[GH-ISSUE #37] feat: 能否在 Docker 镜像中内置 ngx_http_geoip2_module #20

New issue

Closed

opened 2026-03-04 12:18:04 +03:00 by kerem · 15 comments

kerem commented 2026-03-04 12:18:04 +03:00

Owner

Copy link

Originally created by @xiagw on GitHub (Apr 29, 2021).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/37

不知道可否即成 GEOIP2 的功能呢？
这个 比较有用的功能，现在官方知有 geoip2 了。

找到些资料如下：

leev/ngx_http_geoip2_module: Nginx GeoIP2 module
https://github.com/leev/ngx_http_geoip2_module

nginx-geoip2/Dockerfile at master · ar414-com/nginx-geoip2
https://github.com/ar414-com/nginx-geoip2/blob/master/tests/Dockerfile

nginx-alpine-geoip2/Dockerfile at master · bubelov/nginx-alpine-geoip2
https://github.com/bubelov/nginx-alpine-geoip2/blob/master/Dockerfile

Originally created by @xiagw on GitHub (Apr 29, 2021). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/37 不知道可否即成 GEOIP2 的功能呢？ 这个 比较有用的功能，现在官方知有 geoip2 了。 找到些资料如下： leev/ngx_http_geoip2_module: Nginx GeoIP2 module https://github.com/leev/ngx_http_geoip2_module nginx-geoip2/Dockerfile at master · ar414-com/nginx-geoip2 https://github.com/ar414-com/nginx-geoip2/blob/master/tests/Dockerfile nginx-alpine-geoip2/Dockerfile at master · bubelov/nginx-alpine-geoip2 https://github.com/bubelov/nginx-alpine-geoip2/blob/master/Dockerfile

kerem 2026-03-04 12:18:04 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-03-04 12:18:05 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (Apr 29, 2021):

既然已经有现成的模块了，为什么不直接使用呢？

<!-- gh-comment-id:829269033 --> @ADD-SP commented on GitHub (Apr 29, 2021): 既然已经有现成的模块了，为什么不直接使用呢？

kerem commented 2026-03-04 12:18:05 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (Apr 30, 2021):

整合进入的话，
就可以 直接使用，比较便利。
谢谢

<!-- gh-comment-id:829801729 --> @xiagw commented on GitHub (Apr 30, 2021): 整合进入的话， 就可以 直接使用，比较便利。 谢谢

kerem commented 2026-03-04 12:18:05 +03:00

Author

Owner

Copy link

@ghost commented on GitHub (May 1, 2021):

试试nginx.io的包?

https://nginx.io/

<!-- gh-comment-id:830510784 --> @ghost commented on GitHub (May 1, 2021): 试试nginx.io的包?  https://nginx.io/

kerem commented 2026-03-04 12:18:05 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 1, 2021):

模块和模块之间不能互相集成，想要实现另一个模块的功能必须要实现相关的全部代码。

如果您说的“集成”是指在本模块中实现相关功能的话，我暂时是不会做的，一是因为麻烦（相关的接口不熟悉），二是因为当前有成熟的模块可以代替。

如果您说的“集成”是指在本模块的 Docker 镜像中内置类似 ngx_http_geoip2_module 这样的模块的话倒是可以。

所以您是指哪种”集成“呢？

<!-- gh-comment-id:830636763 --> @ADD-SP commented on GitHub (May 1, 2021): 模块和模块之间不能互相集成，想要实现另一个模块的功能必须要实现相关的全部代码。 如果您说的“集成”是指在本模块中实现相关功能的话，我暂时是不会做的，一是因为麻烦（相关的接口不熟悉），二是因为当前有成熟的模块可以代替。 如果您说的“集成”是指在本模块的 Docker 镜像中内置类似 `ngx_http_geoip2_module` 这样的模块的话倒是可以。 所以您是指哪种”集成“呢？

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (May 1, 2021):

如果您说的“集成”是指在本模块的 Docker 镜像中内置类似 ngx_http_geoip2_module 这样的模块的话倒是可以。

所以您是指哪种”集成“呢？

就是这个集成模块，谢谢。

<!-- gh-comment-id:830642915 --> @xiagw commented on GitHub (May 1, 2021): > 如果您说的“集成”是指在本模块的 Docker 镜像中内置类似 `ngx_http_geoip2_module` 这样的模块的话倒是可以。 > > 所以您是指哪种”集成“呢？ 就是这个集成模块，谢谢。

