** 2025-10-14 ** 792 words, 4 minutes

1. Required packages
2. GeoLite2 databases
3. nginx configuration
4. Usage

There are a few times when I want to check which public IP I am browsing from… I used to use the WhatsMyIP sites but the Internet being what it is these days, I switched to using my SearXNG instance which has the IP plugin enabled.

Still, there are times I need to get my IP from a script and want a dead simple option for this. So I switched to using nginx and GeoLite2.

I was looking at some Web 3.0 pretty GUI but mostly found bloated stuff made out of Go or Rust or Node.js. I finally stumbled upon ipinfo.tw which had both the advantage of requiring little stuff to run and providing all the informations I wanted without unnecessary extra stuff. The only drawback is that it is supposed to run using Docker… Which doesn’t match my OpenBSD requirements. But I am Docker-fluent enough to understand a Dockerfile, reverse engineer it and have it working on OpenBSD.

The overall process is that for each HTTP connection, nginx will query the incoming IP from GeoLite2 databases, format a text HTTP response and send it back to the HTTP client.

Required packages

From a bare OpenBSD instance, one has to install the nginx package and its nginx-geoip2 module package.

# pkg_add nginx-geoip2 nginx

Unfortunately, OpenBSD doesn’t provide the latest version of the GeoLite2 databases. Because

Last version prior to license change https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/ Up to date files available free of charge, but an account and EULA agreement are needed: https://dev.maxmind.com/geoip/geolite2-free-geolocation-data/

GeoLite2 databases

You can sign up for free GeoLite databases access from https://www.maxmind.com/en/geolite2/signup . For reasons, I had to use a Gmail account for it to work… When done, sign in and create License key. Write down your Account ID and License key. There seem to be an existing software, Automatic Updates for GeoIP Databases, that will update the databases. But I’d rather use my own script.

# pkg_add wget
# vi /opt/bin/update-geoip

#!/bin/ksh

LICENSE="<change_me>"
URL="https://download.maxmind.com/app/geoip_download?license_key=${LICENSE}&edition_id="

cd /var/www/cache
for DB in GeoLite2-ASN GeoLite2-City; do
doas -u www wget -q -O ${DB}.tar.gz "${URL}${DB}&suffix=tar.gz"
doas -u www tar -xzf ${DB}.tar.gz -s ':.*/::' '*.mmdb'
rm ${DB}.tar.gz
rcctl reload nginx
done
cd -

exit 0
#EOF

# chmod 0755 /opt/bin/update-geoip
# /opt/bin/update-geoip

Setting up a cron job to daily update the databases ensures I get the latest information.

nginx configuration

Stealing configuration bits from ipinfo.tw, and adapting it to OpenBSD, the nginx configuration to send back IP information from HTTP queries goes like this:

# vi /etc/nginx/nginx.conf

#user  www;
worker_processes auto;
load_module modules/ngx_http_geoip2_module.so;
pid logs/nginx.pid;
worker_rlimit_nofile 32768;
events {
accept_mutex       off;
multi_accept       on;
worker_connections 4096;
}
http {
# query city databases
geoip2 /var/www/htdocs/GeoLite2-City.mmdb {
auto_reload          1d;
$ip_continent_name   source=$remote_addr continent names en;
$ip_country_code     source=$remote_addr country iso_code;
$ip_country_name     source=$remote_addr country names en;
$ip_subdivision_name source=$remote_addr subdivisions 0 names en;
$ip_city_code        source=$remote_addr postal code;
$ip_city_name        source=$remote_addr city names en;
$ip_loc_lat          source=$remote_addr location latitude;
$ip_loc_lon          source=$remote_addr location longitude;
$ip_loc_tz           source=$remote_addr location time_zone;
}
# if values are empty, deal with it for proper output
map $ip_subdivision_name $subdivision_name {
""      "n/a";
default $ip_subdivision_name;
}
map $ip_city_code $city_code {
""      "";
default "($ip_city_code)";
}
map $ip_city_name $city_name {
""      "n/a";
default $ip_city_name;
}
# query provider database
geoip2 /var/www/htdocs/GeoLite2-ASN.mmdb {
auto_reload        1d;
$ip_asn            source=$remote_addr autonomous_system_number;
$ip_aso            source=$remote_addr autonomous_system_organization;
$ip_as_build_epoch metadata build_epoch;
}
include              mime.types;
default_type         text/plain;
index index.html     index.htm;
tcp_nopush           on;
keepalive_timeout    60;
gzip                 on;
server_tokens        off;
autoindex            off;
client_max_body_size 512k;
keepalive_requests   100;
tcp_nodelay          on;
types_hash_max_size  2048;
server {
listen      80;
listen      [::]:80;
server_name ip.example.com;
root        /var/www/htdocs;
charset     utf-8;
error_page  500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/htdocs;
}
real_ip_header   X-Real-IP;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
add_header X-Powered-By            "Inspired by ipinfo.tw/github" always;
add_header Cache-Control           "no-store" always;
add_header X-Frame-Options         "SAMEORIGIN" always;
add_header X-XSS-Protection        "1; mode=block" always;
add_header X-Content-Type-Options  "nosniff" always;
add_header Referrer-Policy         "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'none'; img-src 'self'" always;
location = / {
return 200 "Public IP:  $remote_addr
---
Continent:  $ip_continent_name
Country:    $ip_country_name ($ip_country_code)
Region:     $subdivision_name
City:       $city_name $city_code [$ip_loc_lat/$ip_loc_lon]
---
Provider:   $ip_aso (AS$ip_asn)
---
Timezone:   $ip_loc_tz
User-Agent: $http_user_agent";
}
location = /ip { return 200 "$remote_addr\n"; }
location = /country { return 200 "$ip_country_name\n"; }
location = /json {
default_type application/json;
return 200 "{\"ip\":\"$remote_addr\",\"continent_name\":\"$ip_continent_name\",\"country_name\":\"$ip_country_name\",\"country_code\":\"$ip_country_code\",\"region\":\"$subdivision_name\",\"city\":\"$city_name\",\"city_code\":\"$city_code\",\"latitude\":\"$ip_loc_lat\",\"longitude\":\"$ip_loc_lon\",\"provider\":\"$ip_aso\",\"asn\":\"$ip_asn\",\"timezone\":\"$ip_loc_tz\",\"user-agent\":\"$http_user_agent\"}";
}
}
}

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

# rcctl enable nginx
# rcctl start nginx

Usage

Browse to the published URL using a Web browser or a command line to get the results.

# curl http://example.com
Public IP:  192.0.2.144
---
Continent:  Europe
Country:    France (FR)
Region:     Île-de-France
City:       Paris (75001) [48.864716/2.349014]
---
Provider:   Orange (AS3215)
---
Timezone:   Europe/Paris
User-Agent: curl/8.14.0

# curl http://example.com/json

{"ip":"192.0.2.144","continent_name":"Europe","country_name":"France","country_code":"FR","region":"Île-de-France","city":"Paris","city_code":"(75001)","latitude":"48.864716","longitude":"2.349014","provider":"Orange","asn":"3215","timezone":"Europe/Paris","user-agent":"curl/8.14.0"}

For those of you that trust people on the Internet, I’ve configured such service on noGoo.me. You can use https://ip.nogoo.me if you like to.