[Sks-devel] Proxy config issue and question

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Proxy config issue and question

From:	James Cloos
Subject:	[Sks-devel] Proxy config issue and question
Date:	Mon, 19 Aug 2013 17:59:19 -0400
User-agent:	Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If one configures a proxy (such as nginx) with a config like:

# nginx syntax
# presume:
#  keys.example.net AAAA 2001:DB8::1
#  keys.example.net A    198.51.100.1
server {
        listen      [::]:11371 ipv6only=off;
        access_log  off;
        location / {
            proxy_pass         http://127.0.0.1:11373;
            proxy_pass_header  Server;
            add_header         Via "1.1 keys.example.net:11371 (nginx)";
        }
}

with 'hkp_address: 127.0.0.1' and 'hkp_port: 11373' in sksconf, then
op=stats and recon will advertize keys.example.net:11373 instead of
keys.example.net:11371, and remote recons will not be able to request
keys from you.

Instead, you need to specify 'hkp_port: 11371' in sksconf and configure
the proxy like:

# nginx syntax
# presume:
#  keys.example.net AAAA 2001:DB8::1
#  keys.example.net A    198.51.100.1
server {
        listen      198.51.100.1:11371;
        listen      2001:DB8::1:11371;
        access_log  off;
        location / {
            proxy_pass         http://127.0.0.1:11371;
            proxy_pass_header  Server;
            add_header         Via "1.1 keys.example.net:11371 (nginx)";
        }
}

with listen directives for each specific address.

Perhaps this is why some severs seem to lack some keys?

Continuing on the nginx front, what is the optimal config for ports 80
and 443, presuming that one wants to be able to serve other content on
those ports in addition to /pks/?  I've tried several, and non worked
reliably.

- -JimC
- -- 
James Cloos <address@hidden>         OpenPGP: 1024D/ED7DAEA6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iQIcBAEBAgAGBQJSEpVJAAoJECPGzfcnLZ1DwqQP/3mSS1/zSkbiuH43Bg5UjYrp
nqn29JyqZB7ufzhB2mtUGGLGMYxAEAFNWUbSizaGCNeLB73t7GMhFNGDBqK6KIQo
18QhHGzqixfCTdS1cvWSkC7faJkZ954Gzsvr5nxaudB8jOsQksv6aDu3JwizFUEr
jeI/L1tIH0u2BrYnRADp4oK8d+FHQlOKUKZY+2dPgv7o4Nr2D41S0OA3obQ4Ngki
yBp6gTu1QuBarYYqRt5mbSKQZdiItRHuMfECBiY4Bgsy8Hgc5HuRkxlqfWlp6LXR
uy77A71nIDERzVf8BfMVuTbYSQ09UW4b90v9lCRrVeee/3/cIy3ifwheMuxP7H4x
60SWH1E5utfw4icY91CQvc4wiHOAO23/MJ2wVCkJ3T+1ToekvePjk2XooM3t+l+H
IeWwiS5x/KLBOAVzmkFNRjnhXJqRjx22nKbYxXKQhqVmlLgkqBCwYhU47LsjTQxF
iwghGtvFMk+cdGzmh+AKGdKHXpAbH65QZUisrreVC1V1HVr/iDMXyUh3RTK6nIVk
jP58yXKnRXoehgfeCIct8AjhG42DA3Zq+jBk+aWmKPZd4YPd6SXb89qrHZ8wJzsN
cFQ+GkJ7ToGUgzwc9mizcevWMdc7M6TCV4D9b86TEoaook1evZofnt9i7+DfFI6s
Wp/tkT6BtYPOdBJ0DGa9
=dUz6
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Proxy config issue and question, James Cloos <=
- Re: [Sks-devel] Proxy config issue and question, Phil Pennock, 2013/08/19
  - Re: [Sks-devel] Proxy config issue and question, James Cloos, 2013/08/20
    - Re: [Sks-devel] Proxy config issue and question, Phil Pennock, 2013/08/20

Prev by Date: Re: [Sks-devel] key-server.nl ptree rebuild
Next by Date: Re: [Sks-devel] sks 1.1.4 fails to start
Previous by thread: [Sks-devel] eagle.jhcloos.com renamed to keys.jhcloos.com
Next by thread: Re: [Sks-devel] Proxy config issue and question
Index(es):
- Date
- Thread