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 2, 2021):

已经在 change-geoip2 分支中修改了 Dockerfile，内置了模块 ngx_http_geoip2_module。但是不自动下载 GeoIP 数据库，因为现在下载数据库必须要登录账号，或者持有某个账号的 token。

如测试后无问题请关闭 issue。

<!-- gh-comment-id:830730270 --> @ADD-SP commented on GitHub (May 2, 2021): 已经在 `change-geoip2` 分支中修改了 Dockerfile，内置了模块 `ngx_http_geoip2_module`。但是不自动下载 GeoIP 数据库，因为现在下载数据库必须要登录账号，或者持有某个账号的 token。 如测试后无问题请关闭 issue。

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (May 8, 2021):

checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for strerrordesc_np() ... not found
checking for sys_nerr ... not found
checking for _sys_nerr ... not found
checking for localtime_r() ... found
checking for clock_gettime(CLOCK_MONOTONIC) ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for ioctl(FIONREAD) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... not found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in /usr/local/src/ngx_waf
./configure: error: no /usr/local/src/ngx_waf/config was found
The command '/bin/sh -o pipefail -c set -xe     &&  git clone https://github.com/leev/ngx_http_geoip2_module.git     &&  (git clone https://github.com/google/ngx_brotli.git && cd ngx_brotli && git submodule update --init)     &&  (cd ngx_waf && git clone https://github.com/client9/libinjection.git inc/libinjection)     &&  ngx_version=$(lastversion nginx:stable)     &&  lastversion -d "nginx-${ngx_version}.tar.gz" nginx:stable     &&  tar -zxf "nginx-${ngx_version}.tar.gz"     &&  cd "nginx-${ngx_version}"     && ./configure         --prefix=/etc/nginx         --sbin-path=/usr/sbin/nginx         --modules-path=/usr/lib/nginx/modules         --conf-path=/etc/nginx/nginx.conf         --error-log-path=/var/log/nginx/error.log         --http-log-path=/var/log/nginx/access.log         --pid-path=/var/run/nginx.pid         --lock-path=/var/run/nginx.lock         --http-client-body-temp-path=/var/cache/nginx/client_temp         --http-proxy-temp-path=/var/cache/nginx/proxy_temp         --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp         --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp         --http-scgi-temp-path=/var/cache/nginx/scgi_temp         --with-perl_modules_path=/usr/lib/perl5/vendor_perl         --user=nginx         --group=nginx         --with-debug         --with-compat         --with-file-aio         --with-threads         --with-http_addition_module         --with-http_auth_request_module         --with-http_dav_module         --with-http_flv_module         --with-http_gunzip_module         --with-http_gzip_static_module         --with-http_mp4_module         --with-http_random_index_module         --with-http_realip_module         --with-http_secure_link_module         --with-http_slice_module         --with-http_ssl_module         --with-http_stub_status_module         --with-http_sub_module         --with-http_v2_module         --with-mail         --with-mail_ssl_module         --with-stream         --with-stream_realip_module         --with-stream_ssl_module         --with-stream_ssl_preread_module         --with-cc-opt='-Os -fomit-frame-pointer -fstack-protector'         --with-ld-opt=-Wl,--as-needed         --add-module=/usr/local/src/ngx_waf         --add-module=/usr/local/src/ngx_http_geoip2_module         --add-module=/usr/local/src/ngx_brotli     &&  make -j$(nproc)    &&  cp objs/nginx /usr/sbin/nginx' returned a non-zero code: 1

