Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Tobias Frei]

Hi,

if you'd be using the latest Ubuntu, you would probably also have
access to the newest SKS version in the repositories. ;-)

Ubuntu 14.04 LTS will come out soon; upgrading to that should give you
1.1.4.


If your server is running on amd64, you can use this .deb for now, if
you want to:
http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb



Best regards,
Tobias Frei


Am 05.04.2014 16:17, schrieb Martin Papik:
> 
> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
> install that one without an explicit parameter boggles me a bit. Oh
> well. Is that sufficient, or will I have to install the very latest
> from source?
> 
> The web server is enabled, there's just no main page in the
> directory yet.
> 
> I see "Error fetching key from hash **** : Not_found" messages in
> the log though, is this normal? The hashes update, so I'm not
> overly worried, just want to know if this is normal.
> 
> Anyway, thanks again for taking the time to assist me.
> 
> Martin
> 
> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
> 
> Quoting from 
> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
> 
> 'Versions prior to 1.1.2 have a severe interoperability bug (POST 
> requests for exchanging keys are HTTP/0.9, does not work with
> modern setups having reverse HTTP proxies in front as a best
> practice.'
> 
> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4
> instead ?
> 
> Also, I have noticed, that you did not enable the built-in www
> server:
> 
> 'Page not found: /var/lib/sks/www/index.html'
> 
> Regards, H.Storm [TheBluProject]
> 
> On 05/04/2014 07:52, Martin Papik wrote:
>>>> Thank you very much Jerzy, however I'm facing some problems.
>>>> I wonder if you have any insight. I'm new to sks, but it
>>>> seems to me that there might be an apache proxy intercepting
>>>> the connections and interfering somehow. I don't see my
>>>> server in 
>>>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but
>>>> the sks servers are talking to each other on 11370 so I'm
>>>> assuming there's some kind of asymmetric setup.
>>>> 
>>>> Any help would be appreciated.
>>>> 
>>>> Martin
>>>> 
>>>> In the log I see  (after incrementing http_fetch_size to 1000
>>>> to reduce the number of entries).
>>>> 
>>>> 2014-04-05 08:43:40 address for
>>>> keyserver.kolosowscy.pl:11370 changed from [] to [<ADDR_INET
>>>> [176.241.243.15]:11370>, <ADDR_INET 
>>>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes 
>>>> recovered from <ADDR_INET [176.241.243.15]:11371> 2014-04-05 
>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>> [176.241.243.15]:11371>, starting with 
>>>> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>> Requesting 1000 missing keys from <ADDR_INET
>>>> [176.241.243.15]:11371>, starting with 
>>>> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>> Requesting 1000 missing keys from <ADDR_INET
>>>> [176.241.243.15]:11371>, starting with 
>>>> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>> Requesting 1000 missing keys from <ADDR_INET
>>>> [176.241.243.15]:11371>, starting with 
>>>> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>> Requesting 1000 missing keys from <ADDR_INET
>>>> [176.241.243.15]:11371>, starting with 
>>>> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:12
>>>> Requesting 1000 missing keys from <ADDR_INET
>>>> [176.241.243.15]:11371>, starting with 
>>>> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:12
>>>> Requesting 64 missing keys from <ADDR_INET
>>>> [176.241.243.15]:11371>, starting with 
>>>> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error
>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>> \"-//IETF//DTD HTML 2.0//EN\">")
>>>> 
>>>> The tcpdump output contains (looks like HTTP 0.9, no host
>>>> header in the request, no HTTP headers in the response).
>>>> 
>>>> Request to 176.241.243.15:11371
>>>> 
>>>> POST /pks/hashquery content-length: 24
>>>> 
>>>> Response from 176.241.243.15:11371
>>>> 
>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>>> <html><head> <title>502 Proxy Error</title> </head><body>
>>>> <h1>Proxy Error</h1> <p>The proxy server received an invalid
>>>> response from an upstream server.<br /> The proxy server
>>>> could not handle the request <em><a 
>>>> href="/pks/hashquery">POST&nbsp;/pks/hashquery</a></em>.<p>
>>>> Reason: <strong>Error reading from remote
>>>> server</strong></p></p> <hr> <address>Apache Server at
>>>> keyserver.kolosowscy.pl Port 80</address> </body></html>
>>>> 
>>>> 
>>>> 
>>>> 
>>>> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>>>>> Hi,
>>>>> 
>>>>> I added your server. My line to add:
>>>>> 
>>>>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 
>>>>> <address@hidden>
>>>>> 
>>>>> Rgds,
>>>>> 
>>>>> Jerzy Ko?osowski
>>>>> 
>>>>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
>>>>>> Hi everyone,
>>>>>> 
>>>>>> I've just configured sks 1.1.1 (default on Ubuntu) on 
>>>>>> sks-server.randala.com. The machine has IPv6 but SKS has
>>>>>> not yet been assigned an address. I wonder, is there an
>>>>>> advantage (e.g. in terms of peering)? The server is
>>>>>> located in Germany/EU. For now I'm deploying
>>>>> the
>>>>>> server for R&D as a proxy for my private server (behind
>>>>>> my ISPs randomized NAT).
>>>>>> 
>>>>>> You may contact me if you have further questions or for
>>>>>> any issues, operational or otherwise.
>>>>>> 
>>>>>> Loaded from: http://keys.niif.hu/keydump/ [2014-03-31?
>>>>>> ... köszönöm] