沙滩星空的博客沙滩星空的博客

   

使用Geoip+Nginx实现负载均衡

2019-09-03 分类:默认分类 阅读(1077) 评论(0)

网上最多的老掉牙的教程,较旧。官方下载链接已失效。数据库为.dat文件。最新版本为GeoIP2,数据库为.mmdb文件

安装Geoip
1.安装geoip运行库
(Debian)

apt install libgeoip-dev

CentOS

yum install geoip-devel

或源码安装:

wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz

安装完后,执行命令 geoiplookup <ip>无任何显示,可能是没有数据库。
2.APT安装数据库

apt install geoip-database

检查库是否加载成功:

root@361aafb9172b:/# ldconfig -v | grep GeoIP
ldconfig: Path `/lib/x86_64-linux-gnu' given more than once
ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once
ldconfig: /lib/x86_64-linux-gnu/ld-2.24.so is the dynamic linker, ignoring

        libGeoIP.so.1 -> libGeoIP.so.1.6.9

geoip数据库安装后,geoiplookup命令可正常使用:

geoiplookup <ip>
GeoIP Country Edition: CN, China

安装Geoip2(最新版本)

1.手动下载IP数据库(国家数据库,geoip2使用):

wget -c https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz

解压到下面路径,备用。

/usr/share/GeoIP/GeoLite2-Country_20190521/GeoLite2-Country.mmdb

2.下载ngx_http_geoip2_module模块

https://github.com/TravelEngineers/ngx_http_geoip2_module

3.安装mmdb支持库
源码安装

wget https://github.com/maxmind/libmaxminddb/releases/download/1.3.2/libmaxminddb-1.3.2.tar.gz

其他安装方式:https://github.com/maxmind/libmaxminddb
4.下载ningx源码并编译(详见下文编译Nginx部分)

wget http://nginx.org/download/nginx-VERSION.tar.gz
......
./configure --add-module=/path/to/ngx_http_geoip2_module
make
make install

编译GeoIP2模块,如未安装MaxmindDB核心库会报错

......
checking for getaddrinfo() ... found
configuring additional modules
adding module in /downloads/ngx_http_geoip2_module-master
checking for MaxmindDB library ... not found
./configure: error: the geoip2 module requires the maxminddb library.

编译Nginx
查看nginx编译参数

nginx -V

下载,解压,进入nignx源码目录

wget -c http://nginx.org/download/nginx-VERSION.tar.gz
tar xzf nginx-VERSION.tar.gz
cd nginx-VERSION

根据nginx -V得到编译参数,添加geoip编译参数。
geoip添加:--with-http_geoip_module
geoip2添加--add-module=/path/to/ngx_http_geoip2_module --add-module=后接如模块具体路径
重新编译Nginx

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.17.0/debian/debuild-base/nginx-1.17.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --with-http_geoip_module

报错:

./configure: error: C compiler cc is not found

安装gcc

apt install gcc

报错:

./configure: error: the HTTP rewrite module requires the PCRE library.

安装pcre库

apt-get install libpcre3 libpcre3-dev

编译报错:

./configure: error: SSL modules require the OpenSSL library

安装ssl库

apt-get install openssl libssl-dev

编译报错:

./configure: error: the HTTP gzip module requires the zlib library

安装zip库

apt install libzip-dev

编译报错,提示未安装GeoIp运行库:

./configure: error: the GeoIP module requires the GeoIP library.
You can either do not enable the module or install the library.

安装GeoIP库(如上面已安装,则略过)

apt install libgeoip-dev
apt install geoip-database

重新编译成功!

......
Configuration summary
  + using threads
  + using system PCRE library
  + using system OpenSSL library
  + using system zlib library

  nginx path prefix: "/etc/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/usr/lib/nginx/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/cache/nginx/client_temp"
  nginx http proxy temporary files: "/var/cache/nginx/proxy_temp"
  nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp"
  nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp"
  nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"

提示make命令不存在

bash: make: command not found
apt install make
make
make install

Nginx配置(GeoIP)

vim /etc/nginx/nginx.conf
...
http {
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    ......
    include /etc/nginx/conf.d/*.conf;
}

编辑虚拟主机文件


vim /etc/nginx/conf.d/vhost.conf
....
location /myip {
    default_type text/plain;
    return 200 "$remote_addr $geoip_country_name $geoip_country_code $geoip_city";
}
....

Nginx配置(GeoIP2)
配置国家数据库

geoip2 /usr/share/GeoIP/GeoLite2-Country_20190521/GeoLite2-Country.mmdb {
        auto_reload 5m;
        $geoip2_metadata_country_build metadata build_epoch; #变量名可以自定义
        $geoip2_country_code default=US country iso_code;
        $geoip2_country_name country names zh-CN;
    }

如果需要,可以下载并配置城市数据库

    geoip2 /usr/share/GeoIP/GeoLite2-City_20190521/GeoLite2-City.mmdb {
         $geoip2_city_name default=ShangHai city names zh-CN;
         $geoip2_continent_code continent code;
    }

 location /myip {
          default_type text/plain;
          return 200 "$remote_addr $geoip2_country_code $geoip2_continent_code";
        }

重启Nginx

浏览器访问 http://yousite.com/myip

218.85.217.2 China CN

判断如果不是中国的就返回403;

location / {
  #判断如果不是中国的就返回403;
  if ($geoip_country_code != CN) {
        return 403;
    }
}

负载均衡:

vim /etc/nginx/conf.d/vhost.conf
upstream china_http {
        server 121.40.95.86:9503 weight=1;
        server 121.40.95.87:8811 weight=2;
}

vim /etc/nginx/proxy.conf
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

server
     {
        listen 80;
        server_name test1.freephp.top;
        location / {
             if ($geoip_country_code = CN){
                proxy_pass http://china_http;
             }
              include proxy.conf
              try_files $uri $uri/ /index.php?$query_string;
         }
       ......
       location ~ \.php$ {
             if ($geoip_country_code = CN){
                proxy_pass http://china_http;
             }
              include proxy.conf
       ......
        }
      }

注:location / 和location ~ \.php$语句块内部,都要加如IP判断,才能正确使用

Geoip

nginx添加第三方模块,及启用本身支持模块 https://blog.csdn.net/cxm19881208/article/details/64441890
Nginx动态添加模块[make upgrade] https://blog.51cto.com/10956218/1977561
Debian打开文件/usr/share/GeoIP/GeoIP.dat 时出错 https://www.helplib.com/kaifa/article_9768
https://www.centos.bz/2018/04/nginx-使用-geoip-模块区分用户地区/
nginx + http_geoip_module根据IP做不同处理 https://blog.csdn.net/hukfei/article/details/82850969
GeoIP模块http://shouce.jb51.net/nginx/OptionalHTTPmodules/GeoIP.html
Nginx负载均衡模块详解 https://www.cnblogs.com/sky00747/p/8628866.html

GeoIP2

Nginx集成GeoIP2模块实现地区识别与屏蔽 https://blog.csdn.net/zgs_shmily/article/details/90551651
https://github.com/TravelEngineers/ngx_http_geoip2_module
https://github.com/maxmind/libmaxminddb

未经允许不得转载:沙滩星空的博客 » 使用Geoip+Nginx实现负载均衡
标签:nginx geoip 负载均衡

相关推荐

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址