[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Reverse Proxy
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: [Sks-devel] Reverse Proxy |
|
Date: |
Sat, 28 Apr 2012 18:58:22 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:10.0.3) Gecko/20120329 Icedove/10.0.3 |
On 04/28/2012 09:26 AM, Jens Leinenbach wrote:
> As already discussed on this list, there is this old SKS bug using POST
> requests without sending the http version, so ngnix denies these POST
> request.
> And I didn't find any workaround, so that ngnix can fix these requests.
It looks like you're running debian on that server. If you're running
squeeze, the version of sks in squeeze-proposed-updates
(1.1.1+dpkgv3-6+squeeze1) contains a fix for the POST request business.
If you're running wheezy or sid, you can find the same fix in version
1.1.1+dpkgv3-7.1.
Anyone who runs sks on debian should upgrade to either of these versions
to be able to query HKP servers that run behind reverse proxies.
This won't solve all of your problems (peers who don't run debian or
don't upgrade still won't be able to contact your machine), but that's
arguably their problem, not yours.
I do not recommend exposing SKS directly on port 11372, since that would
mean leaving yourself exposed directly to the same DoS attack that the
reverse proxies are intended to buffer against.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28