Opened 2 years ago

Closed 2 years ago

#2321 closed defect (invalid)

ngx_http_geoip_module problem

Reported by: a.savickiy.cdnvideo.com@… Owned by:
Priority: critical Milestone: nginx-1.21
Component: nginx-module Version: 1.19.x
Keywords: geoip Cc:
uname -a: Linux edge.company.ru 5.4.0-72-generic #80~18.04.1-Ubuntu SMP Mon Apr 12 23:26:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.21.5
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC)
built with OpenSSL 1.1.1m 14 Dec 2021
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/share/nginx --modules-path=/usr/lib64/nginx/modules --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_v2_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module --with-http_slice_module --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ipv6 --with-file-aio --with-debug --with-threads --with-pcre-jit --without-pcre2 --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/ngx_http_bytes_filter_module --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/lua-nginx-module-0.10.20 --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/nginx-rtmp-module-master --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/nginx-sla-master --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/ngx_devel_kit-0.3.0 --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/ngx_brotli --add-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/ngx_http_geoip2_module-3.3 --add-dynamic-module=/usr/share/passenger/ngx_http_passenger_module --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/nginx-vod-module-1.28 --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/nginx-cors-module-0.10 --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/nginx-kzmi-module-0.03 --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/lua-upstream-nginx-module-0.06 --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/ngx_cache_purge-2.3 --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/ngx_http_ttfb_filter_module --add-dynamic-module=/home/rpmbuild/rpmbuild/BUILD/nginx-1.21.5/nginx_accept_language_module --with-openssl=openssl-1.1.1m

Description

Dear colleagues, good day!

We`re investigating problems with ngx_http_geoip_module after 1.19.x
Geoip answer is empty
The problem occurs only after nginx reload
Configuration:

http {
...
map $geoip_country_code $country

{

~*(?<c>[a-z]+) $c;
default -;

}

geoip_country /var/www/geodata/GeoIP.dat;
...
}

conf.d:

location /checkgeo

{

if ($country !~* "ZZ")
{

return 403;

}

proxy_hide_header country;
add_header country "$country" always;
proxy_hide_header geoip_country_code;
add_header geoip_country_code "$geoip_country_code" always;

}

Before reload:

curl -sI http://$(hostname):port/checkgeo -H 'Host: host'

HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 12 Feb 2022 09:08:40 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
country: RU
geoip_country_code: RU

After:

nginx: the configuration file /etc/nginx2/nginx.conf syntax is ok
nginx: configuration file /etc/nginx2/nginx.conf test is successful
Reloading nginx2: [ OK ]
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 12 Feb 2022 08:51:06 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
country: -

File:
-r--r--r-- 1 root root 2237008 xxx 10 16:01 /var/www/geodata/GeoIP.dat

we`ve tried to change to nginx:nginx and nothing changed

We have a lot of servers (>500) and problem occurs from time to time on different machines.

If u need, we have debug logs for good reload and request and bad reload and request. Also have straces for both cases.

Change History (3)

comment:1 by Maxim Dounin, 2 years ago

There were no functional changes in GeoIP module since 2014 (nginx 1.7.4). If you see issues with it, especially appeared recently, most likely these are due to corrupted/buggy database file (and/or bugs in the GeoIP library). Unfortunately, the GeoIP library provides little to no feedback about issues in the database file (and, further, might do anything in case of corrupted database file).

First of all, please make sure that the database file is not being written to during nginx reload. As long as you are able to reproduce the issue with a particular database file, please share it for additional investigation. Please also provide details about the GeoIP library you are using.

Also it might be a good idea to make sure the problem isn't in one of 3rd party modules you are using. That is, please try to reproduce the problem without any 3rd party modules.

comment:2 by a.savickiy.cdnvideo.com@…, 2 years ago

Sorry for wasting your time..
The problem doesn`t occur on clear nginx without 3th party modules!
Thanks a lot for your help!

Version 0, edited 2 years ago by a.savickiy.cdnvideo.com@… (next)

comment:3 by Maxim Dounin, 2 years ago

Resolution: invalid
Status: newclosed

Thanks for checking, closing this.

Note: See TracTickets for help on using tickets.