Hi Adam,
Be carefully about SKS, behind Varnish, SKS servers are running on different ports, not standard ones, Varnish is a frontend of them. Generally such setup works for me in past, SKS anyway need to be monitored and restarted if crash by puppet for example, but Varnish did it’s job, did proper LoadBalance + HeathCheck and was used to massive caching, so only few queries goes to SKS directly, only when Varnish didn’t have it on selfcache. I stop running did, because I’ve running from my home box and have limited upload bandwidth. Thanks, -- Marcin Gondek / Drixter http://fido.e-utp.net/ <http://fido.e-utp.net/> AS56662 From: Adam Wojcieszonek <a...@eksploracja.org.pl> Sent: Saturday, October 17, 2020 12:55 AM To: Marcin Gondek <drix...@e-utp.net> Cc: sks-devel@nongnu.org Subject: Re: ODP: seeking peers for hyperboria.net.pl Hi Marcin For short test have added Varnish cache and reconfigure apache + sks but Varnish does not pass proxy properly in Your example configuration. Only mainpage of sks showed but not stats. Means apache cannot see nothing after /pks/... Sure have to less experience with proper Varnish configuration. But really good news is daily historgam of sks moving forward with Your sks config . br Adam ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ piątek, 16 października 2020 12:41, Marcin Gondek <drix...@e-utp.net <mailto:drix...@e-utp.net> > napisał(a): Hi, https://fido.e-utp.net/display/EUTPNET/SKS+Server+Caching Maybe my old notes with dual SKS will help. Thanks, -- Marcin Gondek / Drixter http://fido.e-utp.net/ AS56662 ________________________________ Od: Sks-devel <sks-devel-bounces+drixter=e-utp....@nongnu.org <mailto:sks-devel-bounces+drixter=e-utp....@nongnu.org> > w imieniu użytkownika Adam Wojcieszonek <a...@eksploracja.org.pl <mailto:a...@eksploracja.org.pl> > Wysłane: piątek, 16 października 2020 12:37 Do: sks-devel@nongnu.org <mailto:sks-devel@nongnu.org> <sks-devel@nongnu.org <mailto:sks-devel@nongnu.org> > Temat: Re: seeking peers for hyperboria.net.pl Hi again My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/ Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ?? I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS). I am also worried about errors in the log that I wrote about yesterday night. br Adam Sks running few hours and I already have few questions. I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ? 1. Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm (last few hours see 0 updated keys in stats page but DB folder size growing really fast . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page) 2. Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer") 3. Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371 Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371 Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34 Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371 Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe") Can someone explain me what above does it mean ? Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ? # recon_address: 127.0.0.1 recon_port: 11370 hkp_address: 127.0.0.1 ::1 hkp_port: 11371 Adam
openpgp-digital-signature.asc
Description: PGP signature
