## Version 2021/11/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/server-confs/geoip2.conf.sample
# To enable, uncommment the Geoip2 config line in nginx.conf
# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
# A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup

geoip2 /config/geoip2db/GeoLite2-City.mmdb {
    auto_reload 1w;
    $geoip2_data_city_name city names en;
    $geoip2_data_postal_code postal code;
    $geoip2_data_latitude location latitude;
    $geoip2_data_longitude location longitude;
    $geoip2_data_state_name subdivisions 0 names en;
    $geoip2_data_state_code subdivisions 0 iso_code;
    $geoip2_data_continent_code continent code;
    $geoip2_data_country_iso_code country iso_code;
}

# GEOIP2 COUNTRY CONFIG
map $geoip2_data_country_iso_code $allowed_country {
    # default must be yes or no
    # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
    default yes;

    # Below you will setup conditions with yes or no
    # ex: <condition> <yes/no>;

    # allow United Kingdom.
    #GB yes;
}

# GEOIP2 CITY CONFIG
map $geoip2_data_city_name $allowed_city {
    # default must be yes or no
    # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
    default yes;

    # Below you will setup conditions with yes or no
    # ex: <condition> <yes/no>;

    # allow Inverness.
    #Inverness yes;
}

# ALLOW LOCAL ACCESS
geo $allow_list {
    default yes; # Set this to no if $allowed_country or $allowed_city default is no.
    # IP/CIDR yes; # e.g. 192.168.1.0/24 yes;
}

# Server config example:
# Add the following if statements inside any server context where you want to geo block countries.

########################################
#    if ($allow_list = yes) {
#       set $allowed_country yes;
#    }
#    if ($allowed_country = no) {
#       return 444;
#    }
#########################################
# Add the following if statements inside any server context where you want to geo block cities.
########################################
#    if ($allow_list = yes) {
#       set $allowed_country yes;
#    }
#    if ($allowed_city = no) {
#       return 444;
#    }
#########################################

# Example using a config from proxy-confs

# server {
#     include /config/nginx/server-confs/*.conf;

#     server_name unifi.*;

#     client_max_body_size 0;

#     # Allow lan access if default is set to no
#     if ($allow_list = yes) {
#         set $allowed_country yes;
#     }
#     # Country geo block
#     if ($allowed_country = no) {
#         return 444;
#     }

#     set $htpasswd_file /config/nginx/.htpasswd;
#     set $auth_basic "Restricted";
#     if (!-f $htpasswd_file) {
#         set $auth_basic off;
#     }
#     location / {
#         include /config/nginx/location-confs/*.conf;

#         set $upstream_app unifi-controller;
#         set $upstream_port 8443;
#         set $upstream_proto https;
#         proxy_pass $upstream_proto://$upstream_app:$upstream_port;

#         proxy_buffering off;
#     }
# }