[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] nginx proxy_ignore_client_abort with kqueue
|
From: |
Phil Pennock |
|
Subject: |
Re: [Sks-devel] nginx proxy_ignore_client_abort with kqueue |
|
Date: |
Fri, 1 Mar 2013 16:12:43 -0500 |
On 2013-02-28 at 04:34 -0500, Phil Pennock wrote:
> So, it appears that nginx is not honouring:
> proxy_ignore_client_abort on;
> if the server was built with kqueue support (FreeBSD).
Turns out, this comes from the still-experimental SPDY patch.
Waited a day, got no response, went ahead and posted to the nginx list;
got a nice (and speedy (*ducks)) response from Maxim Dounin.
CONCLUSION:
SKS keyserver operators who are using an nginx reverse proxy, on a
KQUEUE-enabled system, SHOULD NOT apply the SPDY patch to nginx, in
the patch's current form (patch version 65).
SKS keyserver operators who use nginx *MUST* set:
proxy_ignore_client_abort on;
in server blocks which pass requests onto SKS.
Applying that patch will break interop with versions of GnuPG which
use `shutdown(sock, SHUT_WR)` on their client connections, which
happens in some versions when GnuPG is not built against a real
libcurl library. This affects current releases of GnuPG2 (but not
GnuPG1) in the wild, and the fix has been applied to the GnuPG
STABLE-BRANCH-2-0 branch, to be in the next release, but we should
expect broken versions to still be around for a few years.
I'm cautiously optimistic that a future version the SPDY patch will gain
some kind of work-around, perhaps including another new option. We'll
see.
I'll update the wiki page with guidance.
-Phil
pgp5bWJg0TGat.pgp
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Sks-devel] nginx proxy_ignore_client_abort with kqueue,
Phil Pennock <=