From 86b273217d491fa947108780f84a829298100789 Mon Sep 17 00:00:00 2001
From: David Papp <pappdav@gmail.com>
Date: Thu, 18 Sep 2025 10:39:23 +0200
Subject: [PATCH] chore: Update ARXIGNIS version to 1.4-0 and enhance NGINX
 configuration with GEOIP support

---
 Dockerfile         |  2 +-
 example/nginx.conf | 32 ++++++++++++++++++++++++++++++--
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 14e1f6e..c5fda1a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -292,7 +292,7 @@ CMD ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"]
 STOPSIGNAL SIGQUIT
 
 FROM openresty-builder AS runtime
-ENV ARXIGNIS_VERSION="1.3-1"
+ENV ARXIGNIS_VERSION="1.4-0"
 
 WORKDIR /etc/nginx
 
diff --git a/example/nginx.conf b/example/nginx.conf
index 651afaf..7a56b84 100644
--- a/example/nginx.conf
+++ b/example/nginx.conf
@@ -4,7 +4,7 @@ worker_processes  1;
 
 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
-error_log  /var/log/nginx/error.log  warn;
+error_log  /var/log/nginx/error.log  info;
 
 #pid        logs/nginx.pid;
 
@@ -19,6 +19,8 @@ env ARXIGNIS_API_KEY;
 env ARXIGNIS_API_URL;
 env ARXIGNIS_MODE;
 env ARXIGNIS_CAPTCHA_PROVIDER;
+env ARXIGNIS_ACCESS_RULE_ID;
+# env ARXIGNIS_API_SSL_VERIFY;
 
 http {
     include       mime.types;
@@ -29,6 +31,29 @@ http {
     lua_shared_dict arxignis_queue 50m;
     lua_code_cache off;
 
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from 10.0.0.0/8;
+    set_real_ip_from 172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    set_real_ip_from 100.64.0.0/10;
+    set_real_ip_from 169.254.0.0/16;
+
+
+    geoip2 /usr/local/share/GeoIP/GeoLite2-Country.mmdb {
+        auto_reload 5m;
+        $geoip2_metadata_country_build metadata build_epoch;
+        $geoip2_data_country_code default=US source=$remote_addr country iso_code;
+        $geoip2_data_country_name country names en;
+    }
+
+    geoip2 /usr/local/share/GeoIP/GeoLite2-ASN.mmdb {
+        auto_reload 5m;
+        $geoip2_metadata_asn_build metadata build_epoch;
+        $geoip2_data_asn source=$remote_addr autonomous_system_number;
+        $geoip2_data_org source=$remote_addr autonomous_system_organization;
+    }
+
 
     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
     #                  '$status $body_bytes_sent "$http_referer" '
@@ -74,7 +99,10 @@ http {
 
         access_by_lua_block {
           local arxignis = require("resty.arxignis")
-          arxignis.remediate(ngx.var.remote_addr)
+          -- If GEOIP is not available, pass nil for country and asn
+          -- arxignis.remediate(ngx.var.remote_addr, nil, nil)
+          -- If GEOIP is available, pass the country and asn
+          arxignis.remediate(ngx.var.remote_addr, ngx.var.geoip2_data_country_code, ngx.var.geoip2_data_asn)
         }
 
         #charset koi8-r;