Re: [Sks-devel] Seeking peers for keyserver.opensuse.org

[Chris Boot]

On 08/04/16 09:20, Lars Vogdt wrote:
> Am Fri, 8 Apr 2016 09:04:31 +0100
> schrieb Chris Boot <address@hidden>:
>>> > > So what is the best practice here? I found some sks servers running
>>> > > the same web-pages on 11371 and some which do not provide any
>>> > > webpage.  
>> > 
>> > 
>> > That's fair enough - I don't use nginx for my keyserver so I can't
>> > really comment on those instructions, but it feels to me like a
>> > keyserver should present the same interface on port 11371 as it does
>> > on port 80. That's not to say that it's broken, and it certainly
>> > looks like it will work for the more general use case of GPG fetching
>> > keys, it just feels less user friendly.
> I with you regarding the user friendliness. So let me see if I should
> simply get rid of nginx or find another solution to provide the WebUI
> also on Port 11371. :-)

Hi Lars,

I'm sure you can do it without dropping Nginx; I don't think the web
server / reverse proxy has much to do with it. I'd imagine you just need
to forward to your internal port 11371 using the same method on port 80
as you do on your external port 11371.

The error I'm getting is "Page not found: /srv/sks/web/index.html". I'd
say it's SKS itself generating that error, so it can't find its HTML
files. Looking at your headers, it seems that your port 11371 server
isn't going through Nginx at all, which may be part of the problem - I
don't see a 'Via' header as I expected to.

What I ended up doing is forcing sks's to listen to localhost only for HKP:

hkp_address: 127.0.0.1 ::1

Then I have Apache listen on my external IP addresses on port 11371 (not
the catch-all 0.0.0.0 or :: address) and proxy requests through.

Cheers,
Chris

-- 
Chris Boot
address@hidden