On 04/28/2012 09:26 AM, Jens Leinenbach wrote: > As already discussed on this list, there is this old SKS bug using POST > requests without sending the http version, so ngnix denies these POST > request. > And I didn't find any workaround, so that ngnix can fix these requests.
It looks like you're running debian on that server. If you're running
squeeze, the version of sks in squeeze-proposed-updates
(1.1.1+dpkgv3-6+squeeze1) contains a fix for the POST request business.
If you're running wheezy or sid, you can find the same fix in version
1.1.1+dpkgv3-7.1.
Anyone who runs sks on debian should upgrade to either of these versions
to be able to query HKP servers that run behind reverse proxies.
This won't solve all of your problems (peers who don't run debian or
don't upgrade still won't be able to contact your machine), but that's
arguably their problem, not yours.
I do not recommend exposing SKS directly on port 11372, since that would
mean leaving yourself exposed directly to the same DoS attack that the
reverse proxies are intended to buffer against.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
