GeoIP2
MAXMIND的产品。介绍:MaxMind GeoIP2 offerings provide IP geolocation and proxy detection for a wide range of applications including content customization, advertising, digital rights management, compliance, fraud detection, and security.
详情见官网:
https://www.maxmind.com/en/geoip2-services-and-databases
MacOS使用GeoIP2库
1、下载编译安装GeoIP2支持库https://github.com/maxmind/libmaxminddb/releases,安装完成后系统增加一个mmdblookup命令,
2、解压后编译安装。
3、下载免费的最新ip库:https://www.maxmind.com/en/accounts/744402/geoip/downloads
4、指定对应的库查询:mmdblookup -f GeoLite2-City_20220719/GeoLite2-City.mmdb -i 23.25.33.66
搭建OpenResty查询指定IP
以下是无脑执行步骤,详细解释和步骤参考:https://codeantenna.com/a/LHGNCRUsvq
OpenResty安装
OpenResty - OpenResty® Linux Packages安装详细步骤
1、wget https://openresty.org/package/centos/openresty.repo
2、sudo mv openresty.repo /etc/yum.repos.d/
3、sudo yum check-update
4、sudo yum install openresty -y
5、sudo yum install openresty-resty -y
6、sudo yum install openresty-opm openresty-doc -y
GeoIP2库下载和GeoIP2 lua库安装
1、下载免费的最新ip库:https://www.maxmind.com/en/accounts/744402/geoip/downloads
2、解压后,mmdb库放到/usr/local/openresty/,这里把两个库都放进来:GeoLite2-City.mmdb和GeoLite2-Country.mmdb。
3、安装lua库:/usr/local/openresty/bin/opm get anjia0532/lua-resty-maxminddb
4、GeoIP2 lua库依赖动态库安装:https://codeantenna.com/a/LHGNCRUsvq
5、让openresty加载到(提示访问不到需要):sudo sh -c "echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf"
6、ldconfig
openresty nginx配置
1、vim /usr/local/openresty/nginx/conf/nginx.conf
2、http段添加:
lua_package_path "/usr/local/openresty/lualib/?.lua;;"; lua_package_cpath "/usr/local/openresty/lualib/?.so;;";
3、server段添加:
location /lua { default_type "text/html"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #return 200 $proxy_add_x_forwarded_for; charset utf-8; #关闭代码缓存 。修改lua脚本不需要重启 lua_code_cache off; content_by_lua_file /usr/local/openresty/lualib/project/test.lua; }
访问mmdb的lua脚本
1、mkdir /usr/local/openresty/lualib/project
2、vim test.lua
3、
local cjson=require 'cjson'
local geo=require 'resty.maxminddb'
local arg_ip=ngx.var.arg_ip
--local arg_node=ngx.var.arg_node
--ngx.say("IP:",arg_ip,", node:",arg_node,"<br>")
--没有传递ip
if not arg_ip then
arg_ip=ngx.var.remote_addr
end
if not geo.initted() then
geo.init("/usr/local/openresty/GeoLite2-City.mmdb")
end
--当前服务部署的ip
--ngx.say("当前服务部署ip:",ngx.var.remote_addr)
local res,err=geo.lookup(arg_ip or ngx.var.remote_addr)
if not res then
ngx.say("获取客户端ip失败,或当前请求的ip不是公网ip")
ngx.log(ngx.ERR,' failed to lookup by ip , reason :',err)
else
for k,v in pairs(res) do
--只获取国家
if(k == "country") then
--获取国家编码
for key,item in pairs(v) do
if (key=="iso_code") then
--ngx.say(item)
end
end
end
end
--ngx.say("Result:",cjson.encode(res))
ngx.say(cjson.encode(res))
if arg_node then
ngx.say("node name:",ngx.var.arg_node, " , value:",cjson.encode(res[ngx.var.arg_node] or {}))
end
end
ngx.exit(200)
浏览器或者Postman访问
扩展:Nginx或Nginx Plus使用GeoIP2做访问控制
可以使用nginx做对不同国家的ip访问控制。这里使用nginx plus(闲的无聊碰到)。
实际上Nginx Plus是Nginx的商业版本,以下是详细对比项。
https://www.nginx.com/blog/whats-difference-nginx-foss-nginx-plus/
因为是商用,这里安装Nginx Plus之前需要获取试用:https://my.f5.com/manage/s/trials,通过后会有公钥和私钥。 测试CentOS8,所有详细步骤都在:https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/#installing-nginx-plus-on-rhel-81-and-oracle-linux-81
几个关键步骤:
1、获取试用
2、vim /etc/yum.repos.d/nginx-plus-8.repo,改成对应的公钥私钥地址。