country whitelist/blacklist
This commit is contained in:
parent
0635eb368b
commit
fe1d724c9f
|
@ -5,6 +5,6 @@ geoip2 /etc/nginx/geoip.mmdb {
|
|||
}
|
||||
|
||||
map $geoip2_data_country_code $allowed_country {
|
||||
default yes;
|
||||
%BLOCK_COUNTRY%
|
||||
default %DEFAULT%;
|
||||
%COUNTRY%
|
||||
}
|
||||
|
|
|
@ -84,8 +84,8 @@ http {
|
|||
# shared memory zone for limit_req
|
||||
%LIMIT_REQ_ZONE%
|
||||
|
||||
# list of blocked country
|
||||
%BLOCK_COUNTRY%
|
||||
# whitelist or blacklist country
|
||||
%USE_COUNTRY%
|
||||
|
||||
# list of blocked user agents
|
||||
%BLOCK_USER_AGENT%
|
||||
|
|
|
@ -23,7 +23,7 @@ server {
|
|||
%CONTENT_SECURITY_POLICY%
|
||||
%REFERRER_POLICY%
|
||||
%FEATURE_POLICY%
|
||||
%BLOCK_COUNTRY%
|
||||
%USE_COUNTRY%
|
||||
%BLOCK_USER_AGENT%
|
||||
%BLOCK_TOR_EXIT_NODE%
|
||||
%BLOCK_PROXIES%
|
||||
|
|
|
@ -42,7 +42,8 @@ FEATURE_POLICY="${FEATURE_POLICY-accelerometer 'none'; ambient-light-sensor 'non
|
|||
DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
|
||||
SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
|
||||
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
|
||||
BLOCK_COUNTRY="${BLOCK_COUNTRY-}"
|
||||
BLACKLIST_COUNTRY="${BLOCK_COUNTRY-}"
|
||||
WHITELIST_COUNTRY="${WHITELIST_COUNTRY-}"
|
||||
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
|
||||
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
||||
|
|
|
@ -56,10 +56,16 @@ if [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
|
|||
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/self-signed-ssl/key.pem -out /etc/nginx/self-signed-ssl/cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
|
||||
fi
|
||||
|
||||
# country ban
|
||||
if [ "$BLOCK_COUNTRY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_COUNTRY%" "include /etc/nginx/geoip.conf;"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%BLOCK_COUNTRY%" "$(echo $BLOCK_COUNTRY | sed 's/ / no;\\n/g') no;"
|
||||
# country ban/whitelist
|
||||
if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_COUNTRY%" "include /etc/nginx/geoip.conf;"
|
||||
if [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "no"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $WHITELIST_COUNTRY | sed 's/ / yes;\\n/g') yes;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "yes"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $BLACKLIST_COUNTRY | sed 's/ / no;\\n/g') no;"
|
||||
fi
|
||||
echo "0 0 2 * * /opt/scripts/geoip.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/geoip.mmdb" ] ; then
|
||||
echo "[*] Copying cached geoip.mmdb ..."
|
||||
|
@ -69,7 +75,7 @@ if [ "$BLOCK_COUNTRY" != "" ] ; then
|
|||
/opt/scripts/geoip.sh &
|
||||
fi
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_COUNTRY%" ""
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_COUNTRY%" ""
|
||||
fi
|
||||
|
||||
# block bad UA
|
||||
|
|
|
@ -238,10 +238,10 @@ fi
|
|||
replace_in_file "${NGINX_PREFIX}server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS"
|
||||
|
||||
# country ban
|
||||
if [ "$BLOCK_COUNTRY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_COUNTRY%" "include ${NGINX_PREFIX}geoip-server.conf;"
|
||||
if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_COUNTRY%" "include ${NGINX_PREFIX}geoip-server.conf;"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_COUNTRY%" ""
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_COUNTRY%" ""
|
||||
fi
|
||||
|
||||
# block bad UA
|
||||
|
|
Loading…
Reference in New Issue