diff --git a/README.md b/README.md index 4920fb7..25bf3cc 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ nginx_source_modules_included: http_perl_module: "--with-http_perl_module" naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src" ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" + geopip: "--with-http_geoip_module" ``` ##### Sites @@ -193,6 +194,11 @@ You can put Nginx under monit monitoring protection, by setting `monit_protectio ###### naxsi module - `nginx_naxsi_version` - version of the naxsi module +###### geoip module +- `nginx_geoip: 'on'` +- `nginx_geoip_country: "{{nginx_dir}}/geoip/GeoIP.dat"` +- `nginx_geoip_city: "{{nginx_dir}}/geoip/GeoLiteCity.dat"` + #### Thanks To the contributors: diff --git a/defaults/main.yml b/defaults/main.yml index 27a0b80..89e4310 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -83,6 +83,7 @@ nginx_source_modules_included: http_perl_module: "--with-http_perl_module" naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src" ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" + http_geoip_module: "--with-http_geoip_module" nginx_source_modules_excluded: - mail_pop3_module @@ -117,6 +118,10 @@ nginx_gzip_types: - image/svg+xml nginx_gzip_disable: "MSIE [1-6]\\." +# geoip_module +nginx_geoip: 'off' +nginx_geoip_country: "{{nginx_dir}}/geoip/GeoIP.dat" +nginx_geoip_city: "{{nginx_dir}}/geoip/GeoLiteCity.dat" # http_stub_status_module configuration nginx_remote_ip_var: "remote_addr" diff --git a/tasks/modules.yml b/tasks/modules.yml index 94f40d9..a48da33 100644 --- a/tasks/modules.yml +++ b/tasks/modules.yml @@ -38,3 +38,6 @@ - include: modules/ngx_pagespeed.yml when: nginx_source_modules_included.ngx_pagespeed is defined + +- include: modules/http_geoip_module.yml + when: nginx_source_modules_included.http_geoip_module is defined diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml new file mode 100644 index 0000000..618c0ab --- /dev/null +++ b/tasks/modules/http_geoip_module.yml @@ -0,0 +1,37 @@ +# file: nginx/tasks/modules/http_geoip_module.yml +# configure flag: --with-http_geoip_module + +- name: Nginx | Modules | Install GeoIp lib + apt: pkg={{ item }} state=latest + with_items: + - libgeoip1 + - libgeoip-dev + when: nginx_source_modules_included.http_geoip_module is defined + +- name: Nginx | Modules | Create directory inside nginx + file: path={{nginx_dir}}/geoip state=directory + when: nginx_source_modules_included.http_geoip_module is defined + +- name: Nginx | Modules | Download GeoIP database files + get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz dest={{nginx_dir}}/geoip/GeoIP.dat.gz + when: nginx_source_modules_included.http_geoip_module is defined + +- name: Nginx | Modules | Download GeoLiteCity database files + get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz + when: nginx_source_modules_included.http_geoip_module is defined + +- name: Nginx | Modules | Check if the GeoIP file exists + stat: path={{nginx_dir}}/geoip/GeoIP.dat + register: geoip_file + +- name: Nginx | Modules | Unarchive GeoIP files + shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat + when: not geoip_file.stat.exists + +- name: Nginx | Modules | Check if the GeoLiteCity file exists + stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat + register: geolitecity_file + +- name: Nginx | Modules | Unarchive GeoLiteCity files + shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat + when: not geolitecity_file.stat.exists diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index cc610d9..e18debc 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -74,6 +74,13 @@ http { gzip_disable "{{nginx_gzip_disable}}"; {% endif %} +{% if nginx_install_method == "source" %} +{% if nginx_geoip == 'on' %} + geoip_country {{nginx_geoip_country}}; + geoip_city {{nginx_geoip_city}}; +{% endif %} +{% endif %} + {% if nginx_buffers == 'on' %} client_body_buffer_size {{nginx_client_body_buffer_size}}; client_header_buffer_size {{nginx_client_header_buffer_size}};