Web Notes
2022.03.01
Install Nextcloud with PlanetScale cloud database
Notes of Nextcloud installation on Ubuntu server with Nginx web server and PlanetScale cloud database.
This short guide is for Ubuntu but can be easily adapted to other Linux systems.
GeoIP update package
First install the geoipupdate package provided by MaxMind.
sudo add-apt-repository ppa:maxmind/ppa
sudo apt update
sudo apt install geoipupdate libmaxminddb0 libmaxminddb-dev mmdb-bin
You need to create an account on the MaxMind website which provides updated GeoIP (GeoLite2 Free version) databases. After registering on the site, you can manage licence keys under your MaxMind account.
In the /etc/GeoIP.conf file, replace the new AccountId and LicenseKey, for instance:
# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
# Used to update GeoIP databases from https://www.maxmind.com.
# For more information about this config file, visit the docs at
# https://dev.maxmind.com/geoip/updating-databases?lang=en.
# `AccountID` is from your MaxMind account.
AccountID 0000000
# `LicenseKey` is from your MaxMind account
LicenseKey 0000000000000000
# `EditionIDs` is from your MaxMind account.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
You can also download the .conf file generated by MaxMind in the webpage, then replace the file on the server.
After that, you will be able to update the GeoIP database by running sudo geoipupdate. It’s better to add new cron job to update the database regularly.
Enable Nginx GeoIP2 module
You have the GeoIP2 database updated, now just have to install and enable the GeoIP2 module for Nginx:
sudo apt install libnginx-mod-http-geoip2
This will automatic update a 50-mod-http-geoip2.conf config file under /etc/nginx/modules-enabled/.
GeoIP2 usage in Nginx
The following example demonstrates how to restrict access to the Nginx server only from the configured contries1.
In you /etc/nginx/nginx.conf:
http {
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
$geoip2_data_country_iso_code country iso_code;
}
map $geoip2_data_country_iso_code $allowed_country {
default no;
FR yes; # France
BE yes; # Belgium
DE yes; # Germany
CH yes; # Switzerland
}
server {
# Block forbidden country
if ($allowed_country = no) {
return 444;
}
[...]
}
}
The location of the .mmdb database files can vary depends on your system, e.g. /usr/share/GeoIP/ or /var/lib/GeoIP/.
THE END
Ads by Google
林宏
Frank Lin
Hey, there! This is Frank Lin (@flinhong), one of the 1.41 billion . This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.
YOU MAY ALSO LIKE
Tutorials
2020.01.09
Setup an IKEv2 server with strongSwan
IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunnelling between networks. It is developed by Microsoft and Cisco (primarily) for mobile users, and introduced as an updated version of IKEv1 in 2005. The IKEv2 MOBIKE (Mobility and Multihoming) protocol allows the client to main secure connection despite network switches, such as when leaving a WiFi area for a mobile data area. IKEv2 works on most platforms, and natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary.
Linux Notes
2019.11.26
A managed AdBock powered by AdGuard Home with DoH & DoT enabled
AdGuard Home supports all modern DNS encryption protocols, which enable us to setup a secure DNS server with custom AdBlock filters.