Installing and Configuring the GeoIP2 Module for Nginx on AlmaLinux 9 / RHEL 9

by ·0 Comments

GeoIP2 is a powerful module for Nginx that allows you to determine a visitor’s geographic location based on their IP address. This can be useful for access control, logging, and performance optimization. Since AlmaLinux 9/RHEL 9 doesn’t include this module by default, you’ll need to compile and install it manually.

Alternatives to Manual Compilation

  • NGINX Plus: If you’d rather skip the hassle of compiling, NGINX Plus includes built-in support for GeoIP2.
  • Third-Party Repositories: Some sources (e.g., GetPageSpeed) offer precompiled modules, but they may have compatibility or update concerns.

MaxMind Database Considerations

The open GeoLite2 database is outdated (~2019). So you may need to register and get a licence to download more recent databases

1. Checking Your Nginx Installation

First, check your current Nginx version and active modules:

nginx -V

If Nginx isn’t installed, you can set it up with:

sudo dnf install nginx -y

Verify whether the GeoIP module is already included:

nginx -V 2>&1 | grep geoip

Tip: If you’re compiling GeoIP2 separately, make sure to match its version with your current Nginx installation.

2. Installing Dependencies

Minimal Dependencies for Compilation

If you’re only compiling the GeoIP2 module dynamically (without fully recompiling Nginx):

sudo dnf install -y gcc-c++ make autoconf automake libtool

3. Installing the MaxMindDB Library

GeoIP2 depends on the libmaxminddb library. While the runtime package is available via DNF:

sudo dnf install libmaxminddb

AlmaLinux 9 doesn’t provide libmaxminddb-devel, so you may need to build it from source:

git clone https://github.com/maxmind/libmaxminddb.gitcd libmaxminddb./bootstrap./configure --disable-testsmakesudo make installsudo ldconfig

Verify the installation:

ldconfig -p | grep maxminddb

You should see /usr/lib64/libmaxminddb.so.0 listed.

4. Compiling the GeoIP2 Module for Nginx

Option A: Adding the Dynamic Module

  1. Clone the GeoIP2 module repository:
   git clone https://github.com/leev/ngx_http_geoip2_module.git
  1. Download the matching Nginx source:
   wget http://nginx.org/download/nginx-1.20.1.tar.gz   tar -xzf nginx-1.20.1.tar.gz   cd nginx-1.20.1
  1. Compile the module:
   ./configure --add-dynamic-module=../ngx_http_geoip2_module   make   sudo make install

If linker issues arise with libmaxminddb, adjust the compile flags:

./configure --with-ld-opt="-L/usr/lib64 -lmaxminddb" --add-dynamic-module=../ngx_http_geoip2_module

Option B: Full Nginx Recompilation

If you need complete compatibility with existing Nginx modules, a full recompilation may be required.

Additional Dependencies

Before rebuilding Nginx, install the necessary development libraries:

sudo dnf install -y gcc make libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed \                        epel-release perl-libwww-perl perl-LWP-Protocol-https \                        pcre pcre-devel zlib zlib-devel openssl openssl-devel \                        libxml2-devel libxslt-devel gd-devel

Then, configure the build using your required modules:

./configure --prefix=/usr/share/nginx \            --sbin-path=/usr/sbin/nginx \            --modules-path=/usr/lib64/nginx/modules \            --conf-path=/etc/nginx/nginx.conf \            --error-log-path=/var/log/nginx/error.log \            --http-log-path=/var/log/nginx/access.log \            --with-http_ssl_module \            --with-http_v2_module \            --add-dynamic-module=../ngx_http_geoip2_module

Compile and install:

makesudo make install

Ensure all required modules remain compatible with your production environment.

5. Enabling the GeoIP2 Module in Nginx

After compiling, activate GeoIP2 by loading its module at the top of /etc/nginx/nginx.conf:

load_module modules/ngx_http_geoip2_module.so;

Restart Nginx:

sudo systemctl restart nginx

6. Installing and Configuring the GeoLite2 Database

Since the GeoIP2 module doesn’t include a database, you’ll need to download one separately.

Downloading and Installing GeoLite2

  1. Create a directory for GeoIP databases:
   sudo mkdir -p /usr/share/GeoIP
  1. Download the latest database (replace YOUR_LICENSE_KEY with your MaxMind key):
   curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=YOUR_LICENSE_KEY&suffix=tar.gz" -o GeoLite2-Country.tar.gz   tar -xzvf GeoLite2-Country.tar.gz   sudo cp GeoLite2-Country_*/GeoLite2-Country.mmdb /usr/share/GeoIP/

Configuring Nginx to Use GeoIP2

geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {    $geoip2_data_country_code country iso_code;}map $geoip2_data_country_code $allowed_country {    default no;    DZ yes;}server {    listen 80;    server_name your.domain.com;    location / {        if ($allowed_country = no) {            return 403;        }    }}

Validate the config and restart:

sudo nginx -tsudo systemctl restart nginx

7. To consider

  • NGINX Plus and third-party modules may save you from recompilation.
  • GeoLite2 free database requires periodic updates for accurate geolocation.
  • Recompilation vs. dynamic module loading depends on your environment’s compatibility.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *