apt-get update
apt-get install -y build-essential

apt-get install -y libpcre3-dev zlib1g-dev libssl-dev libxslt1-dev

add-apt-repository -y ppa:maxmind/ppa

编译安装: https://github.com/maxmind/libmaxminddb
参考原文：https://github.com/leev/ngx_http_geoip2_module

apt-get update
apt-get install -y libmaxminddb-dev mmdb-bin
apt-get install libgd-dev libgd3

cd /usr/local/src/
wget https://nginx.org/download/nginx-1.15.3.tar.gz
tar -xzvf nginx-1.15.3.tar.gz

wget https://github.com/leev/ngx_http_geoip2_module/archive/3.0.tar.gz
tar -xzvf 3.0.tar.gz

cd nginx-1.15.3
./configure --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/local/nginx --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --with-http_image_filter_module --add-module=/usr/local/src/ngx_cache_purge-2.3 --add-dynamic-module=/usr/local/src/ngx_http_geoip2_module-3.0
make && make install

apt-get install -y geoipupdate
geoipdate -v

localhost:/usr/local/src# geoipupdate -v
Using config file /etc/GeoIP.conf
Using database directory /usr/share/GeoIP
Acquired lock file lock (/usr/share/GeoIP/.geoipupdate.lock)
Performing get filename request to https://updates.maxmind.com/app/
update_getfilename?product_id=GeoLite2-Country
Not calculating MD5 sum as file does not exist: /usr/share/GeoIP/GeoLite2-Country.mmdb
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-Country/
update?db_md5=00000000000000000000000000000000
Updated /usr/share/GeoIP/GeoLite2-Country.mmdb
Performing get filename request to https://updates.maxmind.com/app/
update_getfilename?product_id=GeoLite2-City
Not calculating MD5 sum as file does not exist: /usr/share/GeoIP/GeoLite2-City.mmdb
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-City/
update?db_md5=00000000000000000000000000000000
Updated /usr/share/GeoIP/GeoLite2-City.mmdb

下载: deb https://github.com/maxmind/geoipupdate/releases
wget https://github.com/maxmind/geoipupdate/releases/download/v4.0.2/geoipupdate_4.0.2_linux_amd64.deb
dpkg -i geoipupdate_4.0.2_linux_amd64.deb
geoipdate -v

# crontab -l
30 0 * * 6 /usr/bin/geoipupdate -v | /usr/bin/logger

load_module modules/ngx_http_geoip2_module.so;

vim /usr/local/nginx/conf/nginx.conf

1. geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
2. $geoip2_data_country_code country iso_code;
3. $geoip2_data_country_name country names en;
4. }
5. geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
6. $geoip2_data_city_name city names en;
7. }
8. map $geoip2_data_country_code $allowed_country {
9. default no;
10. CN yes;
11. HK yes;
12. }

if ($allowed_country = no) {
return 403;
}

1. geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
2. $geoip2_data_country_code country iso_code;
3. $geoip2_data_country_name country names en;
4. }
5. geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
6. $geoip2_data_city_name city names en;
7. }
8. map $geoip2_data_country_code $allowed_country {
9. default yes;
10. HK no;
11. }

if ($allowed_country = no) {
return 403;
}

vim /usr/local/nginx/conf/nginx.conf

1. geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
2. $geoip2_data_country_code country iso_code;
3. $geoip2_data_country_name country names en;
4. }
5. map $geoip2_data_country_code $allowed_country {
6. default no;
7. CN yes;
8. HK yes;
9. }
10. geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
11. #州
12. $geoip2_data_continent_code continent code;
13. $geoip2_data_state_name subdivisions 0 names en;
14. $geoip2_data_state_code subdivisions 0 iso_code;
15. $geoip2_data_city_name city names en;
16. }
17. ### China 有用 省份
18. map $geoip2_data_state_code $allowed_state {
19. default no;
20. JS yes;
21. }
22. ### 城市
23. map $geoip2_data_city_name $allowed_city {
24. default no;
25. Nanjing yes;
26. }

if ($allowed_country = no) {
return 403;
}

if ($allowed_state = no) {
return 403;
}

if ($allowed_city = no) {
return 403;
}

1. vim /usr/local/nginx/conf/fastcgi_params
2. ####GEOIP2
3. ### 国家简称 CN
4. fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
5. ### 国家 China
6. fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
7. ### 州 亚洲 AS
8. fastcgi_param CONTINENT_CODE $geoip2_data_continent_code;
9. ### 省/自治州: Jiangsu
10. fastcgi_param SUBDIVISION_NAME $geoip2_data_state_name;
11. ### 省/自治州简称:JS
12. fastcgi_param SUBDIVISION_CODE $geoip2_data_state_code;
13. ### 城市名称
14. fastcgi_param CITY_NAME $geoip2_data_city_name;

vim /usr/local/nginx/conf/nginx.conf

1. geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
2. $geoip2_data_country_code country iso_code;
3. $geoip2_data_country_name country names en;
4. }
5. map $geoip2_data_country_code $allowed_country {
6. default no;
7. CN yes;
8. HK yes;
9. }
10. geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
11. #州
12. $geoip2_data_continent_code continent code;
13. $geoip2_data_state_name subdivisions 0 names en;
14. $geoip2_data_state_code subdivisions 0 iso_code;
15. $geoip2_data_city_name city names en;
16. }
17. map $geoip2_data_city_name $allowed_city {
18. default no;
19. Nanjing yes;
20. }

log_format main '$remote_addr - $remote_user [$time_local] [$geoip2_data_country_name - $geoip2_data_city_name] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';