在 Nginx 中使用 GeoIP2 获取用户国家
[英]Getting the user country using GeoIP2 in Nginx
问题描述
I've been pulling my hair trying to get this thing to work properly, but it seems that whatever I do, the X-Country gets the value "US", since that's the country of the last IP address in the X-Forwarded-To header.
我一直在努力让这件事正常工作,但似乎无论我做什么, X-Country的值都是“US”,因为那是X-Forwarded-To中最后一个 IP 地址所在的国家/地区- X-Forwarded-To header。 This is one of Google's load balancers.这是 Google 的负载平衡器之一。
I can't seem to find many examples of this being properly configured online either, most of the source code I've found has been for GeoIP v1.我似乎也找不到很多在线正确配置的示例,我发现的大多数源代码都是针对 GeoIP v1 的。
The file /usr/share/GeoIP/GeoLite2-Country.mmdb exists and has been verified to return the correct country for the IP address that I'm testing this with.文件 /usr/share/GeoIP/GeoLite2-Country.mmdb 存在并且已经过验证,可以为我正在测试的 IP 地址返回正确的国家/地区。 The Sentry Python SDK also resolves the IP address to Sweden, based on the first IP in the header. The Sentry Python SDK also resolves the IP address to Sweden, based on the first IP in the header.
http {
...
geoip2_proxy 130.211.0.0/22;
geoip2_proxy 35.191.0.0/16;
geoip2_proxy_recursive off;
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=SE country iso_code;
auto_reload 5m;
}
...
}
server {
...
location / {
...
proxy_set_header X-Country $geoip2_data_country_code;
...
}
}
Any ideas?有任何想法吗?
If I remove all GeoIP2 configuration, this is the state of the Nginx variables:如果我删除所有 GeoIP2 配置,这是 Nginx 变量的 state :
GET /foobar HTTP/1.1
remote_addr: 130.211.0.x
http_x_forwarded_for: <my.real.ip>, 130.211.38.x
realip_remote_addr: 130.211.0.x
http_x_real_ip: -
proxy_add_x_forwarded_for: <my.real.ip>, 130.211.38.x, 130.211.0.x
It seems that no combination of set_real_ip_from , etc. will assign any variable just <my.real.ip> so that I can use it.似乎set_real_ip_from等的任何组合都不会仅分配任何变量<my.real.ip>以便我可以使用它。
EDIT: The following seems to work, but I think it's open to spoofing:编辑:以下似乎可行,但我认为它可以欺骗:
geoip2_proxy 0.0.0.0/0;
geoip2_proxy_recursive on;
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=SE country iso_code;
}
So it seems that my geoip2_proxy declarations are a problem somehow, but I'm not sure how?所以似乎我的geoip2_proxy声明在某种程度上是一个问题,但我不确定如何?
1 个解决方案
解决方案1
0 2021-04-03 17:23:44
The problem rising because 130.211.38.x does't belongs to 130.211.0.0/22 and recursive search is disabled.因为 130.211.38.x 不属于 130.211.0.0/22 并且递归搜索被禁用,所以问题出现了。 You should enable geoip2 recursive search, and add 130.211.38.x IP to geoip2_proxy directive because it actually proxies your request in chain:您应该启用 geoip2 递归搜索,并将 130.211.38.x IP 添加到 geoip2_proxy 指令,因为它实际上在链中代理您的请求:
geoip2_proxy 130.211.0.0/22;
geoip2_proxy 35.191.0.0/16;
geoip2_proxy 130.211.38.x/32;
geoip2_proxy_recursive on;
or probably expand CIDR, described in geoip2_proxy directive from 130.211.0.0/22 to 130.211.0.0/16 (entire GOOGLE-CLOUD network, as whois says):或者可能扩展 CIDR,在 geoip2_proxy 指令中描述从 130.211.0.0/22 到 130.211.0.0/16 (整个 GOOGLE-CLOUD 网络,正如 whois 所说):
geoip2_proxy 130.211.0.0/16;
geoip2_proxy 35.191.0.0/16;
geoip2_proxy_recursive on;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.