Merge pull request #26 from gilbN/geoip2-lan-fix

adds an allow LAN ip list if geoip2 default is no.

package_versions.txt

@@ -6,7 +6,7 @@ apr-1.7.0-r0
 apr-util-1.6.1-r6
 argon2-libs-20190702-r1
 bash-5.0.17-r0
-brotli-libs-1.0.7-r5
+brotli-libs-1.0.9-r1
 busybox-1.31.1-r19
 c-client-2007f-r11
 ca-certificates-20191127-r4
@@ -16,7 +16,7 @@ curl-7.69.1-r1
 db-5.3.28-r1
 expat-2.2.9-r1
 fail2ban-0.11.1-r3
-freetype-2.10.2-r0
+freetype-2.10.4-r0
 gdbm-1.13-r1
 git-2.26.2-r0
 git-perl-2.26.2-r0
@@ -95,26 +95,26 @@ ncurses-libs-6.2_p20200523-r0
 ncurses-terminfo-base-6.2_p20200523-r0
 nettle-3.5.1-r1
 nghttp2-libs-1.41.0-r0
-nginx-1.18.0-r0
-nginx-mod-devel-kit-1.18.0-r0
-nginx-mod-http-echo-1.18.0-r0
-nginx-mod-http-fancyindex-1.18.0-r0
-nginx-mod-http-geoip2-1.18.0-r0
-nginx-mod-http-headers-more-1.18.0-r0
-nginx-mod-http-image-filter-1.18.0-r0
-nginx-mod-http-lua-1.18.0-r0
-nginx-mod-http-lua-upstream-1.18.0-r0
-nginx-mod-http-nchan-1.18.0-r0
-nginx-mod-http-perl-1.18.0-r0
-nginx-mod-http-redis2-1.18.0-r0
-nginx-mod-http-set-misc-1.18.0-r0
-nginx-mod-http-upload-progress-1.18.0-r0
-nginx-mod-http-xslt-filter-1.18.0-r0
-nginx-mod-mail-1.18.0-r0
-nginx-mod-rtmp-1.18.0-r0
-nginx-mod-stream-1.18.0-r0
-nginx-mod-stream-geoip2-1.18.0-r0
-nginx-vim-1.18.0-r0
+nginx-1.18.0-r1
+nginx-mod-devel-kit-1.18.0-r1
+nginx-mod-http-echo-1.18.0-r1
+nginx-mod-http-fancyindex-1.18.0-r1
+nginx-mod-http-geoip2-1.18.0-r1
+nginx-mod-http-headers-more-1.18.0-r1
+nginx-mod-http-image-filter-1.18.0-r1
+nginx-mod-http-lua-1.18.0-r1
+nginx-mod-http-lua-upstream-1.18.0-r1
+nginx-mod-http-nchan-1.18.0-r1
+nginx-mod-http-perl-1.18.0-r1
+nginx-mod-http-redis2-1.18.0-r1
+nginx-mod-http-set-misc-1.18.0-r1
+nginx-mod-http-upload-progress-1.18.0-r1
+nginx-mod-http-xslt-filter-1.18.0-r1
+nginx-mod-mail-1.18.0-r1
+nginx-mod-rtmp-1.18.0-r1
+nginx-mod-stream-1.18.0-r1
+nginx-mod-stream-geoip2-1.18.0-r1
+nginx-vim-1.18.0-r1
 npth-1.6-r0
 openssl-1.1.1g-r0
 p11-kit-0.23.20-r5
@@ -151,8 +151,8 @@ php7-pdo_odbc-7.3.23-r0
 php7-pdo_pgsql-7.3.23-r0
 php7-pdo_sqlite-7.3.23-r0
 php7-pear-7.3.23-r0
-php7-pecl-apcu-5.1.18-r0
-php7-pecl-igbinary-3.1.4-r0
+php7-pecl-apcu-5.1.19-r0
+php7-pecl-igbinary-3.1.6-r0
 php7-pecl-mcrypt-1.0.3-r0
 php7-pecl-memcached-3.1.5-r0
 php7-pecl-redis-5.2.2-r1

root/defaults/geoip2.conf

@@ -1,4 +1,4 @@
-## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
+## Version 2020/10/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
 # To enable, uncommment the Geoip2 config line in nginx.conf
 # Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
 # A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup
@@ -18,48 +18,52 @@ geoip2 /config/geoip2db/GeoLite2-City.mmdb {
 # GEOIP2 COUNTRY CONFIG
 map $geoip2_data_country_iso_code $allowed_country {
     # default must be yes or no
+    # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
     default yes;
 
     # Below you will setup conditions with yes or no
     # ex: <condition> <yes/no>;
-    # If your default is set to yes you can setup conditions that would set it to no (and vice versa)
-    # Conditions are either network address (CIDR notation) or country code
 
     # allow United Kingdom.
     #GB yes;
-
-    # allow local access.
-    #192.168.1.0/24 yes;
 }
 
 # GEOIP2 CITY CONFIG
 map $geoip2_data_city_name $allowed_city {
     # default must be yes or no
+    # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
     default yes;
 
     # Below you will setup conditions with yes or no
     # ex: <condition> <yes/no>;
-    # If your default is set to yes you can setup conditions that would set it to no (and vice versa)
-    # Conditions are either network address (CIDR notation) or city name
 
     # allow Inverness.
     #Inverness yes;
+}
 
-    # allow local access.
-    #192.168.1.0/24 yes;
+# ALLOW LOCAL ACCESS
+geo $allow_list {
+    default yes; # Set this to no if $allowed_country or $allowed_city default is no. 
+    # IP/CIDR yes; # e.g. 192.168.1.0/24 yes;
 }
 
 # Server config example:
-# Add the following if statement inside any server context where you want to geo block countries.
+# Add the following if statements inside any server context where you want to geo block countries.
 
 ########################################
+#   if ($allow_list = yes) {
+#   set $allowed_country yes;
+#   }
 #	if ($allowed_country = no) {
 #	return 444;
 #	}
 #########################################
 
-# Add the following if statement inside any server context where you want to geo block cities.
+# Add the following if statements inside any server context where you want to geo block cities.
 ########################################
+#   if ($allow_list = yes) {
+#   set $allowed_country yes;
+#   }
 #	if ($allowed_city = no) {
 #	return 444;
 #	}
@@ -84,6 +88,10 @@ map $geoip2_data_city_name $allowed_city {
 #    #include /config/nginx/authelia-server.conf;
 
 
+#   # Allow lan access if default is set to no
+#   if ($allow_list = yes) {
+#   set $allowed_country yes;
+#   }
 #    # Country geo block
 #    if ($allowed_country = no) {
 #       return 444;