installing Nginx (web server)..."

-apt_install nginx php-cli php-fpm idn2 libnginx-mod-http-geoip
+apt_install nginx php-cli php-fpm idn2 libnginx-mod-http-geoip2

 rm -f /etc/nginx/sites-enabled/default