Nginx Geoip2 Setup on Ubuntu 20.04

There are lots of tutorials for setting up nginx for GeoIP using Maxmind’s database. The old .dat style database is being depreciated and being replaced with their new format — mmdb.

This requires an updated build for nginx using the new GeoIp2 modules. This guide uses Ubuntu 20.04 server though could be adapted to whatever flavor of Debian you choose.

Install the development tools necessary to 

sudo apt-get update
sudo apt-get install build-essential

Install the PPA for Maxmind’s libraries which are required to build nginx.

sudo add-apt-repository ppa:maxmind/ppa
apt update
apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate 
apt install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev

Visit https://www.maxmind.com/en/my_license_key to get an account and license key setup. This is how updates to the database are distributed. Enter the credentials /etc/GeoIp.conf configuration file:

more /etc/GeoIP.conf

# Replace YOUR_ACCOUNT_ID_HERE and YOUR_LICENSE_KEY_HERE with an active account
# ID and license key combination associated with your MaxMind account. These
# are available from https://www.maxmind.com/en/my_license_key.
AccountID xXxXxX
LicenseKey XxXxXXxXXXXXxxx

Add an entry to update database weekly.

59 3    * * 5   root    /usr/bin/geoipupdate >> /dev/null 2>&1

Now would be a good time to do a geoip update:

geoipupdate

Get a current version of nginx. I like /usr/local/src for build location.

cd /usr/local/src
sudo wget https://nginx.org/download/nginx-1.21.4.tar.gz

Get a current version of the nginx module with git and build

git clone https://github.com/leev/ngx_http_geoip2_module
cd ngx_http_geoip2_module/

Now to build nginx with the geoip module.

cd nginx-1.21.4
./configure  \
--add-dynamic-module=../ngx_http_geoip2_module \
 $(nginx -V) --with-compat \
--with-http_ssl_module

make

The following defaults will be used:


  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

If all goes will install it.

make install

Create systemd file to startup the service in /usr/lib/system/

sudo vi /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Unmask the unit file with:

sudo systemctl unmask nginx.service

Add some paths to nginx and make run as user nobody. Add/edit the following lines in the /usr/local/nginx/conf/nginx.conf file:

user  nobody;
worker_processes  1;
load_module modules/ngx_http_geoip2_module.so;

error_log  /var/log/nginx/error.log;
error_log  /var/log/nginx/error.log  notice;
error_log  /var/log/nginx/error.log  info;
pid        /var/run/nginx.pid;

Take care of the permissions:

groupadd nobody
chown -R nobody.nobody /var/log/nginx
touch /var/run/nginx.pid
chown nobody.nobody /var/run/nginx.pid

At this point you should be able to start the server:

service nginx start

That should get it up and running. You should now be able to use GeoIp2 once the configuration files are added. See my next post for setup information.

Leave a comment

Your email address will not be published. Required fields are marked *