Re: [Sks-devel] SKS peering request [sks-server.randala.com]

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

From:	BluKeyserver
Subject:	Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Date:	Sat, 05 Apr 2014 14:38:07 +0100
User-agent:	Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering

'Versions prior to 1.1.2 have a severe interoperability bug (POST
requests for exchanging keys are HTTP/0.9, does not work with modern
setups having reverse HTTP proxies in front as a best practice.'

Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?

Also, I have noticed, that you did not enable the built-in www server:

'Page not found: /var/lib/sks/www/index.html'

Regards,
H.Storm [TheBluProject]

On 05/04/2014 07:52, Martin Papik wrote:
> 
> Thank you very much Jerzy, however I'm facing some problems. I
> wonder if you have any insight. I'm new to sks, but it seems to me
> that there might be an apache proxy intercepting the connections
> and interfering somehow. I don't see my server in 
> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the
> sks servers are talking to each other on 11370 so I'm assuming
> there's some kind of asymmetric setup.
> 
> Any help would be appreciated.
> 
> Martin
> 
> In the log I see  (after incrementing http_fetch_size to 1000 to
> reduce the number of entries).
> 
> 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370
> changed from [] to [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET 
> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
> recovered from <ADDR_INET [176.241.243.15]:11371> 2014-04-05
> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
> [176.241.243.15]:11371>, starting with
> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:12 Requesting 1000 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">") 2014-04-05 08:44:12 Requesting 64 missing keys from
> <ADDR_INET [176.241.243.15]:11371>, starting with
> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting
> missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> 2.0//EN\">")
> 
> The tcpdump output contains (looks like HTTP 0.9, no host header in
> the request, no HTTP headers in the response).
> 
> Request to 176.241.243.15:11371
> 
> POST /pks/hashquery content-length: 24
> 
> Response from 176.241.243.15:11371
> 
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> 
> <title>502 Proxy Error</title> </head><body> <h1>Proxy Error</h1> 
> <p>The proxy server received an invalid response from an upstream
> server.<br /> The proxy server could not handle the request <em><a 
> href="/pks/hashquery">POST&nbsp;/pks/hashquery</a></em>.<p> Reason:
> <strong>Error reading from remote server</strong></p></p> <hr> 
> <address>Apache Server at keyserver.kolosowscy.pl Port
> 80</address> </body></html>
> 
> 
> 
> 
> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>> Hi,
>> 
>> I added your server. My line to add:
>> 
>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 
>> <address@hidden>
>> 
>> Rgds,
>> 
>> Jerzy Ko?osowski
>> 
>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
>>> Hi everyone,
>>> 
>>> I've just configured sks 1.1.1 (default on Ubuntu) on 
>>> sks-server.randala.com. The machine has IPv6 but SKS has not
>>> yet been assigned an address. I wonder, is there an advantage
>>> (e.g. in terms of peering)? The server is located in
>>> Germany/EU. For now I'm deploying
>> the
>>> server for R&D as a proxy for my private server (behind my
>>> ISPs randomized NAT).
>>> 
>>> You may contact me if you have further questions or for any
>>> issues, operational or otherwise.
>>> 
>>> Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ...
>>> köszönöm] Loaded: 3583821 keys
>>> 
>>> Line to add to /etc/sks/membership
>>> 
>>> sks-server.randala.com 11370
>>> 
>>> Thank you.
>>> 
>>> Martin
>>> 
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>> 
>>> 
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> 
> 
> _______________________________________________ Sks-devel mailing
> list address@hidden 
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTQAc1AAoJECAbDNi5hly1xZsP/33HxdOB3IR2xKVb611YHDCg
Sq4+bqrMystY4uN4tXIZY9n4QC7GzeXzX8Z84nfPrroNaWUeDsQVhO5Wj6fH0hOV
QSF3CruKigQEQOfhwZtto1y8bVAXrQtHyt28RNl8ogkwv99iIf+0uR6zvnGh/Mo3
ViYIWzlPvCf9sa5wSL2R678EKQ7tK3YUcouNhBAr4HZSrDGao1KfEoA5VnzblwLY
bndrMA3JSO4wyYsAIKPks1EXe42tOSQJ5c7t1snFDxDkkMGTXQjiVkXJbYjDD+++
jRRFhxeJRZBpddl/1yYieqOIUC9up2xAY6s0ypSSQYOkfOZxGvgbPULSUNY0VdyR
cwQqJ4/iahcLnFiHggLKIRt+ec3LyosHtLigFzmZ3WaRZIeW2loRTOYGTxhA9kxr
tmWeoJpWfLWD7kqEa1QBb/9VwIidZ3nq6UhXLDRYr9PDU3iKRpZmDVj5Me/bqU4D
e7u3G9M3jV+RALayav6zdETIQUBkt4/l8M22XZSv1HZFY1EXsWX2uctJPOxr/5D6
q1kl4sNzWFgK2kVBqyOMMD2hXyt3FKT2Sf66jA/q46hfRS+uxJ1TeKOe5gI4PUqE
T8/8SXAm4BVjAD/DIlrnwSClpZL7uRr8VmNUIvyEWEkJYhuJRgpLUqFOHK25W84V
weobILt1mOdzud5jg1rQ
=P0g7
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/02
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Jerzy Kołosowski, 2014/04/04
  - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], BluKeyserver <=
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Phil Pennock, 2014/04/07
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/07
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/08
    - Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/09

Prev by Date: Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Next by Date: Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Previous by thread: Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Next by thread: Re: [Sks-devel] SKS peering request [sks-server.randala.com]
Index(es):
- Date
- Thread