{"version":"1.0","provider_name":"Lassi's homepage","provider_url":"https:\/\/lassinsivut.eu\/en","title":"Nginx Proxy Manager GeoBlocking - Lassin kotisivut","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"MYd9XyyuFf\"><a href=\"https:\/\/lassinsivut.eu\/en\/nginx-proxy-manager-geoblocking\/\">Nginx Proxy Manager GeoBlocking<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/lassinsivut.eu\/en\/nginx-proxy-manager-geoblocking\/embed\/#?secret=MYd9XyyuFf\" width=\"600\" height=\"338\" title=\"&#8220;Nginx Proxy Manager GeoBlocking&#8221; &#8212; Lassin kotisivut\" data-secret=\"MYd9XyyuFf\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/lassinsivut.eu\/wp-includes\/js\/wp-embed.min.js\n<\/script>","thumbnail_url":"https:\/\/lassinsivut.eu\/wp-content\/uploads\/2026\/03\/geolocation.png","thumbnail_width":1280,"thumbnail_height":640,"description":"GeoBlocking Nginx Proxy Managerilla Geoblokki tarkoittaa tiettyjen maiden tai alueiden IP-osoitteiden est\u00e4mist\u00e4 p\u00e4\u00e4sem\u00e4st\u00e4 palveluun. Sen tarkoituksena on parantaa tietoturvaa ja v\u00e4hent\u00e4\u00e4 turhaa liikennett\u00e4 esimerkiksi silloin, kun palvelua k\u00e4ytet\u00e4\u00e4n vain tietyss\u00e4 maassa. N\u00e4in voidaan est\u00e4\u00e4 haitallisia kirjautumisyrityksi\u00e4 ja pienent\u00e4\u00e4 palvelimen kuormitusta. Dockerin asennus Asennetaan Docker ensin k\u00e4tev\u00e4sti heid\u00e4n valmiilla bash scriptill\u00e4. curl -fsSL https:\/\/get.docker.com | sudo sh Tehd\u00e4\u00e4n kansio Nginxille. mkdir -p \/docker\/npm cd \/docker\/npm Luodaan Docker compose tiedosto johon kaikki konfiguraatiot tulevat. nano compose.yaml \ud83d\udc33 compose.yaml 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 services: app: image: &#039;jc21\/nginx-proxy-manager:latest&#039; restart: unless-stopped ports: # These ports are in format &lt;host-port&gt;:&lt;container-port&gt; - &#039;80:80&#039; # Public HTTP Port - &#039;443:443&#039; # Public HTTPS Port - &#039;81:81&#039; # Admin Web Port # Add any other Stream port you want to expose # - &#039;21:21&#039; # FTP environment: # Mysql\/Maria connection parameters: DB_MYSQL_HOST: &quot;db&quot; DB_MYSQL_PORT: 3306 DB_MYSQL_USER: &quot;npm&quot; DB_MYSQL_PASSWORD: &quot;npm&quot; DB_MYSQL_NAME: &quot;npm&quot; # Uncomment this if IPv6 is not enabled on your host # DISABLE_IPV6: &#039;true&#039; volumes: - .\/data:\/data - .\/letsencrypt:\/etc\/letsencrypt - .\/data\/nginx\/custom:\/etc\/nginx\/conf.d\/custom depends_on: - db db: image: &#039;jc21\/mariadb-aria:latest&#039; restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: &#039;npm&#039; MYSQL_DATABASE: &#039;npm&#039; MYSQL_USER: &#039;npm&#039; MYSQL_PASSWORD: &#039;npm&#039; volumes: - .\/mysql:\/var\/lib\/mysql geoip-upd: container_name: geoip-upd image: maxmindinc\/geoipupdate:latest restart: unless-stopped volumes: - .\/data\/geoip2:\/usr\/share\/GeoIP environment: TZ: &quot;Europe\/Helsinki&quot; GEOIPUPDATE_ACCOUNT_ID: 1234567 GEOIPUPDATE_LICENSE_KEY: &quot;keykeykeykeykeykeykeykey&quot; GEOIPUPDATE_EDITION_IDS: &quot;GeoLite2-City GeoLite2-Country GeoLite2-ASN&quot; #Databaset joita tarvimme GEOIPUPDATE_FREQUENCY: 12 #Kuinka usein database p\u00e4ivittyy GEOIPUPDATE_PRESERVE_FILE_TIMES: 1 #Todellinen aika tiedostolle Seuraavaksi ladataan tarvittavat moduulit. nano \/docker\/npm\/data\/nginx\/custom\/root_top.conf root_top.conf load_module \/usr\/lib\/nginx\/modules\/ngx_http_geoip2_module.so; load_module \/usr\/lib\/nginx\/modules\/ngx_stream_geoip2_module.so; Uudelleen k\u00e4ynnistet\u00e4\u00e4n containeri jotta muutokset tulevat voimaan. docker exec -it docker-npm nginx -s reload Tarkista kuitenkin oman containerin nimi seuraavalla komennolla. docker ps Tietokannan lataaminen Mene