fix geoip behind proxy

Author: noogen

files/etc/nginx/cdn-ips.conf

@@ -1,3 +1,6 @@
+# ref your cdn here, example bunnycdn below
+include cdn/cdn-bunny.conf;
+
 # Local cache/proxy
 set_real_ip_from  0.0.0.0/0;
 set_real_ip_from  ::/0;
@@ -6,6 +9,17 @@ set_real_ip_from  192.168.0.0/16;
 set_real_ip_from  10.0.0.0/8;
 set_real_ip_from  172.0.0.0/24;
 
-#real_ip_header X-Real-IP;
-#real_ip_header X-Forwarded-For;
-#real_ip_recursive on;
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
+
+# map realip to use with geolite2.conf
+map $http_x_forwarded_for $forwarded_ip {
+    default         $http_x_forwarded_for;
+    ''              $realip_remote_addr;
+}
+
+# simply grab the first IP if there are multiples
+map $forwarded_ip $realip {"~(?<IP>[^,]*),*.*" $IP;}
+
+
+include geolite2.conf;

files/etc/nginx/geoipme.conf

@@ -1,13 +1,11 @@
-# usage: include /etc/nginx/geoipme.conf;
-# this proxy pass to sites-enabled/geoip.conf
+# use this with sites-enabled/1-geoip.conf
 location ~ /(geoip|geoipme)+/(?<ip>.*) {
-    set                $realip        $ip;
-
-    if ($realip  = '') {
-       set $realip $realip_remote_addr;
+    if ($ip) {
+       set $realip $ip;
     }
 
+    proxy_set_header   X-Real-IP $realip;
     proxy_set_header   X-Forwarded-For $realip;
     proxy_set_header   Host "127.0.0.1";
     proxy_pass         "http://127.0.0.1:9081";
-}
+}

files/etc/nginx/geolite2.conf

@@ -1,7 +1,4 @@
-map $http_x_forwarded_for $realip {
-    default         $http_x_forwarded_for;
-    ''              $realip;
-}
+# $realip is map inside of cdn-ips.conf
 
 geoip2 /etc/nginx/GeoLite2-Country.mmdb {
     auto_reload 60m;