## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
# To enable, uncommment the Geoip2 config line in nginx.conf
# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
# A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup
# The below config is for geoblocking any country/city you add. The default config is blocking all countries/cities except the ones you set to "yes". 
# If you want to do the opposite, set default to "yes", and the countries/cities to "no".
# As the default config blocks all IP's except the ones in the GeoLite2-City.mmdb database set to yes, you will need to allow your lan ip for local access. 


geoip2 /config/geoip2db/GeoLite2-City.mmdb {
    auto_reload 5m;
    $geoip2_data_country_code country iso_code;
    $geoip2_data_city_name city names en;
}

# GEOIP2 COUNTRY CONFIG
map $geoip2_data_country_code $allowed_country {
    default no;
    <COUNTRY-CODE> yes; # e.g GB yes; for United Kingdom
    IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access.
}

#(Optional)
# GEOIP2 CITY CONFIG
#    map $geoip2_data_city_name $allowed_city {
#    default no;
#    <CITY-NAME> yes; # e.g Inverness yes;
#    IP/CIDR yes; # e.g. 192.168.1.0/24 yes; for local access.
#    }


# Server config example:
# Add the following if statement inside any server context where you want to geo block countries.

########################################
#	if ($allowed_country = no) {
#	return 444;
#	}
#########################################

# Add the following if statement inside any server context where you want to geo block cities.
########################################
#	if ($allowed_city = no) {
#	return 444;
#	}
#########################################

# Example using a config from proxy-confs

#server {
#    listen 443 ssl;
#    listen [::]:443 ssl;
#
#    server_name unifi.*;
#
#    include /config/nginx/ssl.conf;
#
#    client_max_body_size 0;
#
#    # enable for ldap auth, fill in ldap details in ldap.conf
#    #include /config/nginx/ldap.conf;
#
#    # enable for Authelia
#    #include /config/nginx/authelia-server.conf;


#    # Country geo block	
#    if ($allowed_country = no) {
#       return 444;
#    }


#
#    location / {
#        # enable the next two lines for http auth
#        #auth_basic "Restricted";
#        #auth_basic_user_file /config/nginx/.htpasswd;
#
#        # enable the next two lines for ldap auth
#        #auth_request /auth;
#        #error_page 401 =200 /ldaplogin;
#
#        # enable for Authelia
#        #include /config/nginx/authelia-location.conf;
#
#        include /config/nginx/proxy.conf;
#        resolver 127.0.0.11 valid=30s;
#        set $upstream_app unifi-controller;
#        set $upstream_port 8443;
#        set $upstream_proto https;
#        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
#
#        proxy_buffering off;
#    }
#}