sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] reverse proxies and the pool

From: Todd Lyons
Subject: Re: [Sks-devel] reverse proxies and the pool
Date: Wed, 30 Oct 2013 17:33:36 -0700 
On Wed, Oct 30, 2013 at 11:31 AM, Gabor Kiss <address@hidden> wrote:
>
> > Whatever the decision, could you provide documentation for
> > configuration of such a reverse proxy for both Apache and Nginx?
>
> What I miss is a set of diagnostic procedures/recipes that could
> help an operator to figure out if his server fits various requirements.
>
> Like this was on Monday:
>
> | Virtualhost-related, no match found
> |
> | address@hidden ~ $ curl -H'Host: p80.pool.sks-keyservers.net' 
> "http://keys.niif.hu/pks/lookup?op=stats";;
> | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> | <html><head>
> | <title>404 Not Found</title>
> | </head><body>

Yes, that was a very nice statement, and when I ran it, it revealed
that I had a misconfiguration on my system too.  The #httpd channel
gave me one AWESOME command that immediately indicated how my system
was configured:

# httpd -S
VirtualHost configuration:
[2001:470:d:367::555]:80 sks.mrball.net (/etc/httpd/conf.d/sks.conf:23)
[2001:470:d:367::555]:443 sks.mrball.net (/etc/httpd/conf.d/sks.conf:63)
208.89.139.251:80      sks.mrball.net (/etc/httpd/conf.d/sks.conf:23)
208.89.139.251:443     sks.mrball.net (/etc/httpd/conf.d/sks.conf:40)
wildcard NameVirtualHosts and _default_ servers:
*:11371                sks.mrball.net (/etc/httpd/conf.d/sks.conf:8)
_default_:443          mail.mrball.net (/etc/httpd/conf.d/ssl.conf:74)
*:80                   is a NameVirtualHost
         default server www.mrball.net (/etc/httpd/conf.d/00-vhosts.conf:61)
         port 80 namevhost www.mrball.net (/etc/httpd/conf.d/00-vhosts.conf:61)
         port 80 namevhost downloads.mrball.net
(/etc/httpd/conf.d/00-vhosts.conf:69)
         port 80 namevhost bluefish.mrball.net
(/etc/httpd/conf.d/00-vhosts.conf:80)
         port 80 namevhost eximbuild.mrball.net
(/etc/httpd/conf.d/eximbuild.conf:1)
Syntax OK

Originally I had the keyserver stuff listening on the *:80 and *:443
NameVHost instead of a separate Listen directive and IP:80 / IP:443.
I do find it interesting that the *:11371 is listed as a
NameVirtualHost, but it still accepts any Host header that comes in
(probably because I use Listen IP:11371 multiple times instead of Port
11371).

It may be that my system needs more tweaking though.  It's working for
everything that I test with (all Host headers I send at it), and I
have green lights on the status page.

...Todd
-- 
SOPA: Any attempt to [use legal means to] reverse technological
advances is doomed.  --Leo Leporte
reply via email to
[Prev in Thread] Current Thread [Next in Thread]