Rewrite Geoblock (use new mmdb)

lib.sh

@@ -134,6 +134,10 @@ nc_update() {
     NCBAD=$((NCMAJOR-2))
     NCNEXT="$((${CURRENTVERSION%%.*}+1))"
 }
+maxmind_geoip() {
+    # shellcheck source=/dev/null
+    source <(curl -sL https://shortio.hanssonit.se/t3vm7ro4CP)
+}
 # Set the hour for automatic updates. This would be 18:00 as only the hour is configurable.
 AUT_UPDATES_TIME="18"
 # Keys
@@ -394,55 +398,31 @@ curl "https://api.metadefender.com/v4/hash/$hash" -H "apikey: $apikey"
 }
 
 # Used in geoblock.sh
-download_geoip_dat() {
-# 1 = IP version 4 or 6
-# 2 = v4 or v6
-if site_200 https://dl.miyuru.lk/geoip/maxmind/country/maxmind"$1".dat.gz
-then
-    curl_to_dir https://dl.miyuru.lk/geoip/maxmind/country maxmind"$1".dat.gz /tmp
-    # Scan file for virus
-    if ! metadefender-scan /tmp/maxmind"$1".dat.gz | grep '"scan_all_result_a":"No Threat Detected","current_av_result_a":"No Threat Detected"'
+download_geoip_mmdb() {
+    maxmind_geoip
+    export MwKfcYATm43NMT
+    export i9HL69SLnp4ymy 
+    {
+    echo "GEOIPUPDATE_ACCOUNT_ID=$MwKfcYATm43NMT"
+    echo "GEOIPUPDATE_LICENSE_KEY=$i9HL69SLnp4ymy"
+    echo "GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country"
+    echo "GEOIPUPDATE_FREQUENCY=0"
+    echo "GEOIPUPDATE_PRESERVE_FILE_TIMES=1"
+    echo "GEOIPUPDATE_VERBOSE=1"
+    } > /tmp/dockerenv
+    unset MwKfcYATm43NMT
+    unset i9HL69SLnp4ymy 
+    install_docker
+    if docker run --name maxmind --env-file /tmp/dockerenv -v /usr/share/GeoIP:/usr/share/GeoIP ghcr.io/maxmind/geoipupdate
     then
-        msg_box "Potential threat found in /tmp/maxmind$1.dat.gz! Please report this to $ISSUES. We will now delete the file!"
-        rm -f /tmp/maxmind"$1".dat.gz
+        docker rm -f maxmind
+        rm -f /tmp/dockerenv
     else
-        install_if_not gzip
-        gzip -d /tmp/maxmind"$1".dat.gz
-        mv /tmp/maxmind"$1".dat /usr/share/GeoIP/GeoIP"$2".dat
-        chown root:root /usr/share/GeoIP/GeoIP"$2".dat
-        chmod 644 /usr/share/GeoIP/GeoIP"$2".dat
-        find "$SCRIPTS" -type f -regex "$SCRIPTS/202[0-9]-[01][0-9]-Maxmind-Country-IP$2\.dat" -delete
-        rm -f /usr/share/GeoIP/GeoIP.dat
-    fi
-fi
-}
-
-get_newest_dat_files() {
-# Check current month and year
-CURR_MONTH="$(date +%B)"
-# https://stackoverflow.com/a/12487455
-CURR_MONTH="${CURR_MONTH^}"
-CURR_YEAR="$(date +%Y)"
-
-# Check latest updated
-if site_200 https://www.miyuru.lk/geoiplegacy
-then
-    if curl -s https://www.miyuru.lk/geoiplegacy | grep -q "$CURR_MONTH $CURR_YEAR"
-    then
-        # DIFF local file with month from curl
-        # This is to know if the online file is the same month as the local file
-        LOCAL_FILE_TIMESTAMP=$(date -r /usr/share/GeoIP/GeoIPv4.dat "+%B %Y")
-        LOCAL_FILE_TIMESTAMP="${LOCAL_FILE_TIMESTAMP^}"
-        ONLINE_FILE_TIMESTAMP="$CURR_MONTH $CURR_YEAR"
-        if [ "$ONLINE_FILE_TIMESTAMP" != "$LOCAL_FILE_TIMESTAMP" ]
-        then
-            # IPv4
-            download_geoip_dat "4" "v4"
-            # IPv6
-            download_geoip_dat "6" "v6"
-        fi
+        docker rm -f maxmind
+        rm -f /tmp/dockerenv
+        msg_box "Update limit for Maxmind GeoDatabase reached! Please try again tomorrow."
+        return 1
     fi
-fi
 }
 
