Build NGINX with GeoIP2 support from source

I used GeoIP library with Nginx for quite some time, but it came to EOL. GeoIP2 is now avalible. It is great tool for blocking unwanted traffic from your webserver. This was done on Centos 7. If you don’t want to pay for getpagespeed’s payed version, than you must build this module from source.

First, you’ll need to know your curent NGINX version

[root@myserver ~]# nginx -v
nginx version: nginx/1.16.1

Then, download exact same version of NGINX from this site and unpack it. In my case:

[root@myserver ~]# wget
[root@myserver ~]# tar -xvzf nginx-1.16.1.tar.gz
[root@myserver ~]# cd nginx-1.16.1.tar.gz

Then you should download ngx_http_geoip2_module – geoip2 module for NGINX:

[root@myserver ~]# wget
[root@myserver ~]# unzip

If you don’t want to get this error: module “/etc/nginx/modules/” is not binary compatible in /etc/nginx/nginx.conf, then you should build NGINX from source with the same flags that curnet NGINX installation was build.

To get all configure elements of curent NGINX installation, type this command:

[root@myserver ~]# nginx -V

Then go to your donwloaded NGINX source, in this example – nginx-1.16.1 and build it with ngx_http_geoip2_module. Also add “–with-compat” at the end. If configure is sucessfful, make modules.

[root@myserver ~]# cd nginx-1.16.1
[root@myserver nginx-1.16.1]# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --modules-path=/usr/local/nginx/modules --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log --add-dynamic-module=../ngx_http_geoip2_module --http-log-path=/var/log/nginx/access.log --add-dynamic-module=../ngx_http_geoip2_module ... --with-compat
[root@myserver ~]# make modules

If everything went well, your geoip2 module should be inside objs directory. Copy to your NGINX modules path.

[root@myserver nginx-1.16.1]# cd objs/
[root@myserver objs]# cp /usr/lib64/nginx/modules/

Then include module inside NGINX configuration. Add sting bellow to your nginx configuration in /etc/nginx/nginx.conf – http section:

load_module modules/;

You can then donwload GeoLite2-Country and GeoLite2-City databases and include them in your NGINX http section like so:

geoip2 /usr/share/GeoIP2/GeoLite2-Country.mmdb {
auto_reload 60m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code country iso_code;
$geoip2_data_country_name country names en;
geoip2 /usr/share/GeoIP2/GeoLite2-City.mmdb {
auto_reload 60m;
$geoip2_metadata_city_build metadata build_epoch;
$geoip2_data_city_name city names en;

Create simple map. In this case all countrys are allowed except the ones defined with no:

map $geoip2_data_country_code $allowed_country {
default yes;
CN no;

Then if you want to block specific country, add this to your virtualhost:

if ($allowed_country = no) {
     return 403;

Simple test:

> $ curl -I
HTTP/2 403

Got Something To Say:

Your email address will not be published. Required fields are marked *


I accept the Privacy Policy * for Click to select the duration you give consent until.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2020
Hosted by Hosterdam

About author