Geolocation

GeoIP2 (HTTP)

Know where your traffic is coming from. Route it accordingly.

nginx-module-geoip2

Install

Make sure you have the official nginx.org repository configured first. These packages require nginx from nginx.org, not the distro-bundled version.

Add the Blendbyte repository if you haven't already:

Add Blendbyte repository 
sudo install -d -m 0755 /etc/apt/keyrings

curl -fsSL https://apt.blendbyte.net/nginx/blendbyte-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/blendbyte.gpg >/dev/null

echo "deb [signed-by=/etc/apt/keyrings/blendbyte.gpg] https://apt.blendbyte.net/nginx $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/blendbyte.list

sudo apt update

Then install this module:

Install nginx-module-geoip2 
$ sudo apt install nginx-module-geoip2

Most modules auto-enable on install. If yours didn't, enable it manually:

Enable module manually (if needed) 
$ sudo ln -s /etc/nginx/modules-available/50-mod-geoip2.conf \
  /etc/nginx/modules-enabled/
$ sudo nginx -t && sudo systemctl reload nginx
External dependency: MaxMind GeoIP2 or GeoLite2 database files (free MaxMind account required)

What it does

The GeoIP2 module reads MaxMind's binary database format and exposes geographic data as nginx variables. Country code, country name, city, continent, ASN: all available as $geoip2_* variables in your nginx config. Use them in access rules, upstream selection, conditional headers, logging, or rate limiting. The MaxMind GeoLite2 databases are free with a MaxMind account and updated weekly; paid databases offer higher accuracy. This is the HTTP module. It works in http {} and server {} blocks. If you need GeoIP2 lookups in TCP/UDP stream proxying, you want nginx-module-stream-geoip2.

When to use it

  • Block or redirect traffic by country code in nginx access rules
  • Route users to geographically close backend servers
  • Serve localised content or different landing pages by region
  • Restrict admin panels to specific countries
  • Log geographic data alongside standard access logs

Configuration

A starting-point configuration. Adjust to your setup.

nginx.conf example 
# geoip2 and map go in your http {} block; use the variables in server/location:
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
  $geoip2_country_code country iso_code;
  $geoip2_country_name country names en;
}

map $geoip2_country_code $blocked_country {
  default 0;
  XX      1;
  YY      1;
}

server {
  if ($blocked_country) {
    return 403;
  }
}

Replacing a Sury package?

This module replaces libnginx-mod-http-geoip2 from the Sury nginx repository. The package declares Replaces and Conflicts so apt handles the swap automatically in one transaction.

Drop-in replacement 
# If you were using Sury, this upgrades in place:
sudo apt install nginx-module-geoip2

See the full migration guide for the complete Sury-to-Blendbyte migration steps.

Upstream project

This module is packaged from the upstream open-source project. Bug reports about module behaviour (not packaging) should go upstream.

https://github.com/leev/ngx_http_geoip2_module ↗

Related modules

nginx-module-stream-geoip2
GeoIP2 (Stream)
GeoIP2 lookups, but for TCP and UDP traffic.
View module →
← All modules