map $http3:$http2:$server_protocol $krdsh__geo_proto { default $server_protocol; ~^[^:]+: $http3; ~^:[^:]+: $http2; } map $http_user_agent $krdsh__geo_ua { default $http_user_agent; "" ""; } map $ssl_protocol $krdsh__geo_ssl_proto { default $ssl_protocol; "" "none"; } map $ssl_alpn_protocol $krdsh__geo_ssl_alpn { default $ssl_alpn_protocol; "" "none"; } map $ssl_session_reused $krdsh__geo_ssl_reuse { default "no"; r yes; } map $ssl_early_data $krdsh__geo_ssl_early { default "no"; 1 yes; } map $uri $krdsh__geo_k { volatile; ## default is "help" default help; ~^/(.+)$ $1; } map $krdsh__geo_k $krdsh__geo_v { volatile; ## default is "help" default "usage: $host/{key}\r\nmeta keys: [help] all geo ssl version\r\nsimple keys: ip user-agent proto ssl-proto ssl-alpn ssl-reuse ssl-early country-code country-name timezone latitude longitude asn asn-org"; ip $remote_addr; user-agent $krdsh__geo_ua; proto $krdsh__geo_proto; ssl-proto $krdsh__geo_ssl_proto; ssl-alpn $krdsh__geo_ssl_alpn; ssl-reuse $krdsh__geo_ssl_reuse; ssl-early $krdsh__geo_ssl_early; country-code $geoip2_country_code; country-name $geoip2_country_name; timezone $geoip2_timezone; latitude $geoip2_latitude; longitude $geoip2_longitude; asn $geoip2_asn; asn-org $geoip2_asn_org; version "angie/$angie_version"; all "ip: $remote_addr\r\nuser-agent: $krdsh__geo_ua\r\nproto: $krdsh__geo_proto\r\nssl-proto: $krdsh__geo_ssl_proto\r\nssl-alpn: $krdsh__geo_ssl_alpn\r\nssl-reuse: $krdsh__geo_ssl_reuse\r\nssl-early: $krdsh__geo_ssl_early\r\ncountry-code: $geoip2_country_code\r\ncountry-name: $geoip2_country_name\r\ntimezone: $geoip2_timezone\r\nlatitude: $geoip2_latitude\r\nlongitude: $geoip2_longitude\r\nasn: $geoip2_asn\r\nasn-org: $geoip2_asn_org"; geo "ip: $remote_addr\r\ncountry-code: $geoip2_country_code\r\ncountry-name: $geoip2_country_name\r\ntimezone: $geoip2_timezone\r\nlatitude: $geoip2_latitude\r\nlongitude: $geoip2_longitude\r\nasn: $geoip2_asn\r\nasn-org: $geoip2_asn_org"; ssl "proto: $krdsh__geo_proto\r\nssl-proto: $krdsh__geo_ssl_proto\r\nssl-alpn: $krdsh__geo_ssl_alpn\r\nssl-reuse: $krdsh__geo_ssl_reuse\r\nssl-early: $krdsh__geo_ssl_early"; } map $uri $krdsh__geo_file { ## guess what?.. default default.zst; ~*^/asn\.(.+)$ GeoLite2-ASN.$1; ~*^/city\.(.+)$ GeoLite2-City.$1; ~*^/country\.(.+)$ GeoLite2-Country.$1; } server { server_name geo.krd.sh; include snip.d/listen-http; include snip.d/listen-https; include snip.d/ssl-krd.sh; access_log off; keepalive_timeout 0; root /var/www/empty; include snip.d/empty-favicon; location / { default_type text/plain; return 200 "$krdsh__geo_v\r\n"; } location ~*^/[^/.]+\.mmdb\.[^/.]+$ { root /usr/local/share/geoip2; try_files /$krdsh__geo_file @file_help; } location ~*^/[^/.]+\.mmdb$ { try_files /.non-existent-uri @file_help; } location @file_help { ## sync with "map $uri krdsh__geo_file" set $krdsh__geo_bases "asn city country"; ## sync with file system contents set $krdsh__geo_comps "br bz2 gz xz zst"; ## sync with two above set $krdsh__geo_example "country.mmdb.xz"; default_type text/plain; add_header X-GeoIp-Bases $krdsh__geo_bases always; add_header X-GeoIp-Comps $krdsh__geo_comps always; add_header X-GeoIp-Example $krdsh__geo_example always; return 403 "valid file names: $krdsh__geo_bases\r\nvalid trailing extensions: $krdsh__geo_comps\r\nexample: $krdsh__geo_example\r\n"; } }