<!-- gh-comment-id:834968456 --> @xiagw commented on GitHub (May 8, 2021): ``` checking for off_t size ... 8 bytes checking for time_t size ... 8 bytes checking for AF_INET6 ... found checking for setproctitle() ... not found checking for pread() ... found checking for pwrite() ... found checking for pwritev() ... found checking for strerrordesc_np() ... not found checking for sys_nerr ... not found checking for _sys_nerr ... not found checking for localtime_r() ... found checking for clock_gettime(CLOCK_MONOTONIC) ... found checking for posix_memalign() ... found checking for memalign() ... found checking for mmap(MAP_ANON|MAP_SHARED) ... found checking for mmap("/dev/zero", MAP_SHARED) ... found checking for System V shared memory ... found checking for POSIX semaphores ... found checking for struct msghdr.msg_control ... found checking for ioctl(FIONBIO) ... found checking for ioctl(FIONREAD) ... found checking for struct tm.tm_gmtoff ... found checking for struct dirent.d_namlen ... not found checking for struct dirent.d_type ... found checking for sysconf(_SC_NPROCESSORS_ONLN) ... found checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... not found checking for openat(), fstatat() ... found checking for getaddrinfo() ... found configuring additional modules adding module in /usr/local/src/ngx_waf ./configure: error: no /usr/local/src/ngx_waf/config was found The command '/bin/sh -o pipefail -c set -xe && git clone https://github.com/leev/ngx_http_geoip2_module.git && (git clone https://github.com/google/ngx_brotli.git && cd ngx_brotli && git submodule update --init) && (cd ngx_waf && git clone https://github.com/client9/libinjection.git inc/libinjection) && ngx_version=$(lastversion nginx:stable) && lastversion -d "nginx-${ngx_version}.tar.gz" nginx:stable && tar -zxf "nginx-${ngx_version}.tar.gz" && cd "nginx-${ngx_version}" && ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-debug --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fomit-frame-pointer -fstack-protector' --with-ld-opt=-Wl,--as-needed --add-module=/usr/local/src/ngx_waf --add-module=/usr/local/src/ngx_http_geoip2_module --add-module=/usr/local/src/ngx_brotli && make -j$(nproc) && cp objs/nginx /usr/sbin/nginx' returned a non-zero code: 1 ```

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 8, 2021):

不知道发生了什么，试试 dev 分支。

<!-- gh-comment-id:835376085 --> @ADD-SP commented on GitHub (May 8, 2021): 不知道发生了什么，试试 dev 分支。

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (May 9, 2021):

$ DOCKER_BUILDKIT=1 docker build -t my/nginx .
[+] Building 0.1s (7/12)
 => [internal] load build definition from Dockerfile                                                                                                                                            0.0s
 => => transferring dockerfile: 38B                                                                                                                                                             0.0s
 => [internal] load .dockerignore                                                                                                                                                               0.0s
 => => transferring context: 2B                                                                                                                                                                 0.0s
 => [internal] load metadata for docker.io/library/nginx:stable-alpine                                                                                                                          0.0s
 => [internal] load build context                                                                                                                                                               0.0s
 => => transferring context: 170B                                                                                                                                                               0.0s
 => CACHED [builder 1/5] FROM docker.io/library/nginx:stable-alpine                                                                                                                             0.0s
 => [builder 2/5] WORKDIR /usr/local/src                                                                                                                                                        0.0s
 => ERROR [stage-1 2/4] COPY ./rules /etc/nginx/waf-rules                                                                                                                                       0.0s
------
 > [stage-1 2/4] COPY ./rules /etc/nginx/waf-rules:
------
failed to compute cache key: "/rules" not found: not found

<!-- gh-comment-id:835817559 --> @xiagw commented on GitHub (May 9, 2021): ``` $ DOCKER_BUILDKIT=1 docker build -t my/nginx . [+] Building 0.1s (7/12) => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 38B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/library/nginx:stable-alpine 0.0s => [internal] load build context 0.0s => => transferring context: 170B 0.0s => CACHED [builder 1/5] FROM docker.io/library/nginx:stable-alpine 0.0s => [builder 2/5] WORKDIR /usr/local/src 0.0s => ERROR [stage-1 2/4] COPY ./rules /etc/nginx/waf-rules 0.0s ------ > [stage-1 2/4] COPY ./rules /etc/nginx/waf-rules: ------ failed to compute cache key: "/rules" not found: not found ```

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 9, 2021):

运行命令 docker system pruge，然后重新构建试试。

<!-- gh-comment-id:835818633 --> @ADD-SP commented on GitHub (May 9, 2021): 运行命令 `docker system pruge`，然后重新构建试试。

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (May 9, 2021):

不是这个，
要把 dockerfile 放在根目录才行

<!-- gh-comment-id:835818769 --> @xiagw commented on GitHub (May 9, 2021): 不是这个， 要把 dockerfile 放在根目录才行

