Add Lab11 for GeoIP (#77)

* lab11 initial

* lab11 initial

* add geoip test

* add geoip test

* add media

* add icons

* update dc configs

* add downloads config

* add downloads config

* add downloads config

* lab11 updates

* lab11 updates

* lab11 updates

* update outline

* update outline

* lab11 update

* remove extra file

* add icons

* add icons

* fix Nginx > NGINX

Author: chrisakker

labs/lab10/readme.md

@@ -171,6 +171,4 @@ az grafana delete --name $MY_GRAFANA --resource-group $MY_RESOURCEGROUP --yes
 
 -------------
 
-Navigate to ([Lab Guide](../readme.md))
-
-
+Navigate to ([Lab11](../lab11/readme.md) | [LabGuide](../readme.md))

labs/lab11/GeoIP.conf

@@ -0,0 +1,13 @@
+# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
+# Used to update GeoIP databases from https://www.maxmind.com.
+# For more information about this config file, visit the docs at
+# https://dev.maxmind.com/geoip/updating-databases.
+
+# `AccountID` is from your MaxMind account.
+AccountID xxxxxxx
+
+# `LicenseKey` is from your MaxMind account.
+LicenseKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+# `EditionIDs` is from your MaxMind account.
+EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country

labs/lab11/as.geo.example.com.conf

@@ -0,0 +1,19 @@
+# Nginx 4 Azure - as.geo.example.com.conf
+# Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025
+#
+# Nginx Server Block for GeoIP Continent Routing
+#
+# Asia Data Center
+#
+server {
+    listen 80;
+    server_name as.geo.example.com;
+
+    location / {
+
+        return 200 "Welcome to N4A Workshop, website $host\n";
+        add_header X-DCTEST-FQDN $host;
+
+    }
+
+}

labs/lab11/downloads.example.com.conf

@@ -0,0 +1,41 @@
+# Nginx 4 Azure - downloads.example.com.conf
+# Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025
+#
+# Nginx Map Block for Country Download Export Control
+#
+map $geoip2_data_continent_code $is_allowed {
+    CA      1;    # Canada
+    FR      1;    # France
+    DE      1;    # Germany
+    IT      1;    # Italy
+    JP      1;    # Japan
+    UK      1;    # United Kingdom
+    US      1;    # United States
+    default 0;   
+}
+# Download Server
+#
+server {
+    listen 80;
+    server_name downloads.example.com;
+
+    access_log /var/log/nginx/downloads.example.com.log geoip2;  # Add new GeoIP2 logging
+
+    location /downloads {
+
+        if ($is_allowed = 0) {
+            return 403 "Access not allowed from\nCountry: $geoip2_data_country_iso_code\n";
+        }
+
+        return 200 "Welcome to the /downloads URI\nYour IP Address is: $remote_addr\nFrom CountryISO: $geoip2_data_country_iso_code\n";       
+    }
+    #
+    # Test Source IPs using XFF Header
+    #
+    location /testip {
+
+        return 200 "Welcome to /downloads test, GeoIP2 tested IP: $http_x_forwarded_for from\nContinent: $test_geoip2_data_continent_code\nCountryISO: $test_geoip2_data_country_iso_code\n";
+
+    }
+
+}

labs/lab11/eu.geo.example.com.conf

@@ -0,0 +1,18 @@
+# Nginx 4 Azure - eu.geo.example.com.conf
+# Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025
+#
+# Nginx Server Block for GeoIP Continent Routing
+#
+# European Data Center
+#
+server {
+    listen 80;
+    server_name eu.geo.example.com;
+
+    location / {
+
+        return 200 "Welcome to N4A Workshop, website $host\n";
+        add_header X-DCTEST-FQDN $host;
+
+    }
+}

labs/lab11/geo.example.com.conf

@@ -0,0 +1,40 @@
+# Nginx 4 Azure - geo.example.com.conf
+# Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025
+#
+# Nginx Map Block for GeoIP Continent Routing
+#
+map $geoip2_data_continent_code $nearest_data_center {  
+    EU      eu;      # Routes to eu.geo.example.com
+    NA      na;      # Routes to na.geo.example.com
+    AS      as;      # Routes to as.geo.example.com
+    default na;      # Routes to na.geo.example.com
+
+}
+# Main website
+server {
+    listen 80;
+    server_name geo.example.com;
+
+    location / {
+
+        return 200 "Welcome to N4A Workshop, GeoIP tracked your IP: $remote_addr from\nContinent: $geoip2_data_continent_code\nCountryISO: $geoip2_data_country_iso_code\nCity: $geoip2_data_city_name\nPostal: $geoip2_data_postal_code\nLat-Long: $geoip2_data_latitude $geoip2_data_longitude\nState: $geoip2_data_state_name\nStateISO: $geoip2_data_state_code\n";
+
+    }
+    #
+    # Data Center Redirect based on Continent
+    #
+    location /dctest {
+        return 301 http://$nearest_data_center.geo.example.com;     # Use HTTP Redirect to closest Data Center
+        add_header X-GeoIP-Continent $nearest_data_center;          # Add an HTTP Header for tracking
+    }
+    #
+    # Test Source IPs using XFF Header
+    #
+    location /testip {
+
+        return 200 "Welcome to N4A Workshop, GeoIP2 tested IP: $http_x_forwarded_for from\nContinent: $test_geoip2_data_continent_code\nCountryISO: $test_geoip2_data_country_iso_code\nCity: $test_geoip2_data_city_name\nPostal: $test_geoip2_data_postal_code\nLat-Long: $test_geoip2_data_latitude $test_geoip2_data_longitude\nState: $test_geoip2_data_state_name\nStateISO: $test_geoip2_data_state_code\n";
+
+    }
+
+
+}

labs/lab11/geoip2_variables.conf

@@ -0,0 +1,36 @@
+# Nginx 4 Azure - geoip2_variables.conf
+# Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025
+#
+# Using "GeoLite2-Country" as one of the EditionIDs in /etc/nginx/GeoIP.conf
+# Using "GeoLite2-City" as one of the EditionIDs in /etc/nginx/GeoIP.conf
+#
+# Set geoip2_ variables from City Database
+geoip2 /usr/local/share/GeoIP/GeoLite2-City.mmdb {
+    $geoip2_data_city_name   city names en;
+    $geoip2_data_postal_code postal code;
+    $geoip2_data_latitude    location latitude;
+    $geoip2_data_longitude   location longitude;
+    $geoip2_data_state_name  subdivisions 0 names en;
+    $geoip2_data_state_code  subdivisions 0 iso_code;
+
+# Test IP Address from XFF Header
+    $test_geoip2_data_city_name   source=$http_x_forwarded_for city names en;
+    $test_geoip2_data_postal_code source=$http_x_forwarded_for postal code;
+    $test_geoip2_data_latitude    source=$http_x_forwarded_for location latitude;
+    $test_geoip2_data_longitude   source=$http_x_forwarded_for location longitude;
+    $test_geoip2_data_state_name  source=$http_x_forwarded_for subdivisions 0 names en;
+    $test_geoip2_data_state_code  source=$http_x_forwarded_for subdivisions 0 iso_code;
+}
+
+# Set geoip2_ variables from Country Database
+geoip2 /usr/local/share/GeoIP/GeoLite2-Country.mmdb {
+    $geoip2_data_continent_code   continent code;
+    $geoip2_data_country_iso_code country iso_code;
+
+# Test IP Address from XFF Header
+    $test_geoip2_data_continent_code   source=$http_x_forwarded_for continent code;
+    $test_geoip2_data_country_iso_code source=$http_x_forwarded_for country iso_code;
+}
+
+
+