Hi Phil,
If someone has a current good example of Apache config for this, we
should add that too.
this is how my apache proxies requests to sks:
VirtualHost MY-KEYSERVER-IP:11371
ServerName MY-KEYSERVER-HOSTNAME
ServerAlias pool.sks-keyservers.net
ServerAlias
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/27/2013 09:08 PM, Stephan Seitz wrote:
Hi Phil,
If someone has a current good example of Apache config for this,
we should add that too.
Hi Stephan,
Are the ServerAliases strictly necessary for a port binding to 11371?
Presumably
On 02/27/2013 12:36 PM, Kristian Fiskerstrand wrote:
Are the ServerAliases strictly necessary for a port binding to 11371?
Presumably you're not using canonical names to determine the service.
If the aliases really are necessary, keep in mind that some pools are
using a CNAME to
On 2013-02-27 at 21:08 +0100, Stephan Seitz wrote:
this is how my apache proxies requests to sks:
I see that the Server: header from SKS is being preserved in your setup;
is the Via header also automatically derived? Did you want to put in
anything just to say Apache?
I've put this into the
Phil Pennock wrote:
If someone has a current good example of Apache config for this, we
should add that too.
Using this on both servers, ports 80 11371
VirtualHost *:11371
ServerName keyserver.example.net
ServerAlias pool.sks-keyservers.net *.pool.sks-keyservers.net
Daniel referring to the reverse proxy stuff as a best practice nudged me
to take another look at the peering wiki page.
I've emphasised the current stance of folks that this is a best
practice, as backed by Daniel's stance, the impact of not doing so, and
the sheer number of servers on
