安裝 nginx-module-geoip:
$ cat geoip-nginx.yml
---
- name: install geoip packages
apt: name={{ item }} update_cache=yes state=latest
with_items:
- nginx-module-geoip
when: install_package is defined and install_package
- name: check maxmind db - http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
command: bash -c 'test -e /data/GeoIP.dat || curl http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz | gunzip - > /data/GeoIP.dat'
- name: check maxmind db - http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
command: bash -c 'test -e /data/GeoLiteCity.dat || curl http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | gunzip - > /data/GeoLiteCity.dat'
設定 nginx.conf:
$ cat server-deploy.yml
...
tasks:
...
- include: geoip-nginx.yml
- name: setup nginx config file - add modules/ngx_http_geoip_module.so
lineinfile:
dest: /etc/nginx/nginx.conf
insertbefore: '^user '
line: 'load_module "modules/ngx_http_geoip_module.so";'
- name: setup nginx config file - setup geoip resource path
lineinfile:
dest: /etc/nginx/nginx.conf
insertafter: '^http {'
line: ' geoip_country /data/GeoIP.dat; geoip_proxy 192.168.0.0/16; geoip_proxy 10.0.0.0/24; geoip_proxy_recursive on;'
#line: ' geoip_city /data/GeoLiteCity.dat;'
- name: setup nginx file to enable geoip - update log format
lineinfile:
dest: /etc/nginx/nginx.conf
regexp: ".*?http_user_agent.*?http_x_forwarded_for"
line: " '\"$http_user_agent\" \"$http_x_forwarded_for\"' $geoip_country_code \"$geoip_country_name\" ;"
- name: setup nginx file to enable geoip - add GEOIP_COUNTRY_CODE for FastCGI
lineinfile:
dest: /etc/nginx/fastcgi_params
insertbefore: "^fastcgi_param QUERY_STRING"
line: "fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;"
如此一來,產生的 nginx.conf 如下:
$ cat /etc/nginx/nginx.conf && sudo nginx -t
load_module "modules/ngx_http_geoip_module.so";
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
geoip_country /data/GeoIP.dat; geoip_proxy 192.168.0.0/16; geoip_proxy 10.0.0.0/24; geoip_proxy_recursive on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' $geoip_country_code "$geoip_country_name" ;
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
查看 /var/log/nginx/access.log 就可以看到類似的範例:
.... CN,CHN,"China"
.... US,USA,"United States"
更多變數定義,請參考:http://nginx.org/en/docs/http/ngx_http_geoip_module.html