Configure MAXMIND for reverse IP lookups

What is MAXMIND and why would I want it?

Discourse uses MAXMIND to provide geographical information for reverse IP lookups.

Without Maxmind’s database you’ll see something like this:

Or perhaps you’ve noticed this message fly by when you rebuild your container:

MaxMind IP database download requires an account ID and a license key
Please set DISCOURSE_MAXMIND_ACCOUNT_ID and DISCOURSE_MAXMIND_LICENSE_KEY. See https://meta.discourse.org/t/configure-maxmind-for-reverse-ip-lookups/173941 for more details.

Why would I care?

It’s often useful for moderators to see where someone is logging in from to determine if the person is who (and where) they say they are or to diagnose problems with your site. (“Oh, we frequently see problems with Special-ISP”.)

Also, as of 2.2.0.beta4, Discourse also uses this information to notify admins if a login is seen from a new location. Without the Maxmind database, Discourse cannot provide this notification.

What if I don’t setup a MaxMind account and generate a license key

You won’t be able to do reverse lookups. If the issues above do not concern you, then it is a good bet that nothing bad will happen if you just ignore this.

How do I setup a MaxMind account and obtain an Account ID and a license key?

See Maxmind’s https://support.maxmind.com/hc/en-us/articles/4407111582235-Generate-a-License-Key page for up-to-date instructions, but you need to

• Visit the GeoLite2 Sign Up page.
• generate a license key on the Manage License Keys tab in the left navigation bar once you’ve logged in. Generate a new key, and copy the account ID and the license key. If you lose it, you’ll need to generate a new one.

You then add that key to the ENV section of your app.yml with a line like this:

  DISCOURSE_MAXMIND_ACCOUNT_ID: your-account-id-here
  DISCOURSE_MAXMIND_LICENSE_KEY: your-key-here

Or via discourse-setup when prompted.

Notes for IPv6 users

The Standard install doesn’t fully support IPv6 out of the box. If you have a server with IPv6 configured and need Maxmind information for IPv6 addresses, you’ll need to make sure that the user’s actual IP address is what is getting to Discourse, normally by using an external proxy that passes the remote IP address to Discourse. This requires more systems administration expertise than the standard install.

@pfaffman , the URL to ‘My License Keys’ contains your account ID at MaxMind and therefore won’t work for anyone but you

Works for me!

What’s funny, though is that no one else has complained in 3 years! It’s a wiki, so you can fix it. I’ll try to update when I get to a computer if I can manage to remember.

Shows how many people actually read pages likes these

I’ve edited the page

Right!? And I spent a fair amount of time creating it. Not sure how I missed that the link worked just for me, but I guess having to log in was enough to distract me and maybe lots of other people.

Just a curiosity question @evert, did you mean to leave the brackets there? If so, would it perhaps look better as a button?

<kbd>Manage License Keys</kbd>

Sure, why not?

So far as I can tell I’m good to go

but all users show location “unknown”

Any help is appreciated.

You need to remove the # character in front and rebuild. The # character makes the entire line a comment in the YAML file.

Thank you, just write out and exit or rebuild too?

You have to rebuild. Discourse won’t see app.yml changes otherwise.

Thank you, done and working

It probably goes without saying for most here, but someone using a VPN may generate more alerts than others. It’s a nudge for the admins but doesn’t necessarily indicate a nefarious user.

Perfect! thank for this tutorial.

Excuse me,
When Discourse performs an IP lookup (reverse-IP) for the admin panel, does it rely on an offline GeoIP database or does it query an external API each time?

thanks!!

For context, my preference is to handle IP lookups offline by pointing Discourse to a local GeoLite2-City.mmdb file, rather than calling an external API.

Yet not support to IPV6? maybe be time to redirect this traffic to v4 ):