Using Dynamic GeoIP Module With Nginx In CentOS

Written by Santosh Prasad

This tutorial explains how to compile the GeoIP module with Nginx to block the visitors by country. This is made possible by the GeoIP database which maps users’ IP addresses to countries. Nginx must be compiled with the HttpGeoipModule to use the GeoIP database.

In this article I will provides step-by-step procedure to enable GeoIP support on your CentOS server.

Compile The GeoIP Module With Nginx

Nginx intoduced dynamic module support in v. 1.9.11. Follow the below steps to compile the GeoIP module.

1. Install and enable the EPEL and Nginx-Mainline repositories on you system.
2. Install the nginx-module-geoip using yum:

# yum install nginx-module-geoip

3. Add below line into your /etc/nginx/nginx.conf file.

load_module "modules/";

4. Type below command to check the syntax error in nginx conf file.

# nginx -t

5. If there is no error print, reload Nginx using below command.

# nginx -s reload

6. Run the below command to verify the GeoIP module:

# nginx -V
nginx version: nginx/1.13.5
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --pid-path=/var/run/ --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --with-http_geoip_module --add-module=/tmp/nginx-sticky-module-ng --add-module=/tmp/nginx_upstream_check_module

Configure Nginx To Use Geoip

Edit your /etc/nginx/nginx.conf file.

# vim /etc/nginx/nginx.conf

And place this in the http {} block, before any include lines:

    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
        default yes;
        FK no;
        FM no;
        EH no;

In above code I have configured to allows all contries, except the three countries.
Find a list of country code.

Block All Countries And Allow Only A Few

    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
        default no;
        FK yes;
        FM yes;
        EH yes;


About the author


Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment