homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disable openvpn and expose all geoip info

Browse Source
This commit is contained in:
Rik Veenboer
2024-11-24 15:52:58 +01:00
parent 788deb93a1
commit 494694f317
4 changed files with 74 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
caddy/Caddyfile
View File

@@ -6,25 +6,17 @@
} }
versions ipv4 versions ipv4
} }
<<<<<<< HEAD
#order geoip before respond
order geoip2_vars first order geoip2_vars first
# Only configure databaseDirectory and editionID when autoupdate is not desired.
geoip2 { geoip2 {
accountId {$GEO_ACCOUNT_ID} accountId {$GEO_ACCOUNT_ID}
databaseDirectory "/data/caddy/geoip/"
licenseKey {$GEO_API_KEY} licenseKey {$GEO_API_KEY}
databaseDirectory "/data/caddy/geoip/"
lockFile "/data/caddy/geoip/geoip2.lock" lockFile "/data/caddy/geoip/geoip2.lock"
editionID "GeoLite2-City" editionID "GeoLite2-City"
updateUrl "https://updates.maxmind.com" updateUrl "https://updates.maxmind.com"
updateFrequency 86400 # in seconds updateFrequency 86400 # in seconds
} }
=======
order geo_ip first
>>>>>>> e0b5673 (experiment with geoip in caddy)
} }
rik.veenboer.xyz \ rik.veenboer.xyz \
@@ -131,6 +123,7 @@ ha.rik.veenboer.xyz {
log { log {
output file /var/log/ha.log output file /var/log/ha.log
} }
route { route {
@app <<CEL @app <<CEL
header({'X-Requested-With': 'io.homeassistant.companion.android'}) || header({'X-Requested-With': 'io.homeassistant.companion.android'}) ||
@@ -158,54 +151,77 @@ geo.rik.veenboer.xyz {
output file /var/log/geo.log output file /var/log/geo.log
} }
<<<<<<< HEAD geoip2_vars wild
geoip2_vars strict
# strict: Alway ignore 'X-Forwarded-For' header # strict: Alway ignore 'X-Forwarded-For' header
# wild: Trust 'X-Forwarded-For' header if existed # wild: Trust 'X-Forwarded-For' header_up if existed
# trusted_proxies: Trust 'X-Forwarded-For' header if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies) # trusted_proxies: Trust 'X-Forwarded-For' header_up if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
# default: trusted_proxies # default: trusted_proxies
# Add country and state code to the header # Respond to anyone in NL
header geoip-country "{geoip2.country_code}" @geofilter expression ({geoip2.country_code} == "NL")
header geoip-subdivision "{geoip2.subdivisions_1_iso_code}"
# Respond to anyone in the US and Canada, but not from Ohio
@geofilter expression ({geoip2.country_code} != "US" || {geoip2.country_code} == "NL") && {geoip2.subdivisions_1_iso_code} != "OH"
respond @geofilter "hello local:
geoip2.country_code:{geoip2.country_code}
geoip2.country_name:{geoip2.country_name}
geoip2.city_geoname_id:{geoip2.city_geoname_id}
geoip2.city_name:{geoip2.city_name}
geoip2.location_latitude:{geoip2.location_latitude}
geoip2.location_longitude:{geoip2.location_longitude}
geoip2.location_time_zone:{geoip2.location_time_zone}"
=======
geo_ip {
db_path /data/caddy/GeoLite2-Country.mmdb
}
@local {
maxmind_geolocation {
db_path /data/caddy/GeoLite2-Country.mmdb
allow_countries IT FR
}
}
route {
header X-GeoIP-Country-Code {geoip.country_code}
header X-GeoIP-Country-Name {geoip.country_name}
header X-GeoIP-Region {geoip.region_name}
header X-GeoIP-City {geoip.city_name}
header X-GeoIP-Latitude {geoip.latitude}
header X-GeoIP-Longitude {geoip.longitude}
header X-GeoIP-Postal-Code {geoip.postal_code}
header X-GeoIP-Timezone {geoip.time_zone}
route @geofilter {
reverse_proxy host:12345 { reverse_proxy host:12345 {
header_up X-Test "{geoip_country_name}" header_up X-Real-IP {remote_host}
header_down X-Client-IP "{remote_host}" header_up X-Geo-Ip-Address "{geoip2.ip_address}"
header_up X-Geo-Country-Code "{geoip2.country_code}"
header_up X-Geo-Country-Name "{geoip2.country_name}"
header_up X-Geo-Country-Eu "{geoip2.country_eu}"
header_up X-Geo-Country-Locales "{geoip2.country_locales}"
header_up X-Geo-Country-Confidence "{geoip2.country_confidence}"
