Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Thank you very much Jerzy, however I'm facing some problems. I wonder if you have any insight. I'm new to sks, but it seems to me that there might be an apache proxy intercepting the connections and interfering somehow. I don't see my server in http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the sks servers are talking to each other on 11370 so I'm assuming there's some kind of asymmetric setup. Any help would be appreciated. Martin In the log I see (after incrementing http_fetch_size to 1000 to reduce the number of entries). 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370 changed from [] to [ADDR_INET [176.241.243.15]:11370, ADDR_INET [2002:b0f1:f30f::1]:11370] 2014-04-05 08:44:06 6064 hashes recovered from ADDR_INET [176.241.243.15]:11371 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:12 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:12 Requesting 64 missing keys from ADDR_INET [176.241.243.15]:11371, starting with FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) The tcpdump output contains (looks like HTTP 0.9, no host header in the request, no HTTP headers in the response). Request to 176.241.243.15:11371 POST /pks/hashquery content-length: 24 Response from 176.241.243.15:11371 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title502 Proxy Error/title /headbody h1Proxy Error/h1 pThe proxy server received an invalid response from an upstream server.br / The proxy server could not handle the request ema href=/pks/hashqueryPOSTnbsp;/pks/hashquery/a/em.p Reason: strongError reading from remote server/strong/p/p hr addressApache Server at keyserver.kolosowscy.pl Port 80/address /body/html On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote: Hi, I added your server. My line to add: keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski je...@kolosowscy.pl Rgds, Jerzy Ko?osowski Dnia s'roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze: Hi everyone, I've just configured sks 1.1.1 (default on Ubuntu) on sks-server.randala.com. The machine has IPv6 but SKS has not yet been assigned an address. I wonder, is there an advantage (e.g. in terms of peering)? The server is located in Germany/EU. For now I'm deploying the server for RD as a proxy for my private server (behind my ISPs randomized NAT). You may contact me if you have further questions or for any issues, operational or otherwise. Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ... köszönöm] Loaded: 3583821 keys Line to add to /etc/sks/membership sks-server.randala.com 11370 Thank you. Martin ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] SKS peering request [sks-server.randala.com]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Martin, Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering 'Versions prior to 1.1.2 have a severe interoperability bug (POST requests for exchanging keys are HTTP/0.9, does not work with modern setups having reverse HTTP proxies in front as a best practice.' Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ? Also, I have noticed, that you did not enable the built-in www server: 'Page not found: /var/lib/sks/www/index.html' Regards, H.Storm [TheBluProject] On 05/04/2014 07:52, Martin Papik wrote: Thank you very much Jerzy, however I'm facing some problems. I wonder if you have any insight. I'm new to sks, but it seems to me that there might be an apache proxy intercepting the connections and interfering somehow. I don't see my server in http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the sks servers are talking to each other on 11370 so I'm assuming there's some kind of asymmetric setup. Any help would be appreciated. Martin In the log I see (after incrementing http_fetch_size to 1000 to reduce the number of entries). 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370 changed from [] to [ADDR_INET [176.241.243.15]:11370, ADDR_INET [2002:b0f1:f30f::1]:11370] 2014-04-05 08:44:06 6064 hashes recovered from ADDR_INET [176.241.243.15]:11371 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:12 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:12 Requesting 64 missing keys from ADDR_INET [176.241.243.15]:11371, starting with FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) The tcpdump output contains (looks like HTTP 0.9, no host header in the request, no HTTP headers in the response). Request to 176.241.243.15:11371 POST /pks/hashquery content-length: 24 Response from 176.241.243.15:11371 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title502 Proxy Error/title /headbody h1Proxy Error/h1 pThe proxy server received an invalid response from an upstream server.br / The proxy server could not handle the request ema href=/pks/hashqueryPOSTnbsp;/pks/hashquery/a/em.p Reason: strongError reading from remote server/strong/p/p hr addressApache Server at keyserver.kolosowscy.pl Port 80/address /body/html On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote: Hi, I added your server. My line to add: keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski je...@kolosowscy.pl Rgds, Jerzy Ko?osowski Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze: Hi everyone, I've just configured sks 1.1.1 (default on Ubuntu) on sks-server.randala.com. The machine has IPv6 but SKS has not yet been assigned an address. I wonder, is there an advantage (e.g. in terms of peering)? The server is located in Germany/EU. For now I'm deploying the server for RD as a proxy for my private server (behind my ISPs randomized NAT). You may contact me if you have further questions or for any issues, operational or otherwise. Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ... köszönöm] Loaded: 3583821 keys Line to add to /etc/sks/membership sks-server.randala.com 11370 Thank you. Martin ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org
Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't install that one without an explicit parameter boggles me a bit. Oh well. Is that sufficient, or will I have to install the very latest from source? The web server is enabled, there's just no main page in the directory yet. I see Error fetching key from hash : Not_found messages in the log though, is this normal? The hashes update, so I'm not overly worried, just want to know if this is normal. Anyway, thanks again for taking the time to assist me. Martin On 04/05/2014 04:38 PM, BluKeyserver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Martin, Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering 'Versions prior to 1.1.2 have a severe interoperability bug (POST requests for exchanging keys are HTTP/0.9, does not work with modern setups having reverse HTTP proxies in front as a best practice.' Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ? Also, I have noticed, that you did not enable the built-in www server: 'Page not found: /var/lib/sks/www/index.html' Regards, H.Storm [TheBluProject] On 05/04/2014 07:52, Martin Papik wrote: Thank you very much Jerzy, however I'm facing some problems. I wonder if you have any insight. I'm new to sks, but it seems to me that there might be an apache proxy intercepting the connections and interfering somehow. I don't see my server in http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the sks servers are talking to each other on 11370 so I'm assuming there's some kind of asymmetric setup. Any help would be appreciated. Martin In the log I see (after incrementing http_fetch_size to 1000 to reduce the number of entries). 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370 changed from [] to [ADDR_INET [176.241.243.15]:11370, ADDR_INET [2002:b0f1:f30f::1]:11370] 2014-04-05 08:44:06 6064 hashes recovered from ADDR_INET [176.241.243.15]:11371 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:11 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:12 Requesting 1000 missing keys from ADDR_INET [176.241.243.15]:11371, starting with D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) 2014-04-05 08:44:12 Requesting 64 missing keys from ADDR_INET [176.241.243.15]:11371, starting with FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC \-//IETF//DTD HTML 2.0//EN\) The tcpdump output contains (looks like HTTP 0.9, no host header in the request, no HTTP headers in the response). Request to 176.241.243.15:11371 POST /pks/hashquery content-length: 24 Response from 176.241.243.15:11371 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title502 Proxy Error/title /headbody h1Proxy Error/h1 pThe proxy server received an invalid response from an upstream server.br / The proxy server could not handle the request ema href=/pks/hashqueryPOSTnbsp;/pks/hashquery/a/em.p Reason: strongError reading from remote server/strong/p/p hr addressApache Server at keyserver.kolosowscy.pl Port 80/address /body/html On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote: Hi, I added your server. My line to add: keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski je...@kolosowscy.pl Rgds, Jerzy Ko?osowski Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze: Hi everyone, I've just configured sks 1.1.1 (default on Ubuntu) on sks-server.randala.com. The machine has IPv6 but SKS has not yet been assigned an address. I wonder, is there an advantage (e.g. in terms of peering)? The server is located in Germany/EU. For now I'm deploying the server for RD as a proxy for my private server (behind my ISPs randomized NAT). You may contact me if you have further questions or for any issues,