osoitteeseen https:\/\/www.maxmind.com\/en\/geolite2\/signup K\u00e4yt\u00e4mme maxmindin tarjoavaa geoip datasettej\u00e4, ne p\u00e4ivittyv\u00e4t yll\u00e4tt\u00e4v\u00e4n nopeasti. Luo uusi license key ja ota talteen account ID, License Key sek\u00e4 n\u00e4m\u00e4: GeoLite2-ASN, GeoLite2-Country ja GeoLite2-City Lis\u00e4tty\u00e4si tarvittavat tunnukset Docker Compose tiedostoon ja k\u00e4ynnist\u00e4m\u00e4ll\u00e4 Containerin n\u00e4emme tiedostot. docker compose up -d ls -l \/docker\/npm\/data\/geoip2 Tietokannan konfigurointi Nginx Proxy Managerille Luodaan uusi tiedosto joka k\u00e4sittelee tietokannan sis\u00e4ll\u00f6n ja parsii sielt\u00e4 mm.country coden, nimen, cityn sek\u00e4 regionin. T\u00e4ss\u00e4 ohjeessa p\u00e4\u00e4st\u00e4mme vain Saksasta liikenteen. nano \/docker\/npm\/data\/nginx\/custom\/http_top.conf http_top.conf charset utf-8; geoip2 \/data\/geoip2\/GeoLite2-City.mmdb { auto_reload 3h; $geoip2_metadata_country_build metadata build_epoch; $geoip2_data_country_code default=XX source=$remote_addr country iso_code; $geoip2_data_country_name default=- country names de; $geoip2_data_city_name default=- city names de; $geoip2_data_region_name default=- subdivisions 0 names de; } geo $allowed_ip { default no; # Blockaa oletuksena 10.10.1.0\/24 yes; # Whitelistaa locaali verkko } map $geoip2_data_country_code $allowed_country { default $allowed_ip; DE yes; # Vain Saksa voit lis\u00e4t\u00e4 lis\u00e4\u00e4 maita } #Formaatti logille, my\u00f6hemmin my\u00f6s Grafanaa varten log_format json_analytics escape=json &#039;{&#039; &#039;&quot;time_local&quot;: &quot;$time_local&quot;, &#039; &#039;&quot;remote_addr&quot;: &quot;$remote_addr&quot;, &#039; &#039;&quot;request_uri&quot;: &quot;$request_uri&quot;, &#039; &#039;&quot;status&quot;: &quot;$status&quot;, &#039; &#039;&quot;server_name&quot;: &quot;$server_name&quot;, &#039; &#039;&quot;request_time&quot;: &quot;$request_time&quot;, &#039; &#039;&quot;request_method&quot;: &quot;$request_method&quot;, &#039; &#039;&quot;bytes_sent&quot;: &quot;$bytes_sent&quot;, &#039; &#039;&quot;http_host&quot;: &quot;$http_host&quot;, &#039; &#039;&quot;http_x_forwarded_for&quot;: &quot;$http_x_forwarded_for&quot;, &#039; &#039;&quot;http_cookie&quot;: &quot;$http_cookie&quot;, &#039; &#039;&quot;server_protocol&quot;: &quot;$server_protocol&quot;, &#039; &#039;&quot;upstream_addr&quot;: &quot;$upstream_addr&quot;, &#039; &#039;&quot;upstream_response_time&quot;: &quot;$upstream_response_time&quot;, &#039; &#039;&quot;ssl_protocol&quot;: &quot;$ssl_protocol&quot;, &#039; &#039;&quot;ssl_cipher&quot;: &quot;$ssl_cipher&quot;, &#039; &#039;&quot;http_user_agent&quot;: &quot;$http_user_agent&quot;, &#039; &#039;&quot;remote_user&quot;: &quot;$remote_user&quot; &#039; &#039;}&#039;; Login n\u00e4et t\u00e4ll\u00e4 komennolla. tail -f \/dockers\/nginx-proxym\/data\/logs\/proxy-host-%HOSTID%_access-geo.log Lis\u00e4t\u00e4\u00e4n viel\u00e4 Proxy Manageriin. Avaa Nginx Proxy manager WebUI ja paina Proxy Hosts, sen j\u00e4lkeen Add proxy Host. Kirjoita haluamasi domain, paikallinen osoite sek\u00e4 portti. Lis\u00e4\u00e4 viel\u00e4 asetukset\u00a0Block Common Exploits sek\u00e4\u00a0Websocket Support. Seuraavaksi paina oikealta ylh\u00e4\u00e4lt\u00e4 asetus kuvaketta ja lis\u00e4\u00e4 seuraava koodi. if ($allowed_country = no) { return 444; } Nyt on kaikki valmista, ett\u00e4 geoblokki on yksinkertainen mutta tehokas keino parantaa palvelun turvallisuutta ja hallittavuutta. Toteuttamalla sen Nginx Proxy Managerin avulla saamme helposti yll\u00e4pidett\u00e4v\u00e4n ratkaisun, jota voidaan tarvittaessa muokata nopeasti. N\u00e4in varmistamme, ett\u00e4 palvelu pysyy suojattuna ja toimii optimaalisesti vain halutuille k\u00e4ytt\u00e4jille."}