Install GeoIP2 module to Nginx

Install GeoIP2 module to Nginx

add GeoIP2 module to Nginx



👣 #nginx #geoip2

This short guide is for Ubuntu but can be easily adapted to other Linux systems.

GeoIP update package

First install the geoipupdate package provided by MaxMind.

sudo add-apt-repository ppa:maxmind/ppa

sudo apt update
sudo apt install geoipupdate libmaxminddb0 libmaxminddb-dev mmdb-bin

You need to create an account on the MaxMind website which provides updated GeoIP (GeoLite2 Free version) databases. After registering on the site, you can manage licence keys under your MaxMind account.

In the /etc/GeoIP.conf file, replace the new AccountId and LicenseKey, for instance:

# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
# Used to update GeoIP databases from
# For more information about this config file, visit the docs at

# `AccountID` is from your MaxMind account.
AccountID 0000000

# `LicenseKey` is from your MaxMind account
LicenseKey 0000000000000000

# `EditionIDs` is from your MaxMind account.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country

You can also download the .conf file generated by MaxMind in the webpage, then replace the file on the server.

After that, you will be able to update the GeoIP database by running sudo geoipupdate. It’s better to add new cron job to update the database regularly.

Enable Nginx GeoIP2 module

You have the GeoIP2 database updated, now just have to install and enable the GeoIP2 module for Nginx:

sudo apt install libnginx-mod-http-geoip2

This will automatic update a 50-mod-http-geoip2.conf config file under /etc/nginx/modules-enabled/.

GeoIP2 usage in Nginx

The following example demonstrates how to restrict access to the Nginx server only from the configured contries1.

In you /etc/nginx/nginx.conf:

http {
    geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
       $geoip2_data_country_iso_code country iso_code;

    map $geoip2_data_country_iso_code $allowed_country {
       default no;
       FR yes; # France
       BE yes; # Belgium
       DE yes; # Germany
       CH yes; # Switzerland

    server {
       # Block forbidden country
       if ($allowed_country = no) {
           return 444;


The location of the .mmdb database files can vary depends on your system, e.g. /usr/share/GeoIP/ or /var/lib/GeoIP/.

Ads by Google


Frank Lin

Hey, there! This is Frank Lin (@flinhong), one of the 1.41 billion . This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.


Setup an IKEv2 server with strongSwan



Setup an IKEv2 server with strongSwan

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunnelling between networks. It is developed by Microsoft and Cisco (primarily) for mobile users, and introduced as an updated version of IKEv1 in 2005. The IKEv2 MOBIKE (Mobility and Multihoming) protocol allows the client to main secure connection despite network switches, such as when leaving a WiFi area for a mobile data area. IKEv2 works on most platforms, and natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary.


Ads by Google