nginx+geoip2+docker实现禁止某个地区或国家访问

nginx 部署网站禁止访问方式

安装docker 参考

安装nginx-geoip2 服务

1
docker run -d --name nginx flftuu/nginx-geoip2:1.15.12

geoip2 配置禁止访问

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
cat nginx/default.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
root /var/www/html;
index index.php;
if ( $geoip2_data_country_code = CN ) {
return 403;
}
if ( $geoip2_data_city_name = Zhengzhou ) {
return 403;
}
  1. geoip2_data_country_code 设置国家代码
  2. geoip2_data_city_name 设置城市代码

geoip2更多配置参考