sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] peering broken for keyservers using reverse-proxies?

From: Ryan
Subject: Re: [Sks-devel] peering broken for keyservers using reverse-proxies?
Date: Wed, 4 Apr 2012 18:02:49 -0600 
I had problems reverse proxying 11371 behind a load balancer; would break other 
sks servers fetching keys.

What I ended up doing was configure SKS to use 21371 on external interface and 
the proxy on 11371;  other SKS servers started fetching keys off 21371 and 
bypassing the proxy yet clients always hit the proxy.

I think the issue was fixed in latest SKS but alot of servers are not running 
it yet so this is my work-arround.

Regards,
-Ryan

On Apr 4, 2012, at 5:27 PM, John Clizbe wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1,SHA256
> 
> Christoph Egger wrote:
> > Hi!
> > 
> >   Recently I started to see failures in my recon.log:
> > 
> > 2012-04-04 23:35:59 Error getting missing keys: Failure("<!DOCTYPE HTML 
> > PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
> > 2012-04-05 00:57:10 Error getting missing keys: Failure("<html>\r")
> > 
> >   Interestingly all peers I'm seeing this kind of failure are marked as
> > using reverse-proxies on http://sks-keyservers.net/status/ -- is this
> > setup in some way broken?
> 
> Is the recon port being forwarded? I saw where 11371 was, but not 11370.
> 
> That would be the first place I'd check. If that doesn't fix it, 11370 will
> probably need to be passed directly to the server.
> 
> - -John
> 
> - -- 
> John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
> John ( @ ) Enigmail DAWT net          or: John (@) Keyservers DAWT net
> FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
>      mailto:address@hidden
> 
>                    Cowboy Haiku -- Reflections on Rodeo
> So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12-git-509fe4ce-2012-01-31 (Windows XP)
> Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
> Comment: Be part of the £€€7 ECHELON -- Use Strong Encryption.
> Comment: It's YOUR right - for the time being.
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQEcBAEBAgAGBQJPfNjPAAoJECMTMVxDW9A0lTYH/1uVN8M0YhOwvQNAd7szj0HL
> 0Uj+QlQRHtTXIH1LUtz5nUxD8VE0hUgUcr3Xl+7JCeC27/4pQ4bWIFMRAYJwgFTI
> T/oc2mRSq3knbhzkKIoz5GZ7mi2BcYhQt+Ox+rAzl9ZXZNAqZHlGXNnF3AOyIA/O
> NJ0STH7BARQohfe2gIaR1T/wUglqoEghXEZRUQw0xlGinWxy5Vz1kAexzMB/FX7/
> Z6zTQXI+UPNx7ZbxdmEMIgBx3isCIgqtCAZsGFH+vs7kYPhDWQo5BekNlF1NTHdO
> V1DyAt3/xiN7sJl3PmUDWvtZdWtpUHP4MZicGJgGDEcA4kOmLk9c2blBY7VtPg2I
> XgQBEQgABgUCT3zYzwAKCRDrXhnz1laYJbIhAP9ZbOsI7fA/n/vOXKriDrPIP/kq
> 0MKSa/BJjWimgsGq6wD/fOkCxNMAtimg1Zsh+XbEs5pRdKQHovD22W4AHR6mOzo=
> =Leap
> -----END PGP SIGNATURE--
reply via email to
[Prev in Thread] Current Thread [Next in Thread]