sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks behind lighttpd reverse proxy

From: Karl Schmitz
Subject: Re: [Sks-devel] sks behind lighttpd reverse proxy
Date: Mon, 02 Dec 2013 10:22:01 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10 
Hi Simon,

Am 02.12.2013 09:08, schrieb Simon Lange:
> Hi all,
>
> sks running fine.
>
> but
>
> if u put it behind a lighttpd reverse proxy for ports 11370 and 11371 it
> wont work anymore.
why reverse-proxy port 11370?
As far as I understood, it's only port 11371 (HKP) which has to be
reverse-proxied.
> 11370 (recon) isnt operational anymore. communication is broken.
> connection establishes but the communication itself does not work. sks
> and company do not understand eachother anymore if a lighttpd reverse
> proxy is between them.
> 11371 almost same. gpg client does not work anymore. a keysearch with
> gpg wont find ANYTHING anymore as long the lighttpd reverse proxy is
> between. only via browser (firefox, chrome, IE, ...) it works. same for
> 443 reverseproxy to 11371.
> sks without any reverse proxy for ports 11370 and 11371 works perfectly.
> gpg finds everything again and recon runs as it always did.
>
> for me it seems just proxying the connection through lighttpd seems not
> be enough for gpg or sks(recon). so what is it that gpg/sks got a
> problem with?
> the lighttpd reverse proxy is correctly configured. every connection to
> that ports is proxied to the daemon running on 127.0.0.1
>
> any ideas?
Remove reverse-proxying of port 11370 and you should be fine.
>
> some information:
> sks 1.1.4
> lighttpd 1.4.30
> http://keys.s-l-c.biz:11371/pks/lookup?op=stats
> you can see the recon gap on dec 1st 2013. this happened when the recon
> port was behind reverse proxy.
> 11371 is currently behind reverseproxy. its reachable also via :80 and
> :443 with hostname keys.s-l-c.biz
>
> configuration snippet (lighttpd):
> server.reject-expect-100-with-417 = "disable"
> $SERVER["socket"] == "87.106.189.5:11371" {
>         server.name             = "keys.s-l-c.biz"
>         accesslog.filename      =
> "/var/log/lighttpd/keys.s-l-c.biz-access-11371.log"
>         proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 11371
> ) ) )
>         setenv.add-response-header = ( "Via" => "1.1
> keys.s-l-c.biz:11371 (lighttpd)" )
> }
>
> #same configuration i tried for 11370 (ofcourse with changed ports).
>
> any help is welcome
>
> regards
>
> Simon
Kind regards,

Karl

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]