[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Reverse Proxy
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] Reverse Proxy |
|
Date: |
Sat, 28 Apr 2012 15:45:45 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 28.04.2012 15:26, Jens Leinenbach wrote:
> Hi Kristian,
>
> I installed a reverse proxy over a week ago, but it seems not to
> be recognized, as you can see here:
> http://keyserver.ccc-hanau.de:11371/ngnix
> http://sks-keyservers.net/status/info/keyserver.ccc-hanau.de To
> configure that, I left the SKS configuration untouched (after some
> known problems) and just changed some shorewall settings for the
> ports.
>
> As already discussed on this list, there is this old SKS bug using
> POST requests without sending the http version, so ngnix denies
> these POST request. And I didn't find any workaround, so that ngnix
> can fix these requests.
>
> Regards, Jens
>
Hi Jens,
The workaround is to make SKS listen to e.g. port 11372, as specified
in hkp_port in sksconf, that is allowed access only by your peer list.
Upon reconciliation (usually port 11370, as specified in the
membership file of the peers).
HKP (client perspective), however, default to 11371. As such you can
make nginx (or any other reverse proxy) listen to this port.
Just to have it mentioned, a fix for the POST error got into the
source on Apr 5 [1]
As for the use of nginx, are you sure this is being done on the
public-facing interface? try running e.g. "wget -S
http://keyserver.ccc-hanau.de:11371/pks/lookup?op=stats"; , at the
moment I'm only seeing "Server: sks_www/1.1.1" from my computers.
[1]
http://code.google.com/r/johnclizbe-sks-keyserver/source/detail?r=dc1d4aed4ef7e97d7e2f83cde73fb6a0a7c0e384
- --
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJPm/SJAAoJEBbgz41rC5UIH84QAK+4LbbRyl9tCVJ2vVyS8OBn
HZozm64ZnvMKhcQPY/RVA/KTazzbQOxb6M7lwdTwDrn0dovRD42QDcdFFrcO3/1D
9ct+nVX4etxeTCqsHxu7W4Pm5b/DvNYqUUrL6jU6lihNDN0Dxn5hIQrwlRlzHKZF
JPSmF8CmQZNcYDnTotgUmEVuM11NDr9wSTRRPC7ozwon+9eChpPt7WWNdN//7o1L
EjoxcrC/3whkpR3rp3ayvBEBcIoy3XIdxa5kLBUrXc35YQLNBx55Ivv55PTupwXb
Ppxy71ZPeTea/h+T4Vs667BBXE7KM0HDnSSRcnqPvHGxbRufKRMd7+lQApqwTXBS
cWhxDky/lRoDEeHb+thX0yUWdltqHcQaH7qQX9e4qF03aW8taKRgXmGSxW5gTJro
BBQPJkzOxbW/zlbAb0jIQ4uFhGD0qSxp0koeZP3NXZ3WGICL0Dn+wQMrB403jral
6xNig+nrLbEVON3A1UbVPPyXkuamRdeHNtWtLEnx3lZXEpV/WN7oZdEM/4IkKj3N
+d2AfWB8f+tnjGnJynG+FreJbIxpoyc2nx5mYc7sjz9YQ2ClEaEzQxiSHsUGpLsf
yNIz9dkUL3xjDgrowLnm43/VakemsISl/Zu2kK2Mx3iwFyi5TC53zic7qJ85IH7D
cu4gqoXaZz8KnISMiG0H
=hmsG
-----END PGP SIGNATURE-----