header_up X-Geo-Country-Names "{geoip2.country_names}"
header_up X-Geo-Country-Geoname-Id "{geoip2.country_geoname_id}"
header_up X-Geo-Continent-Code "{geoip2.continent_code}"
header_up X-Geo-Continent-Locales "{geoip2.continent_locales}"
header_up X-Geo-Continent-Names "{geoip2.continent_names}"
header_up X-Geo-Continent-Geoname-Id "{geoip2.continent_geoname_id}"
header_up X-Geo-Continent-Name "{geoip2.continent_name}"
header_up X-Geo-City-Confidence "{geoip2.city_confidence}"
header_up X-Geo-City-Locales "{geoip2.city_locales}"
header_up X-Geo-City-Names "{geoip2.city_names}"
header_up X-Geo-City-Geoname-Id "{geoip2.city_geoname_id}"
header_up X-Geo-City-Name "{geoip2.city_name}"
header_up X-Geo-Location-Latitude "{geoip2.location_latitude}"
header_up X-Geo-Location-Longitude "{geoip2.location_longitude}"
header_up X-Geo-Location-Time-Zone "{geoip2.location_time_zone}"
header_up X-Geo-Location-Accuracy-Radius "{geoip2.location_accuracy_radius}"
header_up X-Geo-Location-Average-Income "{geoip2.location_average_income}"
header_up X-Geo-Location-Metro-Code "{geoip2.location_metro_code}"
header_up X-Geo-Location-Population-Density "{geoip2.location_population_density}"
header_up X-Geo-Postal-Code "{geoip2.postal_code}"
header_up X-Geo-Postal-Confidence "{geoip2.postal_confidence}"
header_up X-Geo-Registeredcountry-Geoname-Id "{geoip2.registeredcountry_geoname_id}"
header_up X-Geo-Registeredcountry-Is-In-European-Union "{geoip2.registeredcountry_is_in_european_union}"
header_up X-Geo-Registeredcountry-Iso-Code "{geoip2.registeredcountry_iso_code}"
header_up X-Geo-Registeredcountry-Names "{geoip2.registeredcountry_names}"
header_up X-Geo-Registeredcountry-Name "{geoip2.registeredcountry_name}"
header_up X-Geo-RepresentedCountry-Geoname-Id "{geoip2.representedcountry_geoname_id}"
header_up X-Geo-RepresentedCountry-Is-In-European-Union "{geoip2.representedcountry_is_in_european_union}"
header_up X-Geo-RepresentedCountry-Iso-Code "{geoip2.representedcountry_iso_code}"
header_up X-Geo-RepresentedCountry-Names "{geoip2.representedcountry_names}"
header_up X-Geo-RepresentedCountry-Locales "{geoip2.representedcountry_locales}"
header_up X-Geo-RepresentedCountry-Confidence "{geoip2.representedcountry_confidence}"
header_up X-Geo-RepresentedCountry-Type "{geoip2.representedcountry_type}"
header_up X-Geo-RepresentedCountry-Name "{geoip2.representedcountry_name}"
header_up X-Geo-Traits-Is-Anonymous-Proxy "{geoip2.traits_is_anonymous_proxy}"
header_up X-Geo-Traits-Is-Anonymous-Vpn "{geoip2.traits_is_anonymous_vpn}"
header_up X-Geo-Traits-Is-Satellite-Provider "{geoip2.traits_is_satellite_provider}"
header_up X-Geo-Traits-Autonomous-System-Number "{geoip2.traits_autonomous_system_number}"
header_up X-Geo-Traits-Autonomous-System-Organization "{geoip2.traits_autonomous_system_organization}"
header_up X-Geo-Traits-Connection-Type "{geoip2.traits_connection_type}"
header_up X-Geo-Traits-Domain "{geoip2.traits_domain}"
header_up X-Geo-Traits-Is-Hosting-Provider "{geoip2.traits_is_hosting_provider}"
header_up X-Geo-Traits-Is-Legitimate-Proxy "{geoip2.traits_is_legitimate_proxy}"
header_up X-Geo-Traits-Is-Public-Proxy "{geoip2.traits_is_public_proxy}"
header_up X-Geo-Traits-Is-Residential-Proxy "{geoip2.traits_is_residential_proxy}"
header_up X-Geo-Traits-Is-Tor-Exit-Node "{geoip2.traits_is_tor_exit_node}"
header_up X-Geo-Traits-Isp "{geoip2.traits_isp}"
header_up X-Geo-Traits-Mobile-Country-Code "{geoip2.traits_mobile_country_code}"
header_up X-Geo-Traits-Mobile-Network-Code "{geoip2.traits_mobile_network_code}"
header_up X-Geo-Traits-Network "{geoip2.traits_network}"
header_up X-Geo-Traits-Organization "{geoip2.traits_organization}"
header_up X-Geo-Traits-User-Type "{geoip2.traits_user_type}"
header_up X-Geo-Traits-User-Count "{geoip2.traits_userCount}"
header_up X-Geo-Traits-Static-Ip-Score "{geoip2.traits_static_ip_score}"
} }
} }
>>>>>>> e0b5673 (experiment with geoip in caddy)
}

