[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] disunitedstates.com now available on IPv6
|
From: |
Todd Lyons |
|
Subject: |
Re: [Sks-devel] disunitedstates.com now available on IPv6 |
|
Date: |
Thu, 10 Oct 2013 13:22:39 -0700 |
|
User-agent: |
Mutt/1.5.20 (2009-12-10) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Oct 10, 2013 at 10:42:03AM -0700, David Benfell wrote:
>It appears to be working for me. Please let me know if you're still
>seeing something different:
It's working for me now.
>> Set up those two things and you'll probably start getting traffic
>> on the ipv6 interface. Make sure to add pool.sks-keyservers.net
>> and *.pool.sks-keyservers.net as ServerAliases (apache speak,
>> varies if you're using a different rproxy mechanism).
>I haven't even found a HOWTO on setting up the proxy that both
>actually works and makes sense to me, so I've never done this. And
>disunitedstates.com is in use for another application on ports 80/443
>anyway. I *could*, however, add a subdomain and allocate one of my
>spare IPv4 addresses to it and tell sks to listen to more addresses.
My advice is to pick a subdomain and do that. I chose "sks.mrball.net"
for mine. I used a different IP too, but I don't think that's strictly
required. It's not a problem setting a different ipv6 ip address since
you likely have a whole /64 to work with.
>What would be nice, if I were to do this, is to have a really nice web
>page to put in front. I know this was discussed before on this list,
>but I haven't found it again, and I'd like to have permission before
>just hauling off with somebody else's creative work. ;-)
The bitbucket peering document is the best one around. I'll slap my
config up here. It is currently working to give me 4 green lights.
Adjust the IP's and hostnames to match your situation.
address@hidden ~]# cat /etc/httpd/conf.d/sks.conf
Listen 208.89.139.251:11371
Listen 208.89.139.252:11371
Listen [2001:470:d:367::50]:11371
Listen [2001:470:d:367::555]:11371
Listen 208.89.139.251:443
Listen [2001:470:d:367::555]:443
<VirtualHost *:11371>
ServerName sks.mrball.net
ServerAlias pool.sks-keyservers.net
ServerAlias *.pool.sks-keyservers.net
CustomLog logs/sks_access_log common
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
ProxyVia on
SetEnv proxy-nokeepalive 1
</VirtualHost>
<VirtualHost *:80>
ServerName sks.mrball.net
ServerAlias pool.sks-keyservers.net
ServerAlias *.pool.sks-keyservers.net
CustomLog logs/sks_access_log common
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
ProxyVia on
SetEnv proxy-nokeepalive 1
</VirtualHost>
<VirtualHost 208.89.139.251:443>
ServerName sks.mrball.net
ServerAlias hkps.pool.sks-keyservers.net
CustomLog logs/ssl_sks_access_log common
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite !aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
SSLCertificateKeyFile /etc/pki/tls/certs/sks_1.key
SSLCertificateFile /etc/pki/tls/certs/sks.mrball.net_keyserver.crt.pem
SSLCACertificateFile /etc/pki/tls/certs/sks.mrball.net_keyserver.crt.pem
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
ProxyVia on
SetEnv proxy-nokeepalive 1
</VirtualHost>
<VirtualHost [2001:470:d:367::555]:443>
ServerName sks.mrball.net
ServerAlias hkps.pool.sks-keyservers.net
CustomLog logs/ssl_sks_access_log common
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite !aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
SSLCertificateKeyFile /etc/pki/tls/certs/sks_1.key
SSLCertificateFile /etc/pki/tls/certs/sks.mrball.net_keyserver.crt.pem
SSLCACertificateFile /etc/pki/tls/certs/sks.mrball.net_keyserver.crt.pem
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
ProxyVia on
SetEnv proxy-nokeepalive 1
</VirtualHost>
- --
Regards... Todd
Well, it's Karch... --frequently heard after every amazing move he does
Linux kernel 2.6.32-279.22.1.el6.x86_64 1 user, load average: 0.00, 0.00,
0.00
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlJXDI4ACgkQIBT1264ScBVeoQCgpMBg2IJahqoxMsg8iJ7lSsLL
iycAoMNS6T9qAkBcLAqtidhfEv2C4XmX
=7G71
-----END PGP SIGNATURE-----
- [Sks-devel] disunitedstates.com now available on IPv6, David Benfell, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Todd Lyons, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, David Benfell, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6,
Todd Lyons <=
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Kristian Fiskerstrand, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Todd Lyons, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Kristian Fiskerstrand, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Todd Lyons, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, David Benfell, 2013/10/10
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Phil Pennock, 2013/10/11
- Re: [Sks-devel] disunitedstates.com now available on IPv6, Jeremy T. Bouse, 2013/10/11
- Re: [Sks-devel] disunitedstates.com now available on IPv6, David Benfell, 2013/10/12
- Re: [Sks-devel] disunitedstates.com now available on IPv6, David Benfell, 2013/10/12