1.安装相关程序
pacman -S libmaxminddb mmdblookup nginx-mod-geoip2 nginx-mod-vts
mmdblookup --file /usr/share/GeoIP/GeoLite2-City.mmdb --ip 223.104.146.1
2.增加配置
nano -w /etc/nginx/nginx.conf
...
load_module /usr/lib/nginx/modules/ngx_http_cache_purge_module.so;
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
load_module /usr/lib/nginx/modules/ngx_http_vhost_traffic_status_module.so;
...
...
http {
##
# GeoIP
##
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_name default=unknow source=$http_x_forwarded_for country names en;
$geoip2_data_country_code default=unknow source=$http_x_forwarded_for country iso_code;
}
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
auto_reload 5m;
# 洲
$geoip2_continent_code default=unknow source=$http_x_forwarded_for continent code;
# 国家
$geoip2_country default=unknow source=$http_x_forwarded_for country names en;
$geoip2_country_code default=unknow source=$http_x_forwarded_for country iso_code;
# 省份
$geoip2_region default=unknow source=$http_x_forwarded_for subdivisions 0 names en;
$geoip2_region_code default=unknow source=$http_x_forwarded_for subdivisions 0 iso_code;
# 城市
$geoip2_city default=unknow source=$http_x_forwarded_for city names en;
# 邮编
$geoip2_postal_code default=unknow source=$http_x_forwarded_for postal code;
# 精度
$geoip2_latitude default=unknow source=$http_x_forwarded_for location latitude;
# 纬度
$geoip2_longitude default=unknow source=$http_x_forwarded_for location longitude;
# 时区
$geoip2_timezone default=unknow source=$http_x_forwarded_for location time_zone;
}
geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb {
auto_reload 5m;
$geoip2_asn default=unknow source=$http_x_forwarded_for autonomous_system_number;
$geoip2_organization default=unknow source=$http_x_forwarded_for autonomous_system_organization;
}
# 这里生成允许/拒绝列表
map $$geoip2_region_code $denied_region {
default no;
HB yes;
JS yes;
}
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_set_key $geoip2_data_country_code country::*;
...
3.配置监控的主机
vhost_traffic_status_filter_by_set_key $geoip2_data_country_code country::$server_name;
location /status {
auth_basic "View The Status";
auth_basic_user_file /etc/nginx/password;
vhost_traffic_status_display;
vhost_traffic_status_display_format html;
}
4.状态页密码保护
echo "user:" >> /etc/nginx/password
openssl passwd -apr1 >> /etc/nginx/password