experiment with geoip

caddy/Caddyfile

@@ -6,6 +6,21 @@
 		}
 		versions ipv4
 	}
+	#order geoip before respond
+
+
+	order geoip2_vars first
+
+	# Only configure databaseDirectory and editionID when autoupdate is not desired.
+	geoip2 {
+		accountId {$GEO_ACCOUNT_ID}
+		databaseDirectory "/data/caddy/geoip/"
+		licenseKey {$GEO_API_KEY}
+		lockFile "/data/caddy/geoip/geoip2.lock"
+		editionID "GeoLite2-City"
+		updateUrl "https://updates.maxmind.com"
+		updateFrequency 86400 # in seconds
+	}
 }
 
 rik.veenboer.xyz \
@@ -31,9 +46,7 @@ rik.veenboer.xyz \
 
 (unprotected) {
 	{args[0]}.rik.veenboer.xyz {
-		route {
-			reverse_proxy {args[1]}
-		}
+		reverse_proxy {args[1]}
 	}
 }
 
@@ -70,7 +83,6 @@ import unprotected jellyseerr host:15055
 			X-Custom-User
 			X-Custom-Password
 			X-User-Header
-			X-Homeassistant-User
 			X-Seafile-User
 		}
 	}
@@ -78,10 +90,8 @@ import unprotected jellyseerr host:15055
 
 (protected) {
 	{args[0]}.rik.veenboer.xyz {
-		route {
-			import authentik
-			reverse_proxy {args[1]}
-		}
+		import authentik
+		reverse_proxy {args[1]}
 	}
 }
 
@@ -94,9 +104,7 @@ import protected esp host:6052
 import protected dsmr host:8888
 
 insecure.rik.veenboer.xyz {
-	route {
-		reverse_proxy host:12345
-	}
+	reverse_proxy host:12345
 }
 
 unused.rik.veenboer.xyz {
@@ -141,3 +149,31 @@ ha.rik.veenboer.xyz {
 		}
 	}
 }
+
+geo.rik.veenboer.xyz {
+	log {
+		output file /var/log/geo.log
+	}
+
+	geoip2_vars strict
+	# strict: Alway ignore 'X-Forwarded-For' header
+	# wild:   Trust 'X-Forwarded-For' header if existed
+	# trusted_proxies: Trust 'X-Forwarded-For' header if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
+	# default: trusted_proxies
+
+	# Add country and state code to the header
+	header geoip-country "{geoip2.country_code}"
+	header geoip-subdivision "{geoip2.subdivisions_1_iso_code}"
+
+	# Respond to anyone in the US and Canada, but not from Ohio
+	@geofilter expression ({geoip2.country_code} != "US" || {geoip2.country_code} == "NL") && {geoip2.subdivisions_1_iso_code} != "OH"
+
+	respond @geofilter "hello local:
+    geoip2.country_code:{geoip2.country_code}
+    geoip2.country_name:{geoip2.country_name}
+    geoip2.city_geoname_id:{geoip2.city_geoname_id}
+    geoip2.city_name:{geoip2.city_name}
+    geoip2.location_latitude:{geoip2.location_latitude}
+    geoip2.location_longitude:{geoip2.location_longitude}
+    geoip2.location_time_zone:{geoip2.location_time_zone}"
+}

caddy/Dockerfile

@@ -2,9 +2,12 @@ FROM caddy:2.9-builder AS builder
 
 RUN xcaddy build \
     --with github.com/caddy-dns/route53 \
-    --with github.com/mholt/caddy-dynamicdns
-
-FROM caddy:2.7-alpine
+    --with github.com/mholt/caddy-dynamicdns \
+    --with github.com/zhangjiayin/caddy-geoip2
+    #--with github.com/shift72/caddy-geo-ip \
+    #--with github.com/aablinov/caddy-geoip \
+    #--with github.com/porech/caddy-maxmind-geolocation
+FROM caddy:2.9-alpine
 
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 

docker-compose.caddy.yml

@@ -9,11 +9,15 @@ services:
         - AWS_REGION=eu-west-1
         - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
         - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
+        - GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?}
+        - GEO_API_KEY=${MAXMIND_API_KEY:?}
         image: caddy
-        links:
-        - nginx
+        # links:
+        # - nginx
+        network_mode: host
         ports:
-        - 444:443
+        # - 444:443
+        - 443:443
         restart: unless-stopped
         volumes:
         - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile