-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 28.04.2012 15:26, Jens Leinenbach wrote: > Hi Kristian, > > I installed a reverse proxy over a week ago, but it seems not to > be recognized, as you can see here: > http://keyserver.ccc-hanau.de:11371/ngnix > http://sks-keyservers.net/status/info/keyserver.ccc-hanau.de To > configure that, I left the SKS configuration untouched (after some > known problems) and just changed some shorewall settings for the > ports. > > As already discussed on this list, there is this old SKS bug using > POST requests without sending the http version, so ngnix denies > these POST request. And I didn't find any workaround, so that ngnix > can fix these requests. > > Regards, Jens >
Hi Jens, The workaround is to make SKS listen to e.g. port 11372, as specified in hkp_port in sksconf, that is allowed access only by your peer list. Upon reconciliation (usually port 11370, as specified in the membership file of the peers). HKP (client perspective), however, default to 11371. As such you can make nginx (or any other reverse proxy) listen to this port. Just to have it mentioned, a fix for the POST error got into the source on Apr 5 [1] As for the use of nginx, are you sure this is being done on the public-facing interface? try running e.g. "wget -S http://keyserver.ccc-hanau.de:11371/pks/lookup?op=stats" , at the moment I'm only seeing "Server: sks_www/1.1.1" from my computers. [1] http://code.google.com/r/johnclizbe-sks-keyserver/source/detail?r=dc1d4aed4ef7e97d7e2f83cde73fb6a0a7c0e384 - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPm/SJAAoJEBbgz41rC5UIH84QAK+4LbbRyl9tCVJ2vVyS8OBn HZozm64ZnvMKhcQPY/RVA/KTazzbQOxb6M7lwdTwDrn0dovRD42QDcdFFrcO3/1D 9ct+nVX4etxeTCqsHxu7W4Pm5b/DvNYqUUrL6jU6lihNDN0Dxn5hIQrwlRlzHKZF JPSmF8CmQZNcYDnTotgUmEVuM11NDr9wSTRRPC7ozwon+9eChpPt7WWNdN//7o1L EjoxcrC/3whkpR3rp3ayvBEBcIoy3XIdxa5kLBUrXc35YQLNBx55Ivv55PTupwXb Ppxy71ZPeTea/h+T4Vs667BBXE7KM0HDnSSRcnqPvHGxbRufKRMd7+lQApqwTXBS cWhxDky/lRoDEeHb+thX0yUWdltqHcQaH7qQX9e4qF03aW8taKRgXmGSxW5gTJro BBQPJkzOxbW/zlbAb0jIQ4uFhGD0qSxp0koeZP3NXZ3WGICL0Dn+wQMrB403jral 6xNig+nrLbEVON3A1UbVPPyXkuamRdeHNtWtLEnx3lZXEpV/WN7oZdEM/4IkKj3N +d2AfWB8f+tnjGnJynG+FreJbIxpoyc2nx5mYc7sjz9YQ2ClEaEzQxiSHsUGpLsf yNIz9dkUL3xjDgrowLnm43/VakemsISl/Zu2kK2Mx3iwFyi5TC53zic7qJ85IH7D cu4gqoXaZz8KnISMiG0H =hmsG -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel