😎
Docs
  • Tamm - Docs
  • Azure
    • Sentinel KQL Samples
    • Managed Identities
    • Deploy Sentinel with Terraform
  • Docker
    • Allow standard user to interact with Docker
    • Install Docker
    • Installing and working with Traefik
    • Installing specific version of Docker
    • Deploy Guacamole
    • Traefik geoblock
    • Unpoller Prometheus UCG Ultra
  • HomeAssistant
    • HAOS install on Proxmox
    • Zigbee2MQTT
    • HAOS Reverse Proxy
    • ZBDongle-E
  • Kali
    • Enable RDP
  • Kubernetes
    • Cert manager with Cloudflare
    • On prem loadbalancer metallb
    • Nginx ingress
    • Cloudinit Rancher ubuntu
    • Rancher Ubuntu 18.04 node template
    • Velero with minio backend
    • vsphere pvc (in-tree)
    • Velero cheat sheet
    • nginx annotations examples
  • Linux
    • Expand lvm disk vmware
    • Expand lvm disk fresh install
    • Disk usage
    • flush-dns
    • Netplan config example
    • Add user in photon OS
    • SSH-Keys
    • Set timezone
    • sudo nopasswd
    • Add custom alias
    • Rocky Linux commands
  • macOS
    • Uninstall System extensions
    • 1Password Github setup
  • Microsoft 365
    • Powershell Cheat sheet
  • Portainer
    • Install Portainer
    • Add docker node
  • Powershell
    • GenericList example
    • Mixed stuff n things
    • Synopsis Template
    • Powershell Oh-my-posh
    • Powershell Sync Profile
    • Cleanup and install MS Graph module
  • Proxmox
    • Disable No Subscription notification
    • Import from vmware error
    • Proxmox commands
    • Proxmox on Intel NUC
    • Proxmox E1000
  • Terraform
    • Getting started
    • Deploy Sentinel
  • Unifi
    • Unifi Network App (migration)
    • Slow vlan throughput
    • interface-explanation
  • Windows
    • Network settings access denied
    • Windows GVLK Keys
    • Windows Server 2025
Powered by GitBook
On this page

Was this helpful?

  1. Docker

Traefik geoblock

PreviousDeploy GuacamoleNextUnpoller Prometheus UCG Ultra

Last updated 7 months ago

Was this helpful?

Using the plugin:


  1. edit your yml and add

Installs the plugin

     # Installs the plugin
      - "--experimental.plugins.geoblock.modulename=github.com/PascalMinder/geoblock"
      - "--experimental.plugins.geoblock.version=v0.2.8"

And this, which makes the entrypoint use the middleware

      - "--entrypoints.websecure.http.middlewares=my-geoblock@file"

Full yml example

version: '3.3'
services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: unless-stopped
    logging:
     driver: "json-file"
     options:
        max-size: 10m
        max-file: "5"
    command:
      - "--accesslog=true"
      - "--accesslog.filepath=/var/log/traefik/access.log"
      - "--log.filePath=/var/log//traefik/traefik.log"
      - "--log.level=DEBUG"
      - "--api.insecure=true"
     # Letsencrypt cert cloudflare
      - "--certificatesresolvers.letsencrypt.acme.email=<email>"
      - "--certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.dnsChallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=10"    
      # Enable the Trafik dashboard
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
     # Global redirect http till https
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
     # Middleware entrypoint
     # Sets the my-geoblock@file (local file provdider so all "all" sites use it)
      - "--entrypoints.websecure.http.middlewares=my-geoblock@file"
     # Installs the plugin
      - "--experimental.plugins.geoblock.modulename=github.com/PascalMinder/geoblock"
      - "--experimental.plugins.geoblock.version=v0.2.8"
     # Dynamic file folder 
      - "--providers.file.directory=/configuration"
      - "--providers.file.watch=true"
      # Disable backend ssl check
      - "--serverstransport.insecureskipverify=true"
    ports:
      - "80:80"
      - "443:443"
      # 8080 traefik dashboard
      - "8080:8080"
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - 'traefik-configurations:/configuration'
      - 'traefik-logs:/var/log/traefik'
      - 'acme:/acme'
    environment:
      - "CLOUDFLARE_EMAIL=<email>"
      - "CLOUDFLARE_DNS_API_TOKEN=<token>"
      - TZ=Europe/Stockholm
    network_mode: host  
volumes:
  traefik-configurations:
  acme:
  traefik-logs:
  1. Execute a shell on your container and go to the dynamic file directoruy, /configurations in my case

  2. create a file, lets call it "middleware-geoblock.yml"

  3. add content (adapt to your needs)

  4. example file in "allowList mode" (blackListMode: false)

http:
    middlewares:
        my-geoblock:
            plugin:
                geoblock:
                    allowLocalRequests: "true"
                    allowUnknownCountries: "false"
                    api: https://get.geojs.io/v1/ip/country/{ip}
                    apiTimeoutMs: "150"
                    cacheSize: "15"
                    countries:
                        - SE
                        - AX
                    forceMonthlyUpdate: "true"
                    logAllowedRequests: "false"
                    logApiRequests: "true"
                    logLocalRequests: "false"
                    silentStartUp: "false"
                    unknownCountryApiResponse: nil
                    blackListMode: false
                    httpStatusCodeDeniedRequest: 404
  1. Restart the container

  2. Give it a go

https://plugins.traefik.io/plugins/62d6ce04832ba9805374d62c/geo-block