Geolocation

GeoIP2 (HTTP)

Know where your traffic is coming from. Block it, route it, or just log it.

nginx-module-geoip2

Install

You'll need nginx from nginx.org configured first. These packages won't load on the distro nginx.

Add the Blendbyte repository if you haven't already:

Add Blendbyte repository 
sudo install -d -m 0755 /etc/apt/keyrings

curl -fsSL https://apt.blendbyte.net/nginx/blendbyte-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/blendbyte.gpg >/dev/null

echo "deb [signed-by=/etc/apt/keyrings/blendbyte.gpg] https://apt.blendbyte.net/nginx $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/blendbyte.list

sudo apt update

Then install this module:

Install nginx-module-geoip2 
$ sudo apt install nginx-module-geoip2

Most modules auto-enable on install. If yours didn't:

Enable module manually (if needed) 
$ sudo ln -s /etc/nginx/modules-available/50-mod-geoip2.conf \
  /etc/nginx/modules-enabled/
$ sudo nginx -t && sudo systemctl reload nginx
External dependency: MaxMind GeoIP2 or GeoLite2 database files (free MaxMind account required)

What it does

The GeoIP2 module reads MaxMind's binary database format and hands you geographic data as nginx variables. Country code, country name, city, continent, ASN: all of it as $geoip2_* variables, usable in access rules, upstream selection, conditional headers, logging, rate limiting, wherever. The GeoLite2 databases are free with a MaxMind account and updated weekly. Paid databases are more accurate. This is the HTTP module, for http {} and server {} blocks. If you need GeoIP2 in TCP/UDP stream proxying, you want nginx-module-stream-geoip2.

When to use it

  • Block or redirect traffic by country code in nginx access rules
  • Route users to geographically close backend servers
  • Serve localised content or different landing pages by region
  • Restrict admin panels to specific countries
  • Log geographic data alongside standard access logs

Configuration

A starting point. Adjust to taste.

nginx.conf example 
# geoip2 and map go in your http {} block; use the variables in server/location:
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
  $geoip2_country_code country iso_code;
  $geoip2_country_name country names en;
}

map $geoip2_country_code $blocked_country {
  default 0;
  XX      1;
  YY      1;
}

server {
  if ($blocked_country) {
    return 403;
  }
}

Replacing a Sury package?

This replaces libnginx-mod-http-geoip2 from the old Sury nginx repository. The package declares Replaces and Conflicts so apt handles the swap in one transaction. No manual cleanup needed.

Drop-in replacement 
# If you were using Sury, this upgrades in place:
sudo apt install nginx-module-geoip2

See the full migration guide for the complete Sury-to-Blendbyte migration steps.

Upstream project

We package this from the upstream open-source project. If it's a bug in the module itself (not in our packaging), report it upstream.

https://github.com/leev/ngx_http_geoip2_module ↗

Related modules

nginx-module-stream-geoip2
GeoIP2 (Stream)
GeoIP2 lookups, but for TCP and UDP traffic.
View module →
← All modules