nginx+geoip2+docker实现禁止某个地区或国家访问

发表于 更新于 分类于 本文字数: 141 阅读时长 ≈ 1 分钟

nginx 部署网站禁止访问方式

安装docker 参考

安装nginx-geoip2 服务

1
2
docker run -d  --name nginx flftuu/nginx-geoip2:1.15.12

geoip2 配置禁止访问

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
cat nginx/default.conf

server {
    listen      443           ssl http2;
    listen [::]:443           ssl http2;

    add_header                Strict-Transport-Security "max-age=31536000" always;

    ssl_session_cache         shared:SSL:20m;
    ssl_session_timeout       10m;

    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";

    ssl_stapling              on;
    ssl_stapling_verify       on;
    resolver                  8.8.8.8 8.8.4.4;

    root /var/www/html;
    index index.php;

    if ( $geoip2_data_country_code = CN ) {
        return 403;
    }

    if ( $geoip2_data_city_name = Zhengzhou ) {
        return 403;
    }


  1. geoip2_data_country_code 设置国家代码
  2. geoip2_data_city_name 设置城市代码

geoip2更多配置参考