How to start using GeoLite2(GeoIP) Database
Starting from version 4.5.8, Roxy-WI enables users to download and update GeoLite2 directly through the web panel.
GeoIP is MaxMind’s intelligence product, offering IP geolocation and proxy detection for various applications. These include content customization, advertising, digital rights management, compliance, fraud detection, and security.
Databases
GeoLite2 databases are free IP geolocation databases that offer comparable functionality to MaxMind’s GeoIP2 databases, though they are generally less accurate. The GeoLite2 Country, City, and ASN databases are updated weekly, every Tuesday.
IP Geolocation Usage
IP geolocation is inherently imprecise, with locations typically representing areas near population centers. Therefore, any location provided by a GeoIP database should not be used to identify a specific address or household.
Use the Accuracy Radius as an indicator of geolocation accuracy for the latitude and longitude coordinates returned by MaxMind for an IP address. The actual location of the IP address is likely to be within the area defined by this radius surrounding the provided coordinates.
MaxMind provides access to GeoLite2 databases exclusively to registered users, which means you will need to obtain a license key. All the necessary details are provided in the instructions below.
First of all, create a GeoLite2 account.
Once you have created your account, you will receive an email with further instructions:
Follow the provided link to create a password.
Upon completing the registration process, you will gain access to your personal cabinet.
To download the database, you need to get a license key. Go to the My Licence Key section:
Confirm generation of new license key y clicking Confirm:
Click Generate new license key:
The license key will be displayed on the screen. Please copy and save it, as it will not be shown again.
After this, go to Roxy-WI Admin area => Settings => Main section and specify your key as the value of the maxmind_key parameter.
To start using GeoLite2 with Roxy-WI, Create a license key and add it to your Roxy-WI settings.
Then, go to the Installation => GeoLite2 section. Select a server for uploading and the service it is running, and Roxy-WI will define if GeoLite2 is already installed on that server (indicated in the Current installation column). If it is not installed, you will see the message GeoIPLite is not installed and the Install button will become available. Check the Updating box to enable automatic GeoLite 2 updates, and then click Install.
Roxy-WI will download and convert the data from GeoIP into a format compatible with the HAProxy or NGINX service. Additionally, Roxy-WI will split a large file containing IPs into multiple smaller files, with each file corresponding to a specific country. For example, the file AD.subnets will contain all the IPs used in Andorra.
MaxMind updates the GeoLite2 databases every Tuesday, so they should be refreshed weekly. Roxy-WI can handle this for you! Simply check the Updating checkbox for automatic updates.
This is how files containing IPs for each continent can be used to create ACLs:
acl acl_AF src -f /etc/haproxy/geoip/AF.txt
acl acl_AN src -f /etc/haproxy/geoip/AN.txt
acl acl_AS src -f /etc/haproxy/geoip/AS.txt
acl acl_EU src -f /etc/haproxy/geoip/EU.txt
acl acl_NA src -f /etc/haproxy/geoip/NA.txt
acl acl_OC src -f /etc/haproxy/geoip/OC.txt
acl acl_SA src -f /etc/haproxy/geoip/SA.txt
You can either reject all connections from a specific continent (e.g., for Africa):
http-request deny if !acl_AF
or direct them to different backend servers:
use_backend bk_af if acl_AN
For a complete list of country codes, please refer to the Installation => GeoLite2 section.
Starting with Roxy-WI version 6.2.1, you can install GeoLite2 for the NGINX service on your servers. To do this, go to the Installation => GeoLite2 section, select NGINX as the service, and click Install.
Roxy-WI converts data files from the GeoLite2 format to a format compatible with NGINX and moves the GeoIP.dat file to the $nginx_dir/geoip folder. That's it! The data is now ready for NGINX to utilize.