ContextQMD
Back to Authentik

GeoIP

website/docs/sys-mgmt/ops/geoip.mdx

latest3.0 KB
Original Source

GeoIP

authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a GeoIP policy can be used to make policy decisions based on the lookup result.

Configuration

:::info Starting with authentik 2022.12, GeoIP is bundled and does not require any additional setup. :::

By default, the GeoIP database is loaded from /geoip/GeoLite2-City.mmdb. If more frequent database updates are desired, a volume can be mounted to /geoip to update this file externally. authentik will automatically re-load the file when it changes.

Deactivating GeoIP

If you want to disable GeoIP, you can set the path to a non-existent path and authentik will skip the GeoIP.

import TabItem from "@theme/TabItem"; import Tabs from "@theme/Tabs";

<Tabs defaultValue="docker-compose" values={[ {label: 'Docker Compose', value: 'docker-compose'}, {label: 'Kubernetes', value: 'kubernetes'}, ]}> <TabItem value="docker-compose"> Add the following block to your .env file:

shell
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__GEOIP=/tmp/non-existent-file
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__ASN=/tmp/non-existent-file

Afterwards, run the upgrade commands from the latest release notes.

</TabItem> <TabItem value="kubernetes"> Add the following block to your `values.yml` file:
yaml
authentik:
    events:
        context_processors:
            geoip: "/tmp/non-existent-file"
            asn: "/tmp/non-existent-file"

Afterwards, run the upgrade commands from the latest release notes.

</TabItem> </Tabs>

External updates

Sign up for a free MaxMind account here.

<Tabs defaultValue="docker-compose" values={[ {label: 'Docker Compose', value: 'docker-compose'}, {label: 'Kubernetes', value: 'kubernetes'}, ]}> <TabItem value="docker-compose">

Add the following block to a compose.override.yml file in the same folder as the authentik docker-compose file:

yaml
services:
    server:
        volumes:
            - geoip:/geoip
    worker:
        volumes:
            - geoip:/geoip
    geoipupdate:
        image: "maxmindinc/geoipupdate:latest"
        volumes:
            - "geoip:/usr/share/GeoIP"
        environment:
            GEOIPUPDATE_EDITION_IDS: "GeoLite2-City GeoLite2-ASN"
            GEOIPUPDATE_FREQUENCY: "8"
            GEOIPUPDATE_ACCOUNT_ID: "*your account ID*"
            GEOIPUPDATE_LICENSE_KEY: "*your license key*"
volumes:
    geoip:
        driver: local

Afterwards, run the upgrade commands from the latest release notes.

</TabItem> <TabItem value="kubernetes"> Add the following block to your `values.yml` file:
yaml
geoip:
    enabled: true
    accountId: "*your account ID*"
    licenseKey: "*your license key*"
    editionIds: "GeoLite2-City GeoLite2-ASN"
    image: maxmindinc/geoipupdate:v4.8
    updateInterval: 8

Afterwards, run the upgrade commands from the latest release notes.

</TabItem> </Tabs>