linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-11-04 15:02:38 +09:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added geoip2 configs

Browse Source
This commit is contained in:
gilbN
2020-09-20 23:30:06 +02:00
parent e7ee9431b5
commit 57b70d654b
3 changed files with 92 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
readme-vars.yml
View File

@@ -57,6 +57,7 @@ opt_param_env_vars:
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
- { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" } - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
- { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." } - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
- { env_var: "MAXMINDDB_LICENSE_KEY", env_value: "". desc: "Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly."}
opt_param_usage_include_vols: false opt_param_usage_include_vols: false
opt_param_volumes: opt_param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." } - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
@@ -148,6 +149,7 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog # changelog
changelogs: changelogs:
- { date: "20.09.20:", desc: "Update nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."}
- { date: "08.09.20:", desc: "Add php7-xsl." } - { date: "08.09.20:", desc: "Add php7-xsl." }
- { date: "01.09.20:", desc: "Update nginx.conf and proxy.conf (and various proxy samples) to better handle websockets." } - { date: "01.09.20:", desc: "Update nginx.conf and proxy.conf (and various proxy samples) to better handle websockets." }
- { date: "03.08.20:", desc: "Initial release." } - { date: "03.08.20:", desc: "Initial release." }

83
root/defaults/geoip2.conf Normal file
View File

@@ -0,0 +1,83 @@
## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
# To enable, uncommment the Geoip2 config line in nginx.conf
# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
# A Maxmind lisence key can be aqiured here: https://www.maxmind.com/en/geolite2/signup
# The below config is for geoblocking any country/city you add. The default config is blocking all countries/cities except the ones you set to "yes".
# If you want to do the opposite, set default to "yes", and the countries/cities to "no".
# As the default config blocks all IP's except the ones in the GeoLite2-City.mmdb database set to yes, you will need to allow your lan ip for local access.
geoip2 /config/geoip2db/GeoLite2-City.mmdb {
auto_reload 5m;
$geoip2_data_country_code country iso_code;
$geoip2_data_city_name city names en;
}
# GEOIP2 COUNTRY CONFIG
map $geoip2_data_country_code $allowed_country {
default no;
<COUNTRY-CODE> yes; # e.g GB yes; for United Kingdom
IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access.
}
#(Optional)
# GEOIP2 CITY CONFIG
# map $geoip2_data_city_name $allowed_city {
# default no;
# <CITY-NAME> yes; # e.g Inverness yes;
# IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access.
# }
# Server config example:
# Add the following if statement inside any server context you want to geo block.
# COUNTRY GEO BLOCK
# if ($allowed_country = no) {
# return 444;
# }
# Full example:
# sample config for "default" with the geo block added
#server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
#
# root /config/www;
# index index.html index.htm index.php;
#
# server_name _;
# COUNTRY GEO BLOCK
# if ($allowed_country = no) {
# return 444;
# }
# # enable subfolder method reverse proxy confs
# include /config/nginx/proxy-confs/*.subfolder.conf;
#
# # all ssl related config moved to ssl.conf
# include /config/nginx/ssl.conf;
#
# # enable for ldap auth
# #include /config/nginx/ldap.conf;
#
# # enable for Authelia
# #include /config/nginx/authelia-server.conf;
#
# client_max_body_size 0;
#
# location / {
# try_files $uri $uri/ /index.html /index.php?$args =404;
# }
#
# location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# include /etc/nginx/fastcgi_params;
# }
#}

7
root/defaults/nginx.conf
View File

@@ -87,6 +87,13 @@ http {
include /config/nginx/site-confs/*; include /config/nginx/site-confs/*;
lua_load_resty_core off; lua_load_resty_core off;
##
# Geoip2 config
##
# Uncomment to add the Geoip2 configs needed to geo block countries/cities.
##
#include /config/nginx/geoip2.conf;
} }