全网最新Nginx禁止国内IP地址访问网站
1.服务器安装依赖
yum install gperftools libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data pcre-devel openssl openssl-devel libxslt-devel redhat-rpm-config.noarch
2.创建文件地址并下载所需服务
cd /usr/local/src
mkdir geoip2
mkdir tar
wget https://linuxhy.top/pptp/Nginx_Geoip2/libmaxminddb-1.6.0.tar.gz
wget https://linuxhy.top/pptp/Nginx_Geoip2/3.3.tar.gz
https://nginx.org/download/nginx-1.2x.x.tar.gz
wget https://nginx.org/download/nginx-1.20.1.tar.gz
3.安装libmaxminddb
cd /usr/local/src
cd libmaxminddb-1.6.0/
./configure && make && make install
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
4.解压并且修改geoip2模块
cd /usr/local/src
tar xf ngx_http_geoip2_module-3.3.tar.gz
mv ngx_http_geoip2_module-3.3 ngx_http_geoip2_module
5.下载对应国家地区的数据库
cd /usr/local/src/geoip2
wget https://linuxhy.top/pptp/Nginx_Geoip2/GeoLite2-master/GeoLite2-Country.mmdb
6.备份Nginx
mv /usr/sbin/nginx /usr/sbin/nginx.bak
cp -r /etc/nginx{
,.bak}
7.Nginx重新编译增加新的模块
nginx -v
nginx -V
`这里我们编译模块的时候编译成动态模块,所以必须执行第11步`
cd /ust/local/src
./configure --prefix=......(原本的nginx模块参数) --add-dynamic-module=/usr/local/src/ngx_http_geoip2_module
make
8.测试重新编译的Nginx能否使用
/usr/local/src/nginx-1.20.1/objs nginx -v
/usr/local/src/nginx-1.20.1/objs nginx -V
9.替换原来的Nginx命令
cp /usr/local/src/nginx-1.20.1/objs/nginx /usr/sbin/nginx
10.添加geoip访问策略
user nginx;
...
load_module /usr/lib64/nginx/modules/ngx_http_geoip2_module.so;
...
http {
...
geoip2 /usr/local/src/geoip2/GeoLite2-Country.mmdb {
$geoip2_country_code country iso_code;
}
map $geoip2_country_code $allowed_country {
default yes;
CN no;
}
...
}
server {
listen 80;
server_name error.xxx.com
...
if ( $allowed_country = no ) {
return 403; }
error_page 404 403 500 = https://error.xxx.com/;
...
11.复制模块至Nginx路径文件下
cp /usr/local/src/nginx-1.20.1/objs/ngx_http_geoip2_module.so /usr/lib64/nginx/modules/ngx_http_geoip2_module.so
ldd /usr/lib64/nginx/modules/ngx_http_geoip2_module.so
12.重启Nginx并点击访问看是否成功
nginx -s reload
systemctl status nginx