1
0
Fork 0

Add geoip2 support for nginx
ci/woodpecker/push/lint Pipeline was successful Details

This commit is contained in:
Daniele Tricoli 2023-02-06 22:05:23 +01:00
parent 4f1b54547b
commit b7706355bf
5 changed files with 35 additions and 3 deletions

View File

@ -7,3 +7,4 @@ nginx_become_user: root
nginx_default_package: nginx
nginx_root: /var/www
nginx_vhosts: []
nginx_enable_geoip2: false

View File

@ -0,0 +1,19 @@
# Ansible managed
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code source=$remote_addr country iso_code;
$geoip2_data_country_name country names en;
}
geoip2 /var/lib/GeoIP/GeoLite2-City.mmdb {
$geoip2_data_city_name city names en;
}
log_format custom '$remote_addr - $remote_user [$time_local]'
' "$request" $status $body_bytes_sent'
' "$http_referer" "$http_user_agent"'
' "$request_time" "$upstream_connect_time"'
' "$geoip2_data_country_code" "$geoip2_data_country_name"'
' "$geoip2_data_city_name"';

View File

@ -49,6 +49,16 @@
line: "\tgzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;"
notify: systemctl reload nginx
- name: add geoip2 config
ansible.builtin.copy:
src: etc/nginx/conf.d/geoip2.conf
dest: /etc/nginx/conf.d/geoip2.conf
owner: root
group: root
mode: 0640
when: nginx_enable_geoip2
notify: systemctl reload nginx
- import_tasks: create-vhosts.yml
become: "{{ nginx_become }}"

View File

@ -94,6 +94,6 @@ server {
error_page 404 /404.html;
access_log {{ nginx_root }}/{{ item.servername }}/logs/access.log;
access_log {{ nginx_root }}/{{ item.servername }}/logs/access.log{% if nginx_enable_geoip2 %} custom{% endif %};
error_log {{ nginx_root }}/{{ item.servername }}/logs/error.log;
}

View File

@ -22,6 +22,7 @@
snake_oil_cert_domains:
- example.org
- example2.org
nginx_default_package: nginx-full
nginx_vhosts:
- servername: example.org
serveralias:
@ -42,6 +43,7 @@
ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
is_reverse_proxy_site: true
proxy_pass: http://localhost:5000/
nginx_enable_geoip2: true
dehydrated_email: test@example.org
dehydrated_domains:
- example.org www.example.org
@ -104,12 +106,12 @@
# - ../roles/iptables
# - ../roles/sshd
# - ../roles/fail2ban
# - ../roles/snake_oil_cert
- ../roles/snake_oil_cert
# - ../roles/users
# - ../roles/dehydrated
# - ../roles/telegraf
- ../roles/geoipupdate
# - ../roles/nginx
- ../roles/nginx
# - ../roles/headscale
# - ../roles/admin
# - ../roles/docker