 # Check if process is runnnig: is_process_running dpkg

network/geoblock.sh

@@ -29,34 +29,46 @@ then
 else
     # Ask for removal or reinstallation
     reinstall_remove_menu "$SCRIPT_NAME"
-    # Removal
+    # Remove old database files
     find /var/scripts -type f -regex \
 "$SCRIPTS/202[0-9]-[01][0-9]-Maxmind-Country-IPv[46]\.dat" -delete
+    # Remove Apache2 mod
     if is_this_installed libapache2-mod-geoip
     then
         a2dismod geoip
         apt-get purge libapache2-mod-geoip -y
-        rm -rf /usr/share/GeoIP
     fi
-    apt-get autoremove -y
+    # Remove PPA
+    if grep ^ /etc/apt/sources.list /etc/apt/sources.list.d/* | grep maxmind-ubuntu-ppa
+    then
+        install_if_not ppa-purge
+        ppa-purge maxmind/ppa
+        rm -f /etc/apt/sources.list.d/maxmind*
+    fi
+    # Remove  Apache config
     sed -i "/^#Geoip-block-start/,/^#Geoip-block-end/d" /etc/apache2/apache2.conf
     check_command systemctl restart apache2
     # Show successful uninstall if applicable
     removal_popup "$SCRIPT_NAME"
+    # Make sure it's clean from unused packages and files
+    apt purge libmaxminddb0* libmaxminddb-dev* mmdb-bin* -y
+    apt autoremove -y
+    rm -rf /usr/share/GeoIP
 fi
 
-# Install needed tools
-install_if_not libapache2-mod-geoip
+# Download GeoIP Databases
+if ! download_geoip_mmdb
+then
+   exit 1
+fi
 
-# Enable apache mod
-check_command a2enmod geoip rewrite
-check_command systemctl restart apache2
+##### GeoIP script (Apache Setup)
+# Install  requirements
+yes | add-apt-repository ppa:maxmind/ppa
+install_if_not libmaxminddb0 libmaxminddb-dev mmdb-bin
 
-# Download newest dat files
-# IPv4
-download_geoip_dat "4" "v4"
-# IPv6
-download_geoip_dat "6" "v6"
+check_command a2enmod rewrite remoteip
+check_command systemctl restart apache2
 
 # Restrict to countries and/or continents
 choice=$(whiptail --title "$TITLE"  --checklist \
@@ -160,22 +172,31 @@ then
     mapfile -t choice <<< "$choice"
 fi
 
+# Enable config
+{
+echo "MaxMindDBEnable On"
+echo "MaxMindDBFile COUNTRY_DB /usr/local/share/maxminddb/GeoLite2-Country.mmdb"
+echo "MaxMindDBFile CITY_DB /usr/local/share/maxminddb/GeoLite2-City.mmdb"
+} > /etc/apache2/mods-available/maxminddb.conf
+
+
 GEOIP_CONF="#Geoip-block-start - Please don't remove or change this line
-<IfModule mod_geoip.c>
-  GeoIPEnable On
-  GeoIPDBFile /usr/share/GeoIP/GeoIPv4.dat
-  GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat
+<IfModule mod_maxminddb.c>
+MaxMindDBEnable On
+MaxMindDBFile DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
+MaxMindDBFile DB /var/lib/GeoIP/GeoLite2-Country.mmdb
+MaxMindDBEnv MM_CONTINENT_CODE DB/continent/code
+MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
 </IfModule>
+
 <Location />\n"
 for continent in "${choice[@]}"
 do
-    GEOIP_CONF+="  SetEnvIf GEOIP_CONTINENT_CODE    $continent AllowCountryOrContinent\n"
-    GEOIP_CONF+="  SetEnvIf GEOIP_CONTINENT_CODE_V6 $continent AllowCountryOrContinent\n"
+    GEOIP_CONF+="  SetEnvIf MM_CONTINENT_CODE    $continent AllowCountryOrContinent\n"
 done
 for country in "${selected_options[@]}"
 do
-    GEOIP_CONF+="  SetEnvIf GEOIP_COUNTRY_CODE    $country AllowCountryOrContinent\n"
-    GEOIP_CONF+="  SetEnvIf GEOIP_COUNTRY_CODE_V6 $country AllowCountryOrContinent\n"
+    GEOIP_CONF+="  SetEnvIf MM_COUNTRY_CODE    $country AllowCountryOrContinent\n"
 done
 GEOIP_CONF+="  Allow from env=AllowCountryOrContinent
   Allow from 127.0.0.1/8

nextcloud_update.sh

@@ -582,19 +582,20 @@ fi
 # Get newest dat files for geoblock.sh
 if grep -q "^#Geoip-block" /etc/apache2/apache2.conf
 then
-    if get_newest_dat_files
+    if grep -c GeoIPDBFile /etc/apache2/apache2.conf
     then
-        if grep -c GeoIP.dat /etc/apache2/apache2.conf
+        msg_box "We have updated GeoIP to a new version which isn't compatible with the old one. Please reinstall with the menu script to get the latest version."
+        notify_admin_gui \
+"GeoBlock needs to be reinstalled!" \
+"We have updated GeoIP to a new version which isn't compatible with the old one.
+Please reinstall with the menu script to get the latest version.
+
+sudo bash /ar/scripts/menu.sh --> Server Configuration --> GeoBlock"
+    else
+        if download_geoip_mmdb
         then
-            if [ ! -f /usr/share/GeoIP/GeoIPv4.dat ]
-            then
-                if download_geoip_dat 4 v4
-                then
-                    sed -i "s|GeoIPDBFile /usr/share/GeoIP/GeoIP.dat|GeoIPDBFile /usr/share/GeoIP/GeoIPv4.dat|g" /etc/apache2/apache2.conf
-                fi
-            fi
+            check_command systemctl restart apache2
         fi
-        check_command systemctl restart apache2
     fi
 fi