Kapisi/roles/WebServer/templates/conf/geoip.conf.j2

# Load database and set variables from the database.
geoip2 /etc/nginx/conf/maxmind-geoip2.mmdb {
    auto_reload 60m;
    $geoip2_metadata_country_build metadata build_epoch;
    $geoip2_data_country_code country iso_code;
    $geoip2_data_country_name country names en;
}
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;

# Allow LAN and operational countries.
geo $lan {
    default 0;
    {{ main_subnet }}/{{ netmask }} 1;
}
map $geoip2_data_country_code $allowed_country {
    default 0;
{% for country in operational_countries %}
    {{ country }} 1;
{% endfor %}
}

# Define the deny variable such that LAN & country requests are allowed.
# Thanks to https://stackoverflow.com/a/64071860 for the example
map $lan$allowed_country $deny {
    default 0;
    00 1;
}
Adding geoip module and instituting a deny variable for vhosts to consume 2025-12-02 14:43:49 -06:00			`# Load database and set variables from the database.`
			`geoip2 /etc/nginx/conf/maxmind-geoip2.mmdb {`
			`auto_reload 60m;`
			`$geoip2_metadata_country_build metadata build_epoch;`
			`$geoip2_data_country_code country iso_code;`
			`$geoip2_data_country_name country names en;`
			`}`
			`fastcgi_param COUNTRY_CODE $geoip2_data_country_code;`
			`fastcgi_param COUNTRY_NAME $geoip2_data_country_name;`

			`# Allow LAN and operational countries.`
			`geo $lan {`
			`default 0;`
			`{{ main_subnet }}/{{ netmask }} 1;`
			`}`
			`map $geoip2_data_country_code $allowed_country {`
			`default 0;`
			`{% for country in operational_countries %}`
			`{{ country }} 1;`
			`{% endfor %}`
			`}`

			`# Define the deny variable such that LAN & country requests are allowed.`
			`# Thanks to https://stackoverflow.com/a/64071860 for the example`
			`map $lan$allowed_country $deny {`
			`default 0;`
			`00 1;`
			`}`