Geo IP Nginx
Geo IP Nginx bisa digunakan salah satu nya untuk custom log pada Web Server Nginx, dimana kita bisa mengetahui log yang akses website kita berasal dari negara mana, atau bisa juga membatasi Website untuk di akses dari suatu negara. Berikut cara config GeoIP pada nginx dan Custom log untuk log menampilkan dari suatu negara.
- Install dahulu nginx, disni saya menggunakan nginx versi 1.16.0
- Pastikan modul ngx_http_geoip2_module-3.0 sudah tersedia, untuk mengetahui nya bisa menggunakan perintah nginx -V
–add-dynamic-module=/usr/ports/www/nginx/work/ngx_http_geoip2_module-3.2
3. Jika belum terinstall, silahkan ditambahkan module tsb.
| cd /usr/local/src/sudo wget https://nginx.org/download/nginx-1.16.0.tar.gz sudo tar -xzvf nginx-1.16.0.tar.gz |
We also need the source for the GeoIP2 NGINX module:
| sudo wget https://github.com/leev/ngx_http_geoip2_module/archive/3.0.tar.gzsudo tar -xzvf 3.0.tar.gz cd nginx-1.16.0 sudo ./configure \ –with-cc-opt=’-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2′ \ –with-ld-opt=’-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC’ \ –prefix=/usr/share/nginx \ –conf-path=/etc/nginx/nginx.conf \ –http-log-path=/var/log/nginx/access.log \ –error-log-path=/var/log/nginx/error.log \ –lock-path=/var/lock/nginx.lock \ –pid-path=/run/nginx.pid \ –modules-path=/usr/lib/nginx/modules \ –http-client-body-temp-path=/var/lib/nginx/body \ –http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ –http-proxy-temp-path=/var/lib/nginx/proxy \ –http-scgi-temp-path=/var/lib/nginx/scgi \ –http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ –with-debug \ –with-pcre-jit \ –with-http_ssl_module \ –with-http_stub_status_module \ –with-http_realip_module \ –with-http_auth_request_module \ –with-http_v2_module \ –with-http_dav_module \ –with-http_slice_module \ –with-threads \ –with-http_addition_module \ –with-http_gunzip_module \ –with-http_gzip_static_module \ –with-http_sub_module \ –with-http_xslt_module=dynamic \ –with-stream=dynamic \ –with-stream_ssl_module \ –with-stream_ssl_preread_module \ –with-mail=dynamic \ –with-mail_ssl_module \ –add-dynamic-module=/usr/local/src/ngx_http_geoip2_module-3.0 |
4. Install GeoIP, pkg install geoipupdate ( untuk Freebsd)
5. Cek Install dengan perintah geoipupdate -v
6. Konfigurasi nginx.conf, tambah line pada Huruf BOLD
user www;
worker_processes 16;
error_log /var/log/nginx/error.log info;
load_module “/usr/local/libexec/nginx/ngx_http_geoip2_module.so”; #
letakkan script berikut dibawah http {
http {
geoip2 /usr/local/share/GeoIP/GeoLite2-Country.mmdb {
auto_reload 60m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code country iso_code;
$geoip2_data_country_name country names en;
}
geoip2 /usr/local/share/GeoIP/GeoLite2-City.mmdb {
auto_reload 60m;
$geoip2_metadata_city_build metadata build_epoch;
$geoip2_data_city_name city names en;
}
log_format custom ‘|$remote_addr | $remote_user | [$time_local] |’
‘”$request” $status $body_bytes_sent |’
‘”$http_referer” | “$http_user_agent”| “$http_x_forwarded_for” | “Req_ID $request_id” | “$gzip_ratio”|’
‘$geoip2_data_country_code|’
‘$geoip2_data_country_name|’
‘$geoip2_data_city_name’
;
large_client_header_buffers 8 16k;
#access_log off;
access_log /var/log/nginx/access.log custom;
error_log /var/log/nginx/error.log warn;7. Simpan, lalu Restart Nginx
NB : Untuk melakukan update GeoIP, ketikan perintah geoipupdate -v , atau bisa juga dilakukan update otomatis vi crontab...