map $http3:$http2:$server_protocol
    $krdsh__geo_proto
{
    default  $server_protocol;

    ~^[^:]+:   $http3;
    ~^:[^:]+:  $http2;
}

map $http_user_agent
    $krdsh__geo_ua
{
    default  $http_user_agent;

    ""  "<none>";
}

map $ssl_protocol
    $krdsh__geo_ssl_proto
{
    default  $ssl_protocol;

    ""  "none";
}

map $ssl_alpn_protocol
    $krdsh__geo_ssl_alpn
{
    default  $ssl_alpn_protocol;

    ""  "none";
}

map $ssl_session_reused
    $krdsh__geo_ssl_reuse
{
    default  "no";

    r  yes;
}

map $ssl_early_data
    $krdsh__geo_ssl_early
{
    default  "no";

    1  yes;
}

map $uri
    $krdsh__geo_k
{
    volatile;
    ## default is "help"
    default  help;

    ~^/(.+)$  $1;
}

map $krdsh__geo_k
    $krdsh__geo_v
{
    volatile;
    ## default is "help"
    default  "usage: $host/{key}\r\nmeta keys: [help] all geo ssl version\r\nsimple keys: ip user-agent proto ssl-proto ssl-alpn ssl-reuse ssl-early country-code country-name timezone latitude longitude asn asn-org";

    ip          $remote_addr;
    user-agent  $krdsh__geo_ua;

    proto      $krdsh__geo_proto;
    ssl-proto  $krdsh__geo_ssl_proto;
    ssl-alpn   $krdsh__geo_ssl_alpn;
    ssl-reuse  $krdsh__geo_ssl_reuse;
    ssl-early  $krdsh__geo_ssl_early;

    country-code  $geoip2_country_code;
    country-name  $geoip2_country_name;

    timezone   $geoip2_timezone;
    latitude   $geoip2_latitude;
    longitude  $geoip2_longitude;

    asn      $geoip2_asn;
    asn-org  $geoip2_asn_org;

    version  "angie/$angie_version";

    all  "ip: $remote_addr\r\nuser-agent: $krdsh__geo_ua\r\nproto: $krdsh__geo_proto\r\nssl-proto: $krdsh__geo_ssl_proto\r\nssl-alpn: $krdsh__geo_ssl_alpn\r\nssl-reuse: $krdsh__geo_ssl_reuse\r\nssl-early: $krdsh__geo_ssl_early\r\ncountry-code: $geoip2_country_code\r\ncountry-name: $geoip2_country_name\r\ntimezone: $geoip2_timezone\r\nlatitude: $geoip2_latitude\r\nlongitude: $geoip2_longitude\r\nasn: $geoip2_asn\r\nasn-org: $geoip2_asn_org";

    geo  "ip: $remote_addr\r\ncountry-code: $geoip2_country_code\r\ncountry-name: $geoip2_country_name\r\ntimezone: $geoip2_timezone\r\nlatitude: $geoip2_latitude\r\nlongitude: $geoip2_longitude\r\nasn: $geoip2_asn\r\nasn-org: $geoip2_asn_org";

    ssl  "proto: $krdsh__geo_proto\r\nssl-proto: $krdsh__geo_ssl_proto\r\nssl-alpn: $krdsh__geo_ssl_alpn\r\nssl-reuse: $krdsh__geo_ssl_reuse\r\nssl-early: $krdsh__geo_ssl_early";

}

map $uri
    $krdsh__geo_file
{
    ## guess what?..
    default  default.zst;

    ~*^/asn\.(.+)$      GeoLite2-ASN.$1;
    ~*^/city\.(.+)$     GeoLite2-City.$1;
    ~*^/country\.(.+)$  GeoLite2-Country.$1;
}

server {
    server_name geo.krd.sh;

    include snip.d/listen-http;
    include snip.d/listen-https;
    include snip.d/ssl-krd.sh;

    access_log off;
    keepalive_timeout 0;

    root /var/www/empty;

    include snip.d/empty-favicon;

    location / {
        default_type text/plain;
        return 200 "$krdsh__geo_v\r\n";
    }

    location ~*^/[^/.]+\.mmdb\.[^/.]+$
    {
        root /usr/local/share/geoip2;
        try_files /$krdsh__geo_file @file_help;
    }
    location ~*^/[^/.]+\.mmdb$
    {
        try_files /.non-existent-uri @file_help;
    }
    location @file_help
    {
        ## sync with "map $uri krdsh__geo_file"
        set  $krdsh__geo_bases    "asn city country";
        ## sync with file system contents
        set  $krdsh__geo_comps    "br bz2 gz xz zst";
        ## sync with two above
        set  $krdsh__geo_example  "country.mmdb.xz";

        default_type text/plain;

        add_header  X-GeoIp-Bases    $krdsh__geo_bases    always;
        add_header  X-GeoIp-Comps    $krdsh__geo_comps    always;
        add_header  X-GeoIp-Example  $krdsh__geo_example  always;

        return 403 "valid file names: $krdsh__geo_bases\r\nvalid trailing extensions: $krdsh__geo_comps\r\nexample: $krdsh__geo_example\r\n";
    }
}