block country and various fixes

confs/geoip-server.conf

@@ -0,0 +1,3 @@
+if ($allowed_country = no) {
+	return 444;
+}

confs/geoip.conf

@@ -1,7 +1,10 @@
+geoip2 /etc/nginx/geoip.mmdb {
+	auto_reload 5m;
+	$geoip2_metadata_country_build metadata build_epoch;
+	$geoip2_data_country_code country iso_code;
+}
+
 map $geoip2_data_country_code $allowed_country {
 	default yes;
 	%BLOCK_COUNTRY%
 }
-if ($allowed_country = no) {
-	return 403;
-}

confs/nginx.conf

@@ -70,15 +70,8 @@ http {
 	# disable default server
 	%DISABLE_DEFAULT_SERVER%
 
-	# redirect HTTP to HTTPS
-	%REDIRECT_HTTP_TO_HTTPS%
-
-	# geoip2 config
-	geoip2 /etc/nginx/geoip.mmdb {
-		auto_reload 5m;
-		$geoip2_metadata_country_build metadata build_epoch;
-		$geoip2_data_country_code country iso_code;
-	}
+	# check if country is blocked
+	%BLOCK_COUNTRY%
 
 	# check if user agent is blocked
 	%BLOCK_USER_AGENT%

confs/redirect-http-to-https.conf

@@ -1,5 +1,3 @@
-server {
-	listen 80;
-	server_name %SERVER_NAME%;
+if ($scheme = http) {
 	return 301 https://$host$request_uri;
 }

confs/server.conf

@@ -1,11 +1,12 @@
 server {
 	%LISTEN_HTTP%
 	%AUTO_LETS_ENCRYPT%
+	%REDIRECT_HTTP_TO_HTTPS%
 	server_name %SERVER_NAME%;
 	%SERVE_FILES%
 	if ($request_method !~ ^(%ALLOWED_METHODS%)$)
 	{
-		return 405; 
+		return 405;
 	}
 	%USE_PHP%
 	%HEADER_SERVER%