Add the maxmind mod

This commit is contained in:
quietsy
2021-12-04 18:46:27 +02:00
parent d1dc6e5858
commit eb65a89eba
8 changed files with 109 additions and 69 deletions
+44 -12
View File
@@ -1,17 +1,49 @@
# Rsync - Docker mod for openssh-server
# Maxmind Docker mod for Nginx based images
This mod adds rsync to openssh-server, to be installed/updated during container start.
This mod adds the maxmind database to nginx using the license key defined in the environment variable.
In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync`
This mod downloads the `GeoLite2-City.mmdb` database under `/config/geoip2db`, the database is updated weekly.
If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2`
**This mod should not be enabled together with the swag-dbip mod.**
# Mod creation instructions
Follow these steps to enable the maxmind mod:
* Fork the repo, create a new branch based on the branch `template`.
* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done.
* Inspect the `root` folder contents. Edit, add and remove as necessary.
* Edit this readme with pertinent info, delete these instructions.
* Finally edit the `.github/workflows/BuildImage.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`.
* Ask the team to create a new branch named `<baseimagename>-<modname>`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch.
* Submit PR against the branch created by the team.
1. Acquire a maxmind license here: https://www.maxmind.com/en/geolite2/signup
2. In the container's docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-maxmind`
If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-maxmind|linuxserver/mods:swag-mod2`
3. In the container's docker arguments, set an environment variable `MAXMINDDB_LICENSE_KEY=<license-key>` with your license key.
4. Add the following line to `/config/nginx/nginx.conf` under the `http` section:
```nginx
include /config/nginx/maxmind.conf;
```
5. Edit `/config/nginx/maxmind.conf` and add countries to the blocklist / whitelist according to the comments, for example:
```nginx
map $geoip2_data_country_iso_code $geo-whitelist {
default no;
UK yes;
}
map $geoip2_data_country_iso_code $geo-blacklist {
default yes;
US no;
}
```
6. Use the definitions in the following way:
```nginx
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name some-app.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
if ($lan-ip = yes) { set $geo-whitelist yes; }
if ($geo-whitelist = no) { return 404; }
location / {
```
7. Recreate the container to apply the changes.