[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS peering request [sks-server.randala.com]
From: |
BluKeyserver |
Subject: |
Re: [Sks-devel] SKS peering request [sks-server.randala.com] |
Date: |
Sat, 05 Apr 2014 14:38:07 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Martin,
Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
'Versions prior to 1.1.2 have a severe interoperability bug (POST
requests for exchanging keys are HTTP/0.9, does not work with modern
setups having reverse HTTP proxies in front as a best practice.'
Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?
Also, I have noticed, that you did not enable the built-in www server:
'Page not found: /var/lib/sks/www/index.html'
Regards,
H.Storm [TheBluProject]
On 05/04/2014 07:52, Martin Papik wrote:
>
> Thank you very much Jerzy, however I'm facing some problems. I
> wonder if you have any insight. I'm new to sks, but it seems to me
> that there might be an apache proxy intercepting the connections
> and interfering somehow. I don't see my server in
> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the
> sks servers are talking to each other on 11370 so I'm assuming
> there's some kind of asymmetric setup.
>
> Any help would be appreciated.
>
> Martin
>
> In the log I see (after incrementing http_fetch_size to 1000 to
> reduce the number of entries).
>
> 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370
> changed from [] to [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET
> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
> recovered from <ADDR_INET [176.241.243.15]:11371> 2014-04-05
> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
> [176.241.243.15]:11371>, starting with
> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:12 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:12 Requesting 64 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">")
>
> The tcpdump output contains (looks like HTTP 0.9, no host header in
> the request, no HTTP headers in the response).
>
> Request to 176.241.243.15:11371
>
> POST /pks/hashquery content-length: 24
>
> Response from 176.241.243.15:11371
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
> <title>502 Proxy Error</title> </head><body> <h1>Proxy Error</h1>
> <p>The proxy server received an invalid response from an upstream
> server.<br /> The proxy server could not handle the request <em><a
> href="/pks/hashquery">POST /pks/hashquery</a></em>.<p> Reason:
> <strong>Error reading from remote server</strong></p></p> <hr>
> <address>Apache Server at keyserver.kolosowscy.pl Port
> 80</address> </body></html>
>
>
>
>
> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>> Hi,
>>
>> I added your server. My line to add:
>>
>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
>> <address@hidden>
>>
>> Rgds,
>>
>> Jerzy Ko?osowski
>>
>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
>>> Hi everyone,
>>>
>>> I've just configured sks 1.1.1 (default on Ubuntu) on
>>> sks-server.randala.com. The machine has IPv6 but SKS has not
>>> yet been assigned an address. I wonder, is there an advantage
>>> (e.g. in terms of peering)? The server is located in
>>> Germany/EU. For now I'm deploying
>> the
>>> server for R&D as a proxy for my private server (behind my
>>> ISPs randomized NAT).
>>>
>>> You may contact me if you have further questions or for any
>>> issues, operational or otherwise.
>>>
>>> Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ...
>>> köszönöm] Loaded: 3583821 keys
>>>
>>> Line to add to /etc/sks/membership
>>>
>>> sks-server.randala.com 11370
>>>
>>> Thank you.
>>>
>>> Martin
>>>
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>
>>>
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
>
>
> _______________________________________________ Sks-devel mailing
> list address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTQAc1AAoJECAbDNi5hly1xZsP/33HxdOB3IR2xKVb611YHDCg
Sq4+bqrMystY4uN4tXIZY9n4QC7GzeXzX8Z84nfPrroNaWUeDsQVhO5Wj6fH0hOV
QSF3CruKigQEQOfhwZtto1y8bVAXrQtHyt28RNl8ogkwv99iIf+0uR6zvnGh/Mo3
ViYIWzlPvCf9sa5wSL2R678EKQ7tK3YUcouNhBAr4HZSrDGao1KfEoA5VnzblwLY
bndrMA3JSO4wyYsAIKPks1EXe42tOSQJ5c7t1snFDxDkkMGTXQjiVkXJbYjDD+++
jRRFhxeJRZBpddl/1yYieqOIUC9up2xAY6s0ypSSQYOkfOZxGvgbPULSUNY0VdyR
cwQqJ4/iahcLnFiHggLKIRt+ec3LyosHtLigFzmZ3WaRZIeW2loRTOYGTxhA9kxr
tmWeoJpWfLWD7kqEa1QBb/9VwIidZ3nq6UhXLDRYr9PDU3iKRpZmDVj5Me/bqU4D
e7u3G9M3jV+RALayav6zdETIQUBkt4/l8M22XZSv1HZFY1EXsWX2uctJPOxr/5D6
q1kl4sNzWFgK2kVBqyOMMD2hXyt3FKT2Sf66jA/q46hfRS+uxJ1TeKOe5gI4PUqE
T8/8SXAm4BVjAD/DIlrnwSClpZL7uRr8VmNUIvyEWEkJYhuJRgpLUqFOHK25W84V
weobILt1mOdzud5jg1rQ
=P0g7
-----END PGP SIGNATURE-----
- [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/02
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Jerzy Kołosowski, 2014/04/04
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com],
BluKeyserver <=
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Phil Pennock, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/08
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/09