From 1189975161640eeac0715015721d5a793f4e1f98 Mon Sep 17 00:00:00 2001
From: Daniel Mason <daniel@m2.nz>
Date: Sun, 7 Apr 2024 10:59:01 +1200
Subject: [PATCH] Add new post

---
 content/posts/nginx_geo_block.md | 43 ++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 content/posts/nginx_geo_block.md

diff --git a/content/posts/nginx_geo_block.md b/content/posts/nginx_geo_block.md
new file mode 100644
index 0000000..d26e713
--- /dev/null
+++ b/content/posts/nginx_geo_block.md
@@ -0,0 +1,43 @@
+---
+title: "Geo Blocking countries with nginx"
+tags: ["spam", "geo block", "nginx"]
+date: "2024-04-07"
+---
+
+Quick and easy way to block entire countries using simple nginx rules.
+Note this is primarily for Ubuntu/Nginx but may work on other systems
+
+Install required fields
+```shell
+apt install -y libnginx-mod-http-geoip geoip-database
+```
+
+The GeoIP DB will be under /usr/shared/GeoIP/GeoIPv6.dat (Or GeoIP.dat for v4 only)
+We need to add this into nginx conf:
+```shell
+echo 'geoip_country /usr/share/GeoIP/GeoIP.dat;' > /etc/nginx/conf.d/geoip.conf
+```
+
+Add this block under the main "http" block in nginx.conf:
+```shell
+# /etc/nginx/nginx.conf
+map $geoip_country_code $allowed_country {
+    default yes;
+    BD no; # Country code to block - Can list mulitple
+}
+```
+
+Then we need to add a simple check in our site vhost:
+```shell
+# /etc/nginx/sites-enabled/your_site.conf
+if ($allowed_country = no) {
+    return 403;
+}
+```
+
+Quick reload and boom! Done!
+```shell
+systemctl reload nginx
+```
+
+Based off an older gist found on [Github here](https://gist.github.com/dunderrrrrr/8d3fced1f73de2d70ede38f39c88d215)