Generalizing GeoIP to be consumed by more services

2025-12-29 14:46:55 -06:00
parent b6785b861a
commit 0070afde5d
17 changed files with 108 additions and 60 deletions
--- a/roles/WebServer/files/conf.d/Yggdrasil/aaa_default.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/aaa_default.conf
@@ -1,5 +1,6 @@
 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name default_server;

    include conf/sec.conf;
@@ -7,6 +8,9 @@ server {

    include conf/letsencrypt.conf;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    location / {

      rewrite ^/martialarts(\/)*(\/index.html)*$ /assets/martialarts/index.html;
@@ -65,7 +69,8 @@ server {
 }

 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name foundation.aninix.net;
    include conf/sec.conf;
    include conf/letsencrypt.conf;
--- a/roles/WebServer/files/conf.d/Yggdrasil/adhan.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/adhan.conf
@@ -1,12 +0,0 @@
-server {
-    listen      443 ssl http2;
-    server_name adhan.aninix.net;
-
-    include conf/sec.conf;
-    include conf/default.csp.conf;
-
-    location /
-    {
-        root /srv/adhan/;
-    }
-}
--- a/roles/WebServer/files/conf.d/Yggdrasil/cyberbrain.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/cyberbrain.conf
@@ -2,6 +2,9 @@ server {
    listen      443 ssl;
    server_name cyberbrain.aninix.net;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    location ^~ /admin {
        deny all;
    }
--- a/roles/WebServer/files/conf.d/Yggdrasil/graylog.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/graylog.conf
@@ -1,18 +0,0 @@
-server {
-    #listen      443 ssl http2;
-    listen      444 ssl http2;
-    server_name sharingan.aninix.net;
-
-    include conf/sec.conf;
-    # include conf/default.csp.conf;
-
-    location /
-    {
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Forwarded-Host $host;
-      proxy_set_header X-Forwarded-Server $host;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Graylog-Server-URL https://$server_name/;
-      proxy_pass       http://10.0.1.5:9000;
-    }
-}
--- a/roles/WebServer/files/conf.d/Yggdrasil/irc.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/irc.conf
@@ -1,11 +1,15 @@
 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name irc.aninix.net;

    include conf/sec.conf;
    include conf/default.csp.conf;
    include conf/letsencrypt.conf;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    location /
    {
        root /usr/share/kiwiirc;
--- a/roles/WebServer/files/conf.d/Yggdrasil/lykos-wiki.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/lykos-wiki.conf
@@ -4,6 +4,9 @@ server {

    # include conf/local.conf;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    root /usr/share/webapps/;

    client_max_body_size 5m;
--- a/roles/WebServer/files/conf.d/Yggdrasil/maat.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/maat.conf
@@ -1,11 +1,15 @@
 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name maat.aninix.net;

    include conf/sec.conf;
    include conf/default.csp.conf;
    include conf/letsencrypt.conf;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    location /
    {
      proxy_set_header Host $http_host;
--- a/roles/WebServer/files/conf.d/Yggdrasil/password.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/password.conf
@@ -1,11 +1,15 @@
 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name password.aninix.net;

    include conf/sec.conf;
    include conf/default.csp.conf;
    include conf/letsencrypt.conf;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    location / {
        root /usr/share/webapps/self-service-password/htdocs/;

--- a/roles/WebServer/files/conf.d/Yggdrasil/sharingan.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/sharingan.conf
@@ -1,6 +1,7 @@
 server {

-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name sharingan.aninix.net;

    include conf/sec.conf;
@@ -8,6 +9,10 @@ server {
    include conf/local.conf;
    include conf/letsencrypt.conf;

+    # GeoIP block
+    if ($deny) {
+        return 503;
+    }

    location /
    {
--- a/roles/WebServer/files/conf.d/Yggdrasil/singularity.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/singularity.conf
@@ -8,6 +8,9 @@ server {

    include conf.d/fastcgi.config;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    root /usr/share/webapps/tt-rss/;

    index index.php;
--- a/roles/WebServer/files/conf.d/Yggdrasil/superintendent.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/superintendent.conf
@@ -4,7 +4,7 @@ map $http_upgrade $connection_upgrade {
 }

 server {
-    #listen      443 ssl http2;
+
    listen      443 ssl;
    server_name superintendent.aninix.net;

@@ -14,9 +14,7 @@ server {
    include conf/letsencrypt.conf;

    # GeoIP block
-    if ($deny) {
-        return 503;
-    }
+    if ($deny) { return 503; }

    # Handle the location
    location /
--- a/roles/WebServer/files/conf.d/Yggdrasil/travelpawscvt.com.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/travelpawscvt.com.conf
@@ -6,6 +6,9 @@ server {
    include conf/letsencrypt.conf;
    include conf.d/fastcgi.config;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    root /opt/travelpawscvt;

    client_max_body_size 5m;
--- a/roles/WebServer/files/conf.d/Yggdrasil/yggdrasil.conf
+++ b/roles/WebServer/files/conf.d/Yggdrasil/yggdrasil.conf
@@ -1,12 +1,15 @@
 server {
-    #listen      443 ssl http2;
-    listen      443 ssl http2;
+    listen      443 ssl;
+    http2 on;
    server_name yggdrasil.aninix.net;

    include conf/sec.conf;
    include conf/letsencrypt.conf;
    # include conf/default.csp.conf;

+    # GeoIP block
+    if ($deny) { return 503; }
+
    location /
    {
      proxy_set_header Host $http_host;