1. Nginx配置文件添加GeoIP2数据库
GeoIP2安装
yum -y install https://github.com/maxmind/geoipupdate/releases/download/v4.8.0/geoipupdate_4.8.0_linux_386.rpm
更新数据库
cat <<'EOF' >>/etc/GeoIP.conf
# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
# Used to update GeoIP databases from https://www.maxmind.com.
# For more information about this config file, visit the docs at
# https://dev.maxmind.com/geoip/updating-databases?lang=en.
# `AccountID` is from your MaxMind account.
AccountID 6**** #这个自己申请吧
# `LicenseKey` is from your MaxMind account
LicenseKey aZ5RobhhHTV03d08
# `EditionIDs` is from your MaxMind account.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
EOF
# 运行命令更新
geoipupdate
# 确保配置文件的日志格式如下:并增加GeoIP.conf配置文件
cat <<'EOF' >> /usr/local/openresty/nginx/conf/conf.d/Geoip2.conf
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_country_code country iso_code;
$geoip2_country_name country names en;
}
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
$geoip2_metadata_city_build metadata build_epoch;
$geoip2_data_city_name city names en;
$geoip2_data_continent_code continent code;
$geoip2_data_continent_name continent names en;
$geoip2_data_country_code country iso_code;
$geoip2_data_country_name country names en;
$geoip2_data_region_iso subdivisions 0 iso_code;
$geoip2_data_region_name subdivisions 0 names en;
}
EOF
user nobody;
worker_processes 8;
#worker_cpu_affinity 0001 0010 0100 1000;
worker_cpu_affinity 0001 0010 0100 1000 1001 1010 1100 1101;
#worker_cpu_affinity auto;
worker_priority -20;
worker_rlimit_nofile 65535;
error_log logs/error.log;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 100000;
multi_accept on;
accept_mutex on;
accept_mutex_delay 10ms;
}
http {
server_tokens off;
sendfile on;
autoindex off;
tcp_nopush on;
tcp_nodelay on;
lua_shared_dict limit 10m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $geoip2_data_country_code $allowed_country {
default no;
CN yes;
PH yes;
AE yes;
HK yes;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main_json ;
log_format main_json escape=json '{'
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
'"connection": "$connection", ' # connection serial number
'"connection_requests": "$connection_requests", ' # number of requests made in connection
'"pid": "$pid", ' # process pid
'"req