GeoIP2
Overview
F5 NGINX as a Service for Azure (NGINXaaS) supports GeoIP2 using the ngx_http_geoip2_module or ngx_stream_geoip2_module dynamic modules, enabling NGINXaaS to implement various user differentiation strategies. For more information on GeoIP2 with NGINX, see NGINX GeoIP2.
NGINXaaS uses your MaxMind license to download GeoIP2 databases, puts them in the right place before NGINX starts, and updates the databases daily to reduce your operational overhead. All GeoIP2 data is deleted once you stop using GeoIP2 or delete your deployment. MaxMind provides a variety of databases, including a lower accuracy free option. NGINXaaS uses a modified form of MaxMind’s geoipupdate.
Configure
To enable GeoIP2 you update your NGINX configuration to include your MaxMind license and the relevant NGINX directives.
- Log into MaxMind and generate a GeoIP.conffile.
- Add the GeoIP.conffile to your NGINX configuration, using the exact path/etc/nginx/GeoIP.conf. TheGeoIP.confwill be validated, and must includeAccountID,LicenseKey, andEditionIDs. Other configuration options inGeoIP.confare ignored. We recommend you enable the Protected toggle button to markGeoIP.confas a protected file, which will prevent the contents from being read via any Azure client tools.
- Add the load_moduledirective - the modules are available atmodules/ngx_http_geoip2_module.soormodules/ngx_stream_geoip2_module.so.
- Add geoip2directives to your NGINX configuration as desired. TheEditionIDsfrom yourGeoIP.confare available at/usr/local/share/GeoIP
NGINXaaS for Azure currently only supports the database directory at the path/usr/local/share/GeoIP.
There are many different ways to use the geoip2 directives; For example:
load_module modules/ngx_http_geoip2_module.so;
http {
    # "GeoLite2-City" is one of the EditionIDs in /etc/nginx/GeoIP.conf
    geoip2 /usr/local/share/GeoIP/GeoLite2-City.mmdb {
        $geoip2_city_name   city names en;
    }
    server {
        listen 80;
        server_name localhost;
        location / {
            return 200 "Hello $geoip2_city_name";
        }
    }
}Monitoring
All licenses are validated with MaxMind when initially added to your deployment, but MaxMind licenses can expire or be manually revoked.
To view the status of your MaxMind license, enable monitoring for your NGINXaaS deployment and navigate to the Metrics tab. View the nginxaas.maxmind metric under the nginxaas statistics metric namespace. The nginxaas.maxmind metric reports the health of your license through the status dimension:
| Status | Description | 
|---|---|
| active | The license is valid and in use to update GeoIP2 databases. | 
| unauthorized | MaxMind returned an license error, which usually indicates an issue with the GeoIP.conf. |