Re: [Sks-devel] Get SKS to listen on port 80

[Danny Horne]

On 26/08/2016 1:19 am, Phil Pennock wrote:
> On 2016-08-25 at 21:37 +0100, Danny Horne wrote:
>> I've googled this and can't find an answer.  The SKS man page states -
>>
>> -use_port_80
>> Have the HKP interface listen on port 80, as well as the hkp_port.
>>
>> I've added 'use_port_80:'  to sksconf but it doesn't listen on port 80
> Port 80 is a privileged port, being numbered less than 1024.  On Unix
> systems, by default, you require elevated privileges to be able to bind
> to that port.
>
> Dedicated web-servers typically start as root to do things like bind
> ports before dropping privilege to a run-time user.  Since SKS is
> "single-request-at-a-time", with no ability to handle concurrent
> requests, one slow request by one user can slow everything down.  Thus
> roughly everyone today puts a reverse proxy in front of SKS, to handle
> the requests and get the SKS communication done as quickly as possible,
> not blocking other requests.
I think you have something there, I understand how web servers start as
root, SKS is running under the sks user, and I have no intention of
changing that.  I think I'll do as most (all?) others have suggested and
get Nginx to reverse proxy from port 80 as well as 11371.

I think also that what's claimed in the SKS man page needs addressing,
if SKS by default doesn't start as the root user its claim that it can
listen on port 80 must be wrong.

signature.asc
Description: OpenPGP digital signature