Country blocking using Nginx with IP2Location Module

After few days of trying, trying and trying, finally find out the way to compile the IP2Location module into the Nginx in Ubuntu server. I try to compare multiple way of doing the country block with Nginx, where in my previous post, the country blocking is done with GeoIP module (which I found out more easy compare to the IP2Location module), and also the country block without any 3rd party plugin for Nginx, with this method, that’s no any compilation of Nginx needed in order to make it, it’s most suitable for the current running Nginx which install directly from the APT repo.

IP2Location is one of the most famous IP location provider in the market and they are from Penang. I being use their service since many years ago and that’s the reason why I wanna try out to doing the Nginx country block with IP2Location module.

I can’t really find a full and complete step on the installing and compiling of the module, that’s why it take me many days to figure out how to make the whole thing work nicely.

The following script basically just download all necessary module source code (OpenSSL, PCRE, IP2Location C module, IP2Lacation Nginx module, Nginx 1.15 .0 source code) and compile all. After that, create the system service and put the Nginx into auto start mode and include the IP2Location database into Nginx.conf. Beside that, I also include the script to auto download the database directly from IP2Location server.

 

sudo apt update && sudo apt upgrade -y && \
sudo apt install build-essential dh-autoreconf unzip -y && \
sudo mkdir nginx-dev && cd nginx-dev && \

sudo wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.42.tar.gz && \
sudo tar -zxf pcre-8.42.tar.gz && \
cd pcre-8.42 && \
sudo ./configure && \
sudo make && \
sudo make install && \
cd .. && \

sudo wget http://zlib.net/zlib-1.2.11.tar.gz && \
sudo tar -zxf zlib-1.2.11.tar.gz && \
cd zlib-1.2.11 && \
sudo ./configure && \
sudo make && \
sudo make install && \
cd .. && \

sudo wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz && sudo tar xzvf openssl-1.0.2o.tar.gz && \
cd openssl-1.0.2o && \
sudo ./config --prefix=/usr && \
sudo make && \
sudo make install && \
cd .. && \

sudo rm *.gz && \

sudo wget https://github.com/chrislim2888/IP2Location-C-Library/archive/master.zip && \
sudo unzip master.zip && \
cd IP2Location-C-Library-master && \
sudo autoreconf -i -v --force && \
sudo ./configure && \
sudo make && \
sudo make install && \
cd ~/nginx-dev && \
sudo rm master.zip && \

sudo wget https://github.com/ip2location/ip2location-nginx/archive/master.zip && \
sudo unzip master.zip && \
sudo rm master.zip && \
sudo sed -i 's/#include "IP2Location.h"/#include "\/home\/ubuntu\/nginx-dev\/IP2Location-C-Library-master\/libIP2Location\/IP2Location.h"/g' ~/nginx-dev/ip2location-nginx-master/ngx_http_ip2location_module.c && \
sudo mkdir /etc/ip2location && cd /etc/ip2location && \

sudo curl -o DB1-IP-COUNTRY.BIN.ZIP "https://www.ip2location.com/download?token=B7DAFhxJcAyim6NQsXWV1pGzy3deiiGUqjv5B2OOCn6YuUPWSLRTbytJCGXVZEPp&file=DB1BIN" && \
sudo unzip -o DB1-IP-COUNTRY.BIN.ZIP && \
sudo rm !(*.BIN) && \

cd ~/nginx-dev && \
sudo wget https://nginx.org/download/nginx-1.15.0.tar.gz && \
sudo tar zxf nginx-1.15.0.tar.gz && \
cd nginx-1.15.0 && \

sudo ./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--add-module=../ip2location-nginx-master \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=www-data \
--group=www-data \
--build=Ubuntu \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-openssl=../openssl-1.0.2o \
--with-openssl-opt=enable-ec_nistp_64_gcc_128 \
--with-openssl-opt=no-nextprotoneg \
--with-openssl-opt=no-weak-ssl-ciphers \
--with-openssl-opt=no-ssl3 \
--with-pcre=../pcre-8.42 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_sub_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_secure_link_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-debug && \

sudo make && \
sudo make install && \
sudo ldconfig && \
sudo nginx -v && sudo nginx -V && \
sudo mkdir -p /var/lib/nginx && sudo nginx -t && \

sudo echo "
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target " > ~/nginx.service && \

sudo mv ~/nginx.service /etc/systemd/system/nginx.service && \

sudo systemctl start nginx.service && sudo systemctl enable nginx.service && \

sudo sed -i 's/default_type application\/octet-stream;/default_type application\/octet-stream;\nip2location on;\nip2location_database \/etc\/ip2location\/IP-COUNTRY.BIN;\nip2location_access_type shared_memory;/g' /etc/nginx/nginx.conf

 

After finish run above command, just add the following script into your Nginx.conf or your website virtual host directive in or to make rewrite all incoming traffic to your desire destination

server{
listen 80;
server_name _;

if ($ip2location_country_short ~ ^MY$) {
rewrite ^(.*)$ http://www.google.com last;
}
}

 

Finally you may testing your configure by browsing the server IP using any of your browse, if you are from Malaysia, than you should be redirected to Google home page

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: