For the benefit of anyone interested: for a "self-hosted" solution, you can do this entirely within Nginx. Here's an example config:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 default_server;
listen [::]:443 default_server;
# Use Letsencrypt for SSL. This part will depend on your own setup.
ssl_certificate /etc/letsencrypt/live/<my domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<my domain>/privkey.pem;
server_name <my domain>;
# Deny all access at all paths; useful if you're hosting other stuff behind
# the same Nginx server (e.g. reverse proxy)
location / {
deny all;
}
# At /ip, return 200 with the client IP address in the body
location = /ip {
default_type text/plain;
return 200 '$remote_addr';
}
}
One more reason to love that extraordinary web server. It is really wonderful, sad that it is not more used.
I work in IT (was a sysadmin for years, still administer my own servers) and I hated the configuration of the web servers (first Apache, then nginx) - mostly because I was too lazy to read the docs from beginning to end.
This changed with caddy. It is simple, fast, reliable, HTTPS first with LE. Great.
That's exactly what I use it for. I have a small program on my laptop that makes a request of my lambda every now and then (and if it senses a change of the network). It triggers a change in the firewall rules for a SSH server.
Between that and Mosh, I barely even notice when I change networks.
this service does a lot more than just return your remote_ip, which wont work behind a load-balancer or other proxy unless you configure realip module. and also need to add geoip module to do all the location stuff
That said, do you know of any software library that exposes the Geoip database (or at least Geoip Lite which you one easily obtain for free) in a nice API? Like how a lot of programming languages have tzinfo/tzdata libraries for querying the Tz database.
I should clarify that I was looking for an "offline" API/library that I can use against a local copy of the Lite database, but this is great stuff too.
I thought maxmind has some kind of terms change that forced account signup and some other issues 'because of some privacy law' like gdpr - maybe the Cali one?
So it has ruined my second favorite wordpress security plugin - and MaxMind not really usable like it once was (?)
Looks great but these services have a tendency to come and go. Bad actors just end up hammering it. But I've been using icanhazip.com for years and it's still going strong.
I tend not to use these sort of services except for quick hack purposes, which I suppose this is exactly designed for. Unfortunately, those needs vary so widely I can't try to keep track of these sort of services and just Google/DDG for something similar when I need it. Unless this pops up on the first page of a Google/DDG search, it's unlikely I'll ever use it.
If the software behind the service is available and looks like it'll be easily usable for years because it has few to no dependancies that are likely to deprecated, I might actually commit the effort to memory and use it for all similar demands, similar to how I keep track of specific CLI *nix tools which I can rest assured, even if there are no updates and potential security issues, most are going to be usable at some future date in a pinch.
Pro of icanhazip.com is that you can curl it directly, it returns your address and nothing else; you don't have to parse the result to get the value, which is a big plus when used in a script:
I wonder how much more it will take before the answer to "What is my IP address?" will simply be "Look in the settings" or "Just type ip addr in the terminal".
We are so used to NAT that we don't realize how crazy it is that you essentially have to ask a stranger what's your address. It's really difficult to explain this to someone with no networking knowledge. Nothing else works this way: phone numbers, emails or postal addresses.
Phone numbers, emails, and postal addresses all still route through multiple mediaries between source and dest, and neither end ever know what path it took. In other words, they are MITMed by design. And for these mediums of communication, you want it this way for everyone's safety and sanity.
The only way this works securely with internet packets would be tor.
I'm NAT'd, though with an external IP, so the IP my router sees is not the same as what the world sees--while my ISP did provide me this information in an email, it's much faster for me to ask Google or whatnot than to dig the email up.
Their point is that you can always give your number to anyone and they can directly use it to contact you. It's never unclear what number to give someone so they can reach you. Yeah calls have to be routed, but routes are implicit, not something you have to worry about as src or dest.
Say you're at home, you have a landline, and you don't know what your own phone number is. How do you get it? You call someone with caller ID, and ask them to tell you what number you called from.
There are numbers one can call for ANI / ANAC info from a landline. They vary by carrier and sometimes region. MCI has a well-known line that reads back your number.
Of course, I haven't had a land line in years and my cell phones tell me their numbers in the settings.
I'm referring to the fact that people don't know their own phone numbers, and instead of reading it, they'll call you and the receiver sees the number.
I run eth0.me - a similar service. This might be the IP lookup service with the shortest URL, which is the reason why I run it.
Some anecdotes:
-At the moment the service has 10 GiB of traffic/day. In February, there were 295 476 879 requests.
-Because the service returns only the IP address and nothing else, the requests are larger than the replies.
-At some point a russian ISP began querying eth0.me from (apparently) all of their eyeball routers. Thousands of devices from their address space would query this service every second, which resulted in many Terabytes of traffic monthly. I decided to block their address space.
This service was run by somebody else up until a few years ago. It became more and more unreliable and went offline. At some point I noticed that the domain had expired. I decided to buy it and run it myself.
I have a similar domain with a 9 character URL that I have been running (wow - I had to look it up!) for 16 years for my own use and for my clients. I have some ddns clients that use it to update their DNS records when their IP changes.
I won't be advertising it here on HN any time soon, though, since it would probably fall over from the traffic. :)
But seriously, it's basically a front end to a bunch of people who have been incentivized (or fooled) into installing a proxy server on their home computers. It's primarily of interest as a way to make certain types of fraud (like ad fraud and credit card fraud) much harder to detect.
I had some auto-tests for VPN app which were relying on similar web-service to check own IP address. One day service become unavailable and autotests got broken. IIRC it was (https://canihazip.com/s)
I decided to solve this task in a fast and reliable fashion, so I made a tool which discovers own IP address using major public STUN servers: https://github.com/Snawoot/myip
Program issues parallel queries to public STUN servers to determine public IP address and returns result as soon as quorum of matching responses reached.
Works fast and reliable, especially compared to services requiring HTTPS:
user@dt1:~> time curl https://api.ipify.org
45.152.165.44
real 0m2,515s
user 0m0,030s
sys 0m0,019s
user@dt1:~> time curl ifconfig.co/
45.152.165.44
real 0m0,131s
user 0m0,011s
sys 0m0,008s
user@dt1:~> time myip
45.152.165.44
real 0m0,084s
user 0m0,012s
sys 0m0,012s
It will work. The server will return JSON. The URL http://ipinfo.io/ returns HTML if the Accept header indicates that you want HTML, and JSON if there is no header, a wildcard header, or a header that requests JSON. As far as I can see, irm doesn’t add an Accept header, so the command jodrellblank provided will fetch JSON and work correctly.
Put it another way, if you cannot lookup dns, odds are curl won't work. Of course, some nets might require the use of internal dns servers and block outbound traffic to dns.
Free version of MaxMind's GeoIP - a lot of services use them but the free version is the most inaccurate. That being said, not sure it's a mistake on the EU thing?
Presuming that the "in-EU" is actually meant to refer to "subject to most EU legislation, and in particular the GDPR", then it's incorrect in the opposite way for Norway: it shows false.
Perhaps you ought to open one for Norway? (I don't think it would be appropriate for me to do it because I am not seeing the issue, not being in Norway.)
For what it is worth, I have found that the STUN protocol is also an option for discovering this sort of information. There are lists of public stun servers out there [0]. Finding a client is a little more difficult than just using curl, I grant, but not impossible.
It's very good that it doesn't redirect to HTTPS. I frequently work with little devices which have a curl/wget version that only supports very basic HTTP, but no HTTPS. It's always a pain to find a website which will work with that.
I mean, if you really really want my IP, you need to at least be asking for microphone or video permissions... otherwise, you are only going to get my default route! I work on a VPN product, and threw this together to get all my IP addresses, VPN be damned ;P. https://rv.saurik.com/wtfip/
I wish sites would prefer browser-provided location to services like these. I'm constantly being placed in some random city five or six hundred km away, where my ISP also happens to have customers, even though I have Firefox configured to report accurately (geo.provider.network.url = data:application/json,{"location":{"lat":43.5,"lng":-80.5},"accuracy":1000}).
I'm happy with https://www.ipify.org/ - supports plaintext and JSON, v4 or v6, etc. via changes to the URL, so it works without having to set custom headers or telling your client to use one or the other.
Slightly OT: Some similar services also expose useful data like if IP is a VPN, a threat/bot, hosting provider or ISP, or a proxy.
I always wondered where this info comes from, looking at the similar pattern I presume from the same provider. Is it a premium service from MaxMind or what?
handy thing yeah - I used this like 6 years ago to write some quick bash scripts that would grab dynamic IP changes and send them to cloudflare to update a DNS record and create our own dynamic DNS service!
For a service like this one, it is essential not to automatically redirect to https, because many simple and/or command line clients do not automatically follow (resolve) a HTTP redirect answer.
For the benefit of anyone interested: for a "self-hosted" solution, you can do this entirely within Nginx. Here's an example config: