Most active commenters
  • nerdponx(3)
  • banana_giraffe(3)

←back to thread

Ifconfig.co – Hacker-friendly “What is my IP address”

(ifconfig.co)
224 points gurjeet | 19 comments | 30 Mar 21 08:02 UTC | HN request time: 1.246s | source | bottom
1. nerdponx ◴[30 Mar 21 14:10 UTC] No.26634782[source]
It's great to have services like this.

For the benefit of anyone interested: for a "self-hosted" solution, you can do this entirely within Nginx. Here's an example config:

    server {
      listen 80 default_server;
      listen [::]:80 default_server;

      listen 443 default_server;
      listen [::]:443 default_server;

      # Use Letsencrypt for SSL. This part will depend on your own setup.
      ssl_certificate /etc/letsencrypt/live/<my domain>/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/<my domain>/privkey.pem;

      server_name <my domain>;

      # Deny all access at all paths; useful if you're hosting other stuff behind
      # the same Nginx server (e.g. reverse proxy)
      location / {
        deny all;
      }

      # At /ip, return 200 with the client IP address in the body
      location = /ip {
        default_type text/plain;
        return 200 '$remote_addr';
      }
    }
replies(7): >>26634946 #>>26636981 #>>26637327 #>>26637356 #>>26637665 #>>26637879 #>>26640213 #
2. VWWHFSfQ ◴[30 Mar 21 14:25 UTC] No.26634946[source]
this service does a lot more than just return your remote_ip, which wont work behind a load-balancer or other proxy unless you configure realip module. and also need to add geoip module to do all the location stuff
replies(2): >>26635073 #>>26643238 #
3. nerdponx ◴[30 Mar 21 14:37 UTC] No.26635073[source]
Good points both.

That said, do you know of any software library that exposes the Geoip database (or at least Geoip Lite which you one easily obtain for free) in a nice API? Like how a lot of programming languages have tzinfo/tzdata libraries for querying the Tz database.

replies(2): >>26636140 #>>26637406 #
4. cryvate1284 ◴[30 Mar 21 15:54 UTC] No.26636140{3}[source]
Maxmind do APIs for a bunch of language. I've used the python one and it works well (with Lite), but see here their list:

https://dev.maxmind.com/geoip/geoip2/web-services/

replies(2): >>26636438 #>>26641833 #
5. nerdponx ◴[30 Mar 21 16:14 UTC] No.26636438{4}[source]
I should clarify that I was looking for an "offline" API/library that I can use against a local copy of the Lite database, but this is great stuff too.
replies(2): >>26637238 #>>26638565 #
6. enz ◴[30 Mar 21 16:48 UTC] No.26636981[source]
You can even have the JSON version:

    location /json_ip {
        default_type application/json;
        return 200 "{\"ip\":\"$remote_addr\"}";
    }
7. luhn ◴[30 Mar 21 17:07 UTC] No.26637238{5}[source]
Not sure what language you're looking for, but those exist too. Here's a Python one: https://maxminddb.readthedocs.io/en/latest/
8. rogerdonut ◴[30 Mar 21 17:12 UTC] No.26637327[source]
This can also be done with HAProxy

    listen whatismyip
        bind :::80 # listen on ipv4/ipv6
        bind :::443 ssl crt /etc/haproxy/ssl/fullchain.pem
        mode http

        http-request return status 200 content-type "text/plain" lf-string "%[src]" if { path /ip }
        http-request return status 200 content-type "application/json" lf-string "{\"ip\":\"%[src]\"}" if { path /json_ip }
        http-request deny
9. banana_giraffe ◴[30 Mar 21 17:14 UTC] No.26637356[source]
Along the same lines, if you want to make your own AWS Lambda /API Gateway version of this:

    def lambda_handler(event, context):
        return {
            'statusCode': '200',
            'headers': None,
            'body': event.get('requestContext', {}).get('identity', {}).get('sourceIp', 'unknown')
        }
I do this, though my lambda is a bit more complex in practice, since I have some triggers that say "if this thing reports a new IP, do something".

Of course, AWS provides this basic service as checkip.amazonaws.com

replies(1): >>26637648 #
10. banana_giraffe ◴[30 Mar 21 17:18 UTC] No.26637406{3}[source]
MaxMind offers a small version of their database API for free:

https://dev.maxmind.com/geoip/geoip2/geolite2/

In practice it's good enough for many purposes. It's actually the version of the database that ifconfig.co uses.

11. anonymouse008 ◴[30 Mar 21 17:36 UTC] No.26637648[source]
That's a brilliant way of adding and removing SSH security group rules for digital nomads
replies(1): >>26637744 #
12. 0xbkt ◴[30 Mar 21 17:38 UTC] No.26637665[source]
It is even easier with Caddy's `respond` directive[0], placeholders[1], and automatic HTTPS.

Caddyfile:

  example.com {
      respond "{remote_host}"
  }
[0] https://caddyserver.com/docs/caddyfile/directives/respond

[1] https://caddyserver.com/docs/caddyfile/concepts#placeholders

replies(1): >>26644356 #
13. banana_giraffe ◴[30 Mar 21 17:42 UTC] No.26637744{3}[source]
That's exactly what I use it for. I have a small program on my laptop that makes a request of my lambda every now and then (and if it senses a change of the network). It triggers a change in the firewall rules for a SSH server.

Between that and Mosh, I barely even notice when I change networks.

14. haik90 ◴[30 Mar 21 17:51 UTC] No.26637879[source]
been using this for few years. As far as I know, can't return IPv4/IPv6 only from nginx without using separate server block to enforce one of them
15. cryvate1284 ◴[30 Mar 21 18:42 UTC] No.26638565{5}[source]
If you click through one of the links (e.g. Python) you will see it does allow you to do so!

https://pypi.org/project/geoip2/

16. ◴[30 Mar 21 20:45 UTC] No.26640213[source]
17. stevenicr ◴[30 Mar 21 23:30 UTC] No.26641833{4}[source]
I thought maxmind has some kind of terms change that forced account signup and some other issues 'because of some privacy law' like gdpr - maybe the Cali one?

So it has ruined my second favorite wordpress security plugin - and MaxMind not really usable like it once was (?)

18. jesterson ◴[31 Mar 21 03:35 UTC] No.26643238[source]
nginx with GeoIP2 module does exactly same for me for years by now.
19. BrandoElFollito ◴[31 Mar 21 07:15 UTC] No.26644356[source]
One more reason to love that extraordinary web server. It is really wonderful, sad that it is not more used.

I work in IT (was a sysadmin for years, still administer my own servers) and I hated the configuration of the web servers (first Apache, then nginx) - mostly because I was too lazy to read the docs from beginning to end.

This changed with caddy. It is simple, fast, reliable, HTTPS first with LE. Great.