Configure MAXMIND for reverse IP lookups

What is MAXMIND and why would I want it?

Discourse uses MAXMIND to provide geographical information for reverse IP lookups.

location

Without Maxmind’s database you’ll see something like this:
nolocation

Or perhaps you’ve noticed this message fly by when you rebuild your container:

MaxMind IP database updates require a license
Please set DISCOURSE_MAXMIND_LICENSE_KEY to one you generated at https://www.maxmind.com

Why Would I Care?

It’s often useful for moderators to see where someone is logging in from to determine if the person is who (and where) they say they are or to diagnose problems with your site. (“Oh, we frequently see problems with Special-ISP”.)

Also, as of 2.2.0.beta4, Discourse also uses this information to notify admins if a login is seen from a new location. Without the Maxmind database, Discourse cannot provide this notification.

What if I don’t get a key?

You won’t be able to do reverse lookups. If the issues above do not concern you, then it is a good bet that nothing bad will happen if you just ignore this.

How Do I Get a Key?

See Maxmind’s https://support.maxmind.com/hc/en-us/articles/4407111582235-Generate-a-License-Key page for up-to-date instructions, but you need to

  • Visit the GeoLite2 Sign Up page.
  • generate a license key on the “My License Keys” link on the left navigation bar once you’ve logged in. Generate a new key, and copy the value. If you lose it, you’ll need to generate a new one.

You then add that key to the ENV section of your app.yml with a line like this:

  DISCOURSE_MAXMIND_LICENSE_KEY: your-key-here

Or via discourse-setup when prompted.

Notes for IPv6 users

The Standard install doesn’t fully support IPv6 out of the box. If you have a server with IPv6 configured and need Maxmind information for IPv6 addresses, you’ll need to make sure that the user’s actual IP address is what is getting to Discourse, normally by using an external proxy that passes the remote IP address to Discourse. This requires more systems administration expertise than the standard install.

21 Likes

I didn’t set this up when I installed discourse. Is there a way to add it without doing a full rebuild?

1 Like

There is not. A full rebuild is required. And I believe that it’s broken right now, so you might wait until that’s resolved: Fail to download maxmind db with valid key & can download the DB from inside containerr

3 Likes

Thanks for the tip. I guess I’ll update the yml and wait for the next upgrade then.

2 Likes

Friend, I’m going to take advantage of the post and ask you a question, I use maxmind and I have a valid api key, but at the same time I use cloudflare in my installation, all users on my website showed the same IP, which in this case would be the IP of the cloudflare, with that I rebuilt my app and put the cloudflare template, with that the correct location of the users started to appear but it shows the users’ IPV6 even though some users use IPV4, is there any configuration to prioritize IPV4? remembering that these users where IPV6 shows are modern networks where providers are migrating from IPV4 to IPV6, so the customer will have access to both.

1 Like

I don’t think that’d be possible unless you disabled IPv6 from accessing your Discourse instance at all, since the client will only use one or the other when connecting to a website, not both. (And so the site wouldn’t know of the other IP address)

1 Like

Is there any configuration within the docker container or in the app.yml or within the discourse panel itself where I can restrict IPV6 access to my installation?

I believe you mentioned cloudflare in a different topic, couldn’t you just drop the AAAA record for Discourse from the DNS config? (Thereby disabling IPv6 access)

I don’t have an AAAA record in my DNS zone