Traefik geoblock
Using the plugin: https://plugins.traefik.io/plugins/62d6ce04832ba9805374d62c/geo-block
edit your yml and add
Installs the plugin
# Installs the plugin
- "--experimental.plugins.geoblock.modulename=github.com/PascalMinder/geoblock"
- "--experimental.plugins.geoblock.version=v0.2.8"And this, which makes the entrypoint use the middleware
- "--entrypoints.websecure.http.middlewares=my-geoblock@file"Full yml example
version: '3.3'
services:
traefik:
image: "traefik:latest"
container_name: "traefik"
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: 10m
max-file: "5"
command:
- "--accesslog=true"
- "--accesslog.filepath=/var/log/traefik/access.log"
- "--log.filePath=/var/log//traefik/traefik.log"
- "--log.level=DEBUG"
- "--api.insecure=true"
# Letsencrypt cert cloudflare
- "--certificatesresolvers.letsencrypt.acme.email=<email>"
- "--certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json"
- "--certificatesresolvers.letsencrypt.acme.dnsChallenge=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=10"
# Enable the Trafik dashboard
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# Global redirect http till https
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# Middleware entrypoint
# Sets the my-geoblock@file (local file provdider so all "all" sites use it)
- "--entrypoints.websecure.http.middlewares=my-geoblock@file"
# Installs the plugin
- "--experimental.plugins.geoblock.modulename=github.com/PascalMinder/geoblock"
- "--experimental.plugins.geoblock.version=v0.2.8"
# Dynamic file folder
- "--providers.file.directory=/configuration"
- "--providers.file.watch=true"
# Disable backend ssl check
- "--serverstransport.insecureskipverify=true"
ports:
- "80:80"
- "443:443"
# 8080 traefik dashboard
- "8080:8080"
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- 'traefik-configurations:/configuration'
- 'traefik-logs:/var/log/traefik'
- 'acme:/acme'
environment:
- "CLOUDFLARE_EMAIL=<email>"
- "CLOUDFLARE_DNS_API_TOKEN=<token>"
- TZ=Europe/Stockholm
network_mode: host
volumes:
traefik-configurations:
acme:
traefik-logs:Execute a shell on your container and go to the dynamic file directoruy, /configurations in my case
create a file, lets call it "middleware-geoblock.yml"
add content (adapt to your needs)
example file in "allowList mode" (blackListMode: false)
http:
middlewares:
my-geoblock:
plugin:
geoblock:
allowLocalRequests: "true"
allowUnknownCountries: "false"
api: https://get.geojs.io/v1/ip/country/{ip}
apiTimeoutMs: "150"
cacheSize: "15"
countries:
- SE
- AX
forceMonthlyUpdate: "true"
logAllowedRequests: "false"
logApiRequests: "true"
logLocalRequests: "false"
silentStartUp: "false"
unknownCountryApiResponse: nil
blackListMode: false
httpStatusCodeDeniedRequest: 404Restart the container
Give it a go
Last updated