7
caddy/Dockerfile
View File

@@ -3,16 +3,13 @@ FROM caddy:2.9-builder AS builder
RUN xcaddy build \ RUN xcaddy build \
--with github.com/caddy-dns/route53 \ --with github.com/caddy-dns/route53 \
--with github.com/mholt/caddy-dynamicdns \ --with github.com/mholt/caddy-dynamicdns \
<<<<<<< HEAD
--with github.com/zhangjiayin/caddy-geoip2 --with github.com/zhangjiayin/caddy-geoip2
#--with github.com/shift72/caddy-geo-ip \ #--with github.com/shift72/caddy-geo-ip \
#--with github.com/aablinov/caddy-geoip \ #--with github.com/aablinov/caddy-geoip \
#--with github.com/porech/caddy-maxmind-geolocation #--with github.com/porech/caddy-maxmind-geolocation
=======
--with github.com/shift72/caddy-geo-ip \
--with github.com/porech/caddy-maxmind-geolocation
>>>>>>> e0b5673 (experiment with geoip in caddy)
FROM caddy:2.9-alpine FROM caddy:2.9-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy COPY --from=builder /usr/bin/caddy /usr/bin/caddy

6
docker-compose.caddy.yml
View File

@@ -12,11 +12,9 @@ services:
- GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?} - GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?}
- GEO_API_KEY=${MAXMIND_API_KEY:?} - GEO_API_KEY=${MAXMIND_API_KEY:?}
image: caddy image: caddy
# links: links:
# - nginx - nginx
network_mode: host
ports: ports:
# - 444:443
- 443:443 - 443:443
restart: unless-stopped restart: unless-stopped
volumes: volumes:

2
docker-compose.yml
View File

@@ -28,7 +28,7 @@ include:
# Networking # Networking
- docker-compose.surfshark.yml - docker-compose.surfshark.yml
- docker-compose.openvpn-server.yml #- docker-compose.openvpn-server.yml
- docker-compose.dns-ad-blocker.yml - docker-compose.dns-ad-blocker.yml
# Backup # Backup