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (May 9, 2021):

你放到 那个 目录下 ，就无法直接在那个目录 build 了

<!-- gh-comment-id:835818837 --> @xiagw commented on GitHub (May 9, 2021): 你放到 那个 目录下 ，就无法直接在那个目录 build 了

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 9, 2021):

不能通过 docker build -f docker/Dockerfile.alpine . 这样的命令来构建么？

<!-- gh-comment-id:835820790 --> @ADD-SP commented on GitHub (May 9, 2021): 不能通过 `docker build -f docker/Dockerfile.alpine .` 这样的命令来构建么？

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 9, 2021):

或者通过 docker build -f /path/to/Dockerfile /path/to/ngx_waf 这样的命令构建。

<!-- gh-comment-id:835822597 --> @ADD-SP commented on GitHub (May 9, 2021): 或者通过 `docker build -f /path/to/Dockerfile /path/to/ngx_waf` 这样的命令构建。

kerem commented 2026-03-04 12:18:06 +03:00

Author

Owner

Copy link

@xiagw commented on GitHub (May 10, 2021):

不能通过 docker build -f docker/Dockerfile.alpine . 这样的命令来构建么？

谢谢，一下忘记了这种方式。
谢谢

<!-- gh-comment-id:836048583 --> @xiagw commented on GitHub (May 10, 2021): > 不能通过 `docker build -f docker/Dockerfile.alpine .` 这样的命令来构建么？ 谢谢，一下忘记了这种方式。 谢谢

kerem referenced this issue 2026-03-13 16:32:56 +03:00

[GH-ISSUE #20] build failed on CentOS 7 #146

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

lts

lts-dev

add_sp/refactor-replace-libcurl-with-subreq

current-dev

current

current-dev-backup

v6.1.10

v10.1.2

v6.1.9

v6.1.8

v10.1.1

v10.1.0

v6.1.7

v10.0.1

v10.0.0

v9.0.6

v9.0.5

v6.1.6

v6.1.5

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.0.3

v6.1.4

v8.0.2

v8.0.1

v6.1.3

v8.0.0

v7.1.0

v6.1.2

v7.0.1

v7.0.0

v6.1.1

v6.1.0

v6.0.3

v6.0.2

v6.0.2-beta.1

v6.0.1

v6.0.1-beta.2

v6.0.1-beta.1

v6.0.0

v6.0.0-beta.4

v5.5.1

v6.0.0-beta.2

v6.0.0.beta.3

v6.0.0-beta.1

v5.5.0

v5.4.2

v5.4.2-beta.2

v5.4.2-beta.1

v5.4.1

v5.4.1-beta.1

v5.4.0

v5.4.0-beta.1

v5.3.2

v5.3.1

v5.3.0

v5.3.0-beta.4

v5.3.0-beta.3

v5.3.0-beta.2

v5.3.0-beta.1

v5.2.0

v5.2.0-beta.2

v5.2.0-beta.1

v5.1.1

v5.1.1-beta.1

v5.1.0

v5.0.0

v5.0.0-beta.5

v5.0.0-beta.4

v5.0.0-beta.3

v5.0.0-beta.2

v5.0.0-beta.1

v4.1.0-beta.4

v4.1.0-beta.3

v4.1.0-beta.2

v4.1.0-beta.1

v4.0.0

v4.0.0-beta.2

v3.1.6

v3.2.0-beta.1

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.1.0-beta-1

v3.0.3-beta-3

v3.0.2

v3.0.3-beta-2

v3.0.3-beta-1

v3.0.2-beta-2

v3.0.2-beta-1

v3.0.1

v3.0.0

v3.0.0-beta-2

v3.0.0-beta-1

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.1-beta-1

v2.0.0

v2.0.0-beta.1

v1.0.1

v1.0.0

v1.0.0-RC2

v1.0.0-RC1

Labels

Clear labels   

MacOS

  

Nginx

  

OpenResty

  

Tengine

  

bug

  

documentation

  

enhancement

  

needs-investigation

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

stale

  

stale

  

timeout

  

wontfix

No labels

MacOS

Nginx

OpenResty

Tengine

bug

documentation

enhancement

needs-investigation

pull-request

question

stale

stale

stale

timeout

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ngx_waf#20

No description provided.