Geolocation

GeoIP2 (Stream)

GeoIP2 lookups, but for TCP and UDP traffic.

nginx-module-stream-geoip2

Install

You'll need nginx from nginx.org configured first. These packages won't load on the distro nginx.

Add the Blendbyte repository if you haven't already:

Add Blendbyte repository 
sudo install -d -m 0755 /etc/apt/keyrings

curl -fsSL https://apt.blendbyte.net/nginx/blendbyte-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/blendbyte.gpg >/dev/null

echo "deb [signed-by=/etc/apt/keyrings/blendbyte.gpg] https://apt.blendbyte.net/nginx $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/blendbyte.list

sudo apt update

Then install this module:

Install nginx-module-stream-geoip2 
$ sudo apt install nginx-module-stream-geoip2

Most modules auto-enable on install. If yours didn't:

Enable module manually (if needed) 
$ sudo ln -s /etc/nginx/modules-available/50-mod-stream-geoip2.conf \
  /etc/nginx/modules-enabled/
$ sudo nginx -t && sudo systemctl reload nginx
External dependency: MaxMind GeoIP2 or GeoLite2 database files (free MaxMind account required)

What it does

The stream {} version of nginx-module-geoip2. Same MaxMind GeoIP2 lookups, same variables, but available inside nginx's stream module for raw TCP and UDP proxying. If you're running nginx as a TCP load balancer, SNI-based router, or proxy for non-HTTP traffic (databases, mail, game servers, VPNs), this gives you geographic variables in that context. Config is the same as the HTTP module: load databases, define variables, use them in stream {} blocks. If your nginx only does HTTP, skip this one.

When to use it

  • Route TCP connections to geographically close backends
  • Restrict access to database proxy endpoints by geography
  • Log geographic data for non-HTTP traffic
  • Geographic-based decisions for TCP load balancing

Configuration

A starting point. Adjust to taste.

nginx.conf example 
stream {
  geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
    $geoip2_country_code country iso_code;
  }

  map $geoip2_country_code $backend {
    default backend_us;
    DE      backend_eu;
    FR      backend_eu;
  }

  upstream backend_us { server 10.0.1.1:5432; }
  upstream backend_eu { server 10.0.2.1:5432; }

  server {
    listen     5432;
    proxy_pass $backend;
  }
}

Replacing a Sury package?

This replaces libnginx-mod-stream-geoip2 from the old Sury nginx repository. The package declares Replaces and Conflicts so apt handles the swap in one transaction. No manual cleanup needed.

Drop-in replacement 
# If you were using Sury, this upgrades in place:
sudo apt install nginx-module-stream-geoip2

See the full migration guide for the complete Sury-to-Blendbyte migration steps.

Upstream project

We package this from the upstream open-source project. If it's a bug in the module itself (not in our packaging), report it upstream.

https://github.com/leev/ngx_http_geoip2_module ↗

Related modules

nginx-module-geoip2
GeoIP2 (HTTP)
Know where your traffic is coming from. Block it, route it, or just log it.
View module →
← All modules