[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] keyserver.corenetworking not shown as loadbalanced
|
From: |
Moritz Wirth |
|
Subject: |
[Sks-devel] keyserver.corenetworking not shown as loadbalanced |
|
Date: |
Mon, 5 Sep 2016 12:49:42 +0200 |
Hello,
keyserver.corenetworking.de moved to a new datacenter last night and I
decided to create a second instance for loadbalancing.
All requests (on 80,443,11371) are handled by my nginx-cluster
(corosync), loadbalancing works fine, but my server isn't shown as
loadbalanced on sks-status page. SKS-Recon is listening on a failover
address so 1 Keyserver listens on 11370 on keyserver.corenetworking.de,
both keyservers are also peering together.
Furthermore, I started using Snort, but i think it blocks the spider for
the pool status. Is there an IP-Address which I can whitelist?
Thank you,
Moritz
P.S: Here is my NGINX Config:
server {
listen 172.16.10.13:443 ssl;
listen 172.16.10.15:443 ssl;
listen [2a01:4f8:141:11e6:2::1000]:443 ssl;
ssl_certificate /etc/nginx/ssl/keyserver.crt;
ssl_certificate_key /etc/nginx/ssl/keyserver.key;
add_header Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
server_name keyserver.corenetworking.de;
server_name pgp.corenetworking.de;
server_name sks.corenetworking.de;
server_name key1.corenetworking.de;
server_name key2.corenetworking.de;
server_name *.pool.sks-keyservers.net;
server_name pgp.mit.edu;
server_name keys.gnupg.net;
rewrite ^/stats /pks/lookup?op=stats;
rewrite ^/s/(.*) /pks/lookup?search=$1;
rewrite ^/search/(.*) /pks/lookup?search=$1;
rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;
rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;
rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;
rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;
location / {
root /var/www/html/sks;
index index.html;
}
location /pks {
proxy_pass http://sks-servers/pks;
proxy_pass_header Server;
add_header Via "1.1
keyserver.corenetworking.de:11371 (nginx)";
proxy_ignore_client_abort on;
client_max_body_size 8m;
}
}
server {
listen 172.16.10.13:80;
listen 172.16.10.15:80;
listen [2a01:4f8:141:11e6:2::1000]:80;
listen 172.16.10.13:11371;
listen 172.16.10.15:11371;
listen [2a01:4f8:141:11e6:2::1000]:11371;
server_name keyserver.corenetworking.de;
server_name pgp.corenetworking.de;
server_name sks.corenetworking.de;
server_name key1.corenetworking.de;
server_name key2.corenetworking.de;
server_name *.sks-keyservers.net;
server_name *.pool.sks-keyservers.net;
server_name pgp.mit.edu;
server_name keys.gnupg.net;
rewrite ^/stats /pks/lookup?op=stats;
rewrite ^/s/(.*) /pks/lookup?search=$1;
rewrite ^/search/(.*) /pks/lookup?search=$1;
rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;
rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;
rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;
rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;
location /.well-known {
root /var/www/html;
}
location / {
root /var/lib/sks/www;
index index.html;
}
location /pks {
proxy_pass http://sks-servers/pks;
proxy_pass_header Server;
add_header Via "1.1
keyserver.corenetworking.de:11371 (nginx)";
proxy_ignore_client_abort on;
client_max_body_size 8m;
}
}
upstream sks-servers {
server key1.corenetworking.de:11371;
server key2.corenetworking.de:11371;
}