Hi, I’ve been following the instructions at linuxserver/docker-mods at swag-maxmind (github.com) so that I can block specific countries from accessing my SWAG instance. Since it didn’t work the first time, I undid everything, confirmed that SWAG was working with no errors then followed the instructions again, to the letter - it’s still not working so I guess I’ve still done something wrong!
The relevant part of the log file is this:
25/01/2023 14:41:23
Applying the maxmind mod...
25/01/2023 14:41:23
sed: /etc/libmaxminddb.cron.conf: No such file or directory
25/01/2023 14:41:23
Applied the maxmind mod
25/01/2023 14:41:23
[custom-init] No custom files found, skipping...
25/01/2023 14:41:23
[ls.io-init] done.
25/01/2023 14:41:23
nginx: [emerg] unknown "geoip2_data_country_iso_code" variable
25/01/2023 14:41:23
2023-01-25 14:41:23,835 fail2ban.configreader [403]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
25/01/2023 14:41:24
Server ready
25/01/2023 14:41:24
nginx: [emerg] unknown "geoip2_data_country_iso_code" variable
25/01/2023 14:41:25
nginx: [emerg] unknown "geoip2_data_country_iso_code" variable
Docker-compose:
version: '3.2'
services:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- URL=myurl.com
- SUBDOMAINS=subdomain1, subdomain2
- VALIDATION=http
- DOCKER_MODS=linuxserver/mods:swag-maxmind|linuxserver/mods:swag-dashboard
- MAXMINDDB_LICENSE_KEY=MyLicenseKey
volumes:
- ${LOC_CONFIG}/swag:/config
ports:
- 443:443 # SSL access
- 80:80 # http auth
- 81:81 # SWAG dashboard
networks:
- authelia
restart: ${RESTART_POLICY}
networks:
authelia:
external: true
Relevant part of nginx.conf:
http {
# Include maxmind geolocation data
include /config/nginx/maxmind.conf;
Maxmind.conf:
map $geoip2_data_country_iso_code $geo-whitelist {
default no;
UK yes;
}
map $geoip2_data_country_iso_code $geo-blacklist {
default yes;
US no;
}
Relevant part of default.conf:
# main server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /config/www;
index index.html index.htm index.php;
server_name _;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
# enable for ldap auth
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
client_max_body_size 0;
# following 2 lines inserted to enable geo blocking
# using SWAG Maxmind geo blocking plugin
if ($lan-ip = yes) { set $geo-whitelist yes; }
if ($geo-whitelist = no) { return 404; }
}
Any help to figure out what I’m doing wrong would be much appreciated!