-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Martin,
Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
'Versions prior to 1.1.2 have a severe interoperability bug (POST
requests for exchanging keys are HTTP/0.9, does not work with modern
setups having reverse HTTP proxies in front as a best practice.'
Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?
Also, I have noticed, that you did not enable the built-in www server:
'Page not found: /var/lib/sks/www/index.html'
Regards,
H.Storm [TheBluProject]
On 05/04/2014 07:52, Martin Papik wrote:
Thank you very much Jerzy, however I'm facing some problems. I
wonder if you have any insight. I'm new to sks, but it seems to me
that there might be an apache proxy intercepting the connections
and interfering somehow. I don't see my server in
http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the
sks servers are talking to each other on 11370 so I'm assuming
there's some kind of asymmetric setup.
Any help would be appreciated.
Martin
In the log I see (after incrementing http_fetch_size to 1000 to
reduce the number of entries).
2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370
changed from [] to [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET
[2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
recovered from <ADDR_INET [176.241.243.15]:11371> 2014-04-05
08:44:11 Requesting 1000 missing keys from <ADDR_INET
[176.241.243.15]:11371>, starting with
0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
<ADDR_INET [176.241.243.15]:11371>, starting with
29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
<ADDR_INET [176.241.243.15]:11371>, starting with
54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
<ADDR_INET [176.241.243.15]:11371>, starting with
7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
<ADDR_INET [176.241.243.15]:11371>, starting with
A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">") 2014-04-05 08:44:12 Requesting 1000 missing keys from
<ADDR_INET [176.241.243.15]:11371>, starting with
D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">") 2014-04-05 08:44:12 Requesting 64 missing keys from
<ADDR_INET [176.241.243.15]:11371>, starting with
FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting
missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">")
The tcpdump output contains (looks like HTTP 0.9, no host header in
the request, no HTTP headers in the response).
Request to 176.241.243.15:11371
POST /pks/hashquery content-length: 24
Response from 176.241.243.15:11371
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
<title>502 Proxy Error</title> </head><body> <h1>Proxy Error</h1>
<p>The proxy server received an invalid response from an upstream
server.<br /> The proxy server could not handle the request <em><a
href="/pks/hashquery">POST /pks/hashquery</a></em>.<p> Reason:
<strong>Error reading from remote server</strong></p></p> <hr>
<address>Apache Server at keyserver.kolosowscy.pl Port
80</address> </body></html>
On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
Hi,
I added your server. My line to add:
keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
<address@hidden>
Rgds,
Jerzy Ko?osowski
Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
Hi everyone,
I've just configured sks 1.1.1 (default on Ubuntu) on
sks-server.randala.com. The machine has IPv6 but SKS has not
yet been assigned an address. I wonder, is there an advantage
(e.g. in terms of peering)? The server is located in
Germany/EU. For now I'm deploying
the
server for R&D as a proxy for my private server (behind my
ISPs randomized NAT).
You may contact me if you have further questions or for any
issues, operational or otherwise.
Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ...
köszönöm] Loaded: 3583821 keys
Line to add to /etc/sks/membership
sks-server.randala.com 11370
Thank you.
Martin
_______________________________________________ Sks-devel
mailing list address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel
_______________________________________________ Sks-devel
mailing list address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel
_______________________________________________ Sks-devel mailing
list address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTQAc1AAoJECAbDNi5hly1xZsP/33HxdOB3IR2xKVb611YHDCg
Sq4+bqrMystY4uN4tXIZY9n4QC7GzeXzX8Z84nfPrroNaWUeDsQVhO5Wj6fH0hOV
QSF3CruKigQEQOfhwZtto1y8bVAXrQtHyt28RNl8ogkwv99iIf+0uR6zvnGh/Mo3
ViYIWzlPvCf9sa5wSL2R678EKQ7tK3YUcouNhBAr4HZSrDGao1KfEoA5VnzblwLY
bndrMA3JSO4wyYsAIKPks1EXe42tOSQJ5c7t1snFDxDkkMGTXQjiVkXJbYjDD+++
jRRFhxeJRZBpddl/1yYieqOIUC9up2xAY6s0ypSSQYOkfOZxGvgbPULSUNY0VdyR
cwQqJ4/iahcLnFiHggLKIRt+ec3LyosHtLigFzmZ3WaRZIeW2loRTOYGTxhA9kxr
tmWeoJpWfLWD7kqEa1QBb/9VwIidZ3nq6UhXLDRYr9PDU3iKRpZmDVj5Me/bqU4D
e7u3G9M3jV+RALayav6zdETIQUBkt4/l8M22XZSv1HZFY1EXsWX2uctJPOxr/5D6
q1kl4sNzWFgK2kVBqyOMMD2hXyt3FKT2Sf66jA/q46hfRS+uxJ1TeKOe5gI4PUqE
T8/8SXAm4BVjAD/DIlrnwSClpZL7uRr8VmNUIvyEWEkJYhuJRgpLUqFOHK25W84V
weobILt1mOdzud5jg1rQ
=P0g7
-----END PGP SIGNATURE-----
_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel