1. The problem I’m having:
I would like to configure my Caddy webserver (running within Docker) to allow any connections from either:
(1) anywhere in the Czech Republic
(2) England (subdivision of the United Kingdom)
I have set up my Dockerfile using xcaddy to build a docker image including the caddy-maxmind-geolocation plugin, and the image gets built correctly. Below is my Caddyfile:
(geodb) {
db_path "/mnt/GeoIP/GeoLite2-City.mmdb"
}
(geoblock) {
@main {
not maxmind_geolocation {
import geodb
allow_countries GB
}
not maxmind_geolocation {
import geodb
allow_countries CZ
}
}
header X-Client-IP "{remote_host}"
respond @main "Forbidden" 403
}
"mydomain.xyz" {
import cf-tls
import geoblock
reverse_proxy "http://upstream:1234"
}
And in this version, the webserver does allow any requests from either Czech Republic, or the UK. I would like to however also specify to only allow requests only from England, so I added allow_subdivisions ENG to the first not maxmind_geolocation block as per the documentation. When I do that however, all connections from all of UK are blocked (CZ connections are still working) - I’m getting 403 Forbidden from UK (ENG), 200 from CZ. After the changes, the same snippet as above looks like below:
(geodb) {
db_path "/mnt/GeoIP/GeoLite2-City.mmdb"
}
(geoblock) {
@main {
not maxmind_geolocation {
import geodb
allow_countries GB
allow_subdivisions ENG
}
not maxmind_geolocation {
import geodb
allow_countries CZ
}
}
header X-Client-IP "{remote_host}"
respond @main "Forbidden" 403
}
"mydomain.xyz" {
import cf-tls
import geoblock
reverse_proxy "http://upstream:1234"
}
2. Error messages and/or full log output:
{"level":"debug","ts":1741085012.5939891,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"62.232.61.82","country":"GB","subdivisions":"ENG,BDG","metro_code":0,"asn":0}
{"level":"debug","ts":1741085012.594006,"logger":"http.matchers.maxmind_geolocation","msg":"Subdivision not allowed","subdivision":"BDG"}
{"level":"debug","ts":1741085012.5940306,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"62.232.61.82","country":"GB","subdivisions":"ENG,BDG","metro_code":0,"asn":0}
{"level":"debug","ts":1741085012.5940325,"logger":"http.matchers.maxmind_geolocation","msg":"Country not allowed","country":"GB"}
{"level":"debug","ts":1741085012.8251307,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"62.232.61.82","country":"GB","subdivisions":"ENG,BDG","metro_code":0,"asn":0}
{"level":"debug","ts":1741085012.8251455,"logger":"http.matchers.maxmind_geolocation","msg":"Subdivision not allowed","subdivision":"BDG"}
{"level":"debug","ts":1741085012.8251529,"logger":"http.matchers.maxmind_geolocation","msg":"Detected MaxMind data","ip":"62.232.61.82","country":"GB","subdivisions":"ENG,BDG","metro_code":0,"asn":0}
{"level":"debug","ts":1741085012.8251545,"logger":"http.matchers.maxmind_geolocation","msg":"Country not allowed","country":"GB"}
3. Caddy version:
Caddy 2.8
4. How I installed and ran Caddy:
docker-compose.yaml:
services:
caddy:
build: ./caddy
container_name: caddy
hostname: docker_caddy
depends_on:
- geoipupdate
- ipinfo-app
ports:
- "${LOCAL_HTTP_PORT}:${CADDY_HTTP_PORT}"
- "${LOCAL_HTTPS_PORT}:${CADDY_HTTPS_PORT}"
environment:
- "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}"
- "CADDY_HTTP_PORT=${CADDY_HTTP_PORT}"
- "CADDY_HTTPS_PORT=${CADDY_HTTPS_PORT}"
- "EMAIL=${EMAIL}"
- "DNS_CHALLENGE_OVERRIDE_DOMAIN=${DNS_CHALLENGE_OVERRIDE_DOMAIN}"
volumes:
- "./caddy/Caddyfile:/etc/caddy/Caddyfile"
- "./caddy/external_certs:/etc/caddy/external_certs"
- "caddy_config:/config"
- "caddy_data:/data"
- "geoip_data:/mnt/GeoIP"
restart: unless-stopped
networks:
main:
ipv4_address: 172.18.1.254
./caddy/Dockerfile:
FROM caddy:2.8-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/caddy-dns/duckdns \
--with github.com/caddy-dns/digitalocean \
--with github.com/hairyhenderson/caddy-teapot-module@v0.0.3-0 \
--with github.com/porech/caddy-maxmind-geolocation
FROM caddy:2.8
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
a. System environment:
Docker
b. Command:
docker compose up -d
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
As per above
5. Links to relevant resources:
N/A