{geoip.country_code} not in respond message

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

On a dedicated Linux VM
As a gate from internet to 3 servers (4 services), with reverse proxy
Also a filter on some countries with caddy-maxmind-geolocation

a. System environment:

ubuntu 20.04
systemd

b. Command:

Paste command here.
 sudo systemctl enable --now caddy

c. Service/unit/compose file:

nothing more?

d. My complete Caddy config:

# Caddyfile
# 13/12/2022
#
(check_countries) {
	@in_countries {
		maxmind_geolocation {
			db_path "/usr/share/GeoIP/GeoLite2-Country.mmdb"
			allow_countries FR PT ES DK SE NL AT BE DE LU IE IT
		}
	}
}
(respond_out) {
	respond "*** Sorry, page not available in this country \{geoip.country_code\} {ip} !!!***"
}
hestia.bris.fr {
	import check_countries
	handle @in_countries {
		reverse_proxy http://hestia.lan.bris.fr:8080
	}
	handle {
		respond "!!!*** Sorry, page not available in this country \{geoip.country_code\} ***"
	}
}
crios.bris.fr {
	import check_countries
	handle @in_countries {
		reverse_proxy http://crios.lan.bris.fr:5000
	}
	handle {
		import respond_out
	}
}
atelier.bris.fr {
	import check_countries
	handle @in_countries {
		reverse_proxy http://atelier.lan.bris.fr:80
	}
	handle {
		import respond_out
	}
}
acros.i234.me {
	import check_countries
	handle @in_countries {
		reverse_proxy http://crios.lan.bris.fr:7000
	}
	handle {
		import respond_out
	}
}

3. The problem I’m having:

I’m not able to add the geoip.country_code in the respond message

There is no country code for internal ip (I use a DNS to be able to use the domain names locally) and so I’m always in a wrong country from a local access

4. Error messages and/or full log output:

!!!*** Sorry, page not available in this country {geoip.country_code} ***
Dec 13 21:18:05 cerberus caddy[6442]: {"level":"debug","ts":1670962685.1557794,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"192.168.9.1:60421","country":"","subdivisions":"","metro_code":0}
Dec 13 21:18:05 cerberus caddy[6442]: {"level":"debug","ts":1670962685.1562896,"logger":"http.matchers.maxmind_geolocation","msg":"Country not allowed","country":""}
Dec 13 21:18:05 cerberus caddy[6442]: {"level":"debug","ts":1670962685.2031455,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"192.168.9.1:60421","country":"","subdivisions":"","metro_code":0}
Dec 13 21:18:05 cerberus caddy[6442]: {"level":"debug","ts":1670962685.2036147,"logger":"http.matchers.maxmind_geolocation","msg":"Country not allowed","country":""}
Dec 13 21:18:05 cerberus caddy[6442]: {"level":"debug","ts":1670962685.4172792,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"80.12.102.168:39352","country":"FR","subdivisions":"","metro_code":0}
Dec 13 21:18:05 cerberus caddy[6442]: {"level":"debug","ts":1670962685.4177828,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"hestia.lan.bris.fr:8080","total_upstreams":1}

5. What I already tried:

I’ve tried to change {} with @ and { } with no success and \{ \}
Also put the {geoip.country_code} directly in the ‘respond’ message
Also tried to show ip

6. Links to relevant resources:

Perhaps the last post says it’s not possible, but I’m not sure to understadn everything

I don’t think that plugin actually sets up placeholders in the replacer.

You’re using GitHub - porech/caddy-maxmind-geolocation: Caddy v2 module to filter requests based on source IP geolocation, right?

You should open an issue on the plugin’s github repo to request the feature.

Thanks for your reply
For the {geoip.country_code} I added another pluging {geoip.country_code}

}
(respond_out) {
        geo_ip {
                db_path "/usr/share/GeoIP/GeoLite2-Country.mmdb"
                trust_header X-Real-IP
        }
        respond "*** Sorry, page not available in {geoip.country_code} ({http.request.remote.host>
}

For the absence of country code for internal ip, I’ve added a matcher

 @is_local remote_ip 192.168.9.0/24

Now I have 2 conditions, so I need an “or” with both like:

@in_countries or @is_local 

and I don’t know how to do, except repeating the reverse_proxy line

atelier.bris.fr {
        import check_countries
        handle @in_countries {
                reverse_proxy http://atelier.lan.bris.fr:80
        }
        handle @is_local {
                reverse_proxy http://atelier.lan.bris.fr:80
        }
        handle {
                import respond_out
        }
}

Could you advise on this point please ?

I did it like this with a snippet (handle_reverse_proxy)

# Caddyfile
# 15/12/2022
#
{
	#       debug
	order geo_ip first
}

(check_countries) {
	@is_local remote_ip 192.168.9.0/24
	@in_countries {
		maxmind_geolocation {
			db_path "/usr/share/GeoIP/GeoLite2-Country.mmdb"
			allow_countries FR PT DK SE NL AT BE DE LU IE IT
		}
	}
}

(respond_out) {
	geo_ip {
		db_path "/usr/share/GeoIP/GeoLite2-Country.mmdb"
		trust_header X-Real-IP
	}
	respond "*** Sorry, page not available in {geoip.country_code} ({http.request.remote.host}) !!!***"
}

(handle_reverse_proxy) {
	import check_countries
	handle @in_countries {
		reverse_proxy {args.0}
	}
	handle @is_local {
		reverse_proxy {args.0}
	}
	handle {
		import respond_out
	}
}

hestia.bris.fr {
	import handle_reverse_proxy "http://hestia.lan.bris.fr:8080"
}

crios.bris.fr {
	import handle_reverse_proxy "http://crios.lan.bris.fr:5000"
}

www.atelier.bris.fr {
	redir https://atelier.bris.fr{uri}
}

atelier.bris.fr {
	import handle_reverse_proxy "http://atelier.lan.bris.fr:80"
}

acros.i234.me {
	import handle_reverse_proxy "http://crios.lan.bris.fr:7000"
}

Is this correct?
The right way to do it?

Which plugin, exactly? Please link to it.

Unfortunately, named matchers can’t be OR’d like that, due to Caddyfile syntax limitations. See the official docs to see what is supported.

The expression matcher supports doing ORs, but since maxmind_geolocation is a matcher from a third party library, it can’t be used within the expression matcher at this time.

Yeah, that’s a perfectly fine way to do it. Technically it’s not as efficient as possible, because having two reverse_proxy means those two handlers don’t share resources, but for your usecase it should be just fine.

shift72/caddy-geo-ip

This topic was automatically closed after 30 days. New replies are no longer allowed.