Re: [Sks-devel] Searching servers to sync new server

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Searching servers to sync new server

From:	Pete Stephenson
Subject:	Re: [Sks-devel] Searching servers to sync new server
Date:	Mon, 01 Sep 2014 14:04:12 +0200
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 9/1/2014 11:39 AM, echelon wrote:
> On 01.09.2014 10:30, Pete Stephenson wrote:
> 
>> Hi,
> 
>> Your server is listening on ports 11371 in addition to 80. Is this
>> what you intended?
> 
>> Also, the suggested membership line is incorrect: you specified
>> port 80 as the recon port. According to 
>> http://keys.i2p-projekt.de/pks/lookup?op=stats your server is
>> listening to port 11370 for recon traffic.
> 
>> Assuming you intend to listen to port 11370 for recon traffic, the 
>> correct line would be: keys.i2p-projekt.de 11370 # echelon
>> <address@hidden> 0x4A9B1723
> 
>> That said, I've added your server as a peer (assuming you intend
>> to listen for recon on 11370). You can add mine to your membership
>> file as:
> 
>> ams.sks.heypete.com 11370 # Pete Stephenson <address@hidden>
>> 0x85EB9F44
> 
> Hi!
> 
> The public reachable port is 80 via apache2 proxy on a vhost. The
> internal sks port is still 11370/11371, as port 80/443 is in use by
> Apache2 with different vhosts. So I cannot set SKS to listen on port 80.

Ah, ok. No worries.

In the future, if you're interested in also running on port 11371 you
can configure the Apache2 proxy to listen on that port as well.
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering has the
details. That's what I've done on my server.

From that page there's also an important note to not put a proxy in
front of port 11370, as the recon protocol is not HTTP.

> Ports 11370/11371 are closed in firewall and will only be opened for
> the syncing sks servers addresses.

Understood. In that case, you'd still want to include the recon port
(11370) in the membership line you mentioned above -- gossip peers will
connect to that port. The original line you mentioned would have peers
connect to port 80 for gossip, which is probably not what you intended.

> Yeah, a bit confusing, but if I want to run a SKS server without need
> to add ports to the address in browser, thats the solution I came up with.
> I will add your server to mine and test, thank you so far.

Sounds good. I just checked your server and it appears that you made a
small typo when adding my server and left off the "a" in "ams". That DNS
name doesn't exist.

If you want to coordinate for some specific tests, let me know and I'd
be happy to make adjustments on my end to help.

Cheers!
-Pete

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Searching servers to sync new server, Pete Stephenson, 2014/09/01
- Re: [Sks-devel] Searching servers to sync new server, echelon, 2014/09/01
  - Re: [Sks-devel] Searching servers to sync new server, Pete Stephenson <=
- Re: [Sks-devel] Searching servers to sync new server, echelon, 2014/09/01

Prev by Date: Re: [Sks-devel] Searching servers to sync new server
Next by Date: Re: [Sks-devel] Searching servers to sync new server
Previous by thread: Re: [Sks-devel] Searching servers to sync new server
Next by thread: Re: [Sks-devel] Searching servers to sync new server
Index(es):
- Date
- Thread