Geolocation

GeoIP2 (Stream)

GeoIP2 lookups, but for TCP and UDP traffic.

nginx-module-stream-geoip2

Install

Make sure you have the official nginx.org repository configured first. These packages require nginx from nginx.org, not the distro-bundled version.

Add the Blendbyte repository if you haven't already:

Add Blendbyte repository 
sudo install -d -m 0755 /etc/apt/keyrings

curl -fsSL https://apt.blendbyte.net/nginx/blendbyte-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/blendbyte.gpg >/dev/null

echo "deb [signed-by=/etc/apt/keyrings/blendbyte.gpg] https://apt.blendbyte.net/nginx $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/blendbyte.list

sudo apt update

Then install this module:

Install nginx-module-stream-geoip2 
$ sudo apt install nginx-module-stream-geoip2

Most modules auto-enable on install. If yours didn't, enable it manually:

Enable module manually (if needed) 
$ sudo ln -s /etc/nginx/modules-available/50-mod-stream-geoip2.conf \
  /etc/nginx/modules-enabled/
$ sudo nginx -t && sudo systemctl reload nginx
External dependency: MaxMind GeoIP2 or GeoLite2 database files (free MaxMind account required)

What it does

This is the stream {} counterpart to nginx-module-geoip2. It enables MaxMind GeoIP2 database lookups within nginx's stream module, which handles raw TCP and UDP proxying. If you're using nginx as a TCP load balancer, SNI-based router, or proxy for non-HTTP protocols (databases, mail, game servers, VPNs), this gives you geographic variables in the stream context. The configuration mirrors the HTTP module: load databases, define variables, use them in stream {} blocks. If your nginx only does HTTP, you don't need this one.

When to use it

  • Route TCP connections to geographically close backends
  • Restrict access to database proxy endpoints by geography
  • Log geographic data for non-HTTP traffic
  • Geographic-based decisions for TCP load balancing

Configuration

A starting-point configuration. Adjust to your setup.

nginx.conf example 
stream {
  geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
    $geoip2_country_code country iso_code;
  }

  map $geoip2_country_code $backend {
    default backend_us;
    DE      backend_eu;
    FR      backend_eu;
  }

  upstream backend_us { server 10.0.1.1:5432; }
  upstream backend_eu { server 10.0.2.1:5432; }

  server {
    listen     5432;
    proxy_pass $backend;
  }
}

Replacing a Sury package?

This module replaces libnginx-mod-stream-geoip2 from the Sury nginx repository. The package declares Replaces and Conflicts so apt handles the swap automatically in one transaction.

Drop-in replacement 
# If you were using Sury, this upgrades in place:
sudo apt install nginx-module-stream-geoip2

See the full migration guide for the complete Sury-to-Blendbyte migration steps.

Upstream project

This module is packaged from the upstream open-source project. Bug reports about module behaviour (not packaging) should go upstream.

https://github.com/leev/ngx_http_geoip2_module ↗

Related modules

nginx-module-geoip2
GeoIP2 (HTTP)
Know where your traffic is coming from. Route it accordingly.
View module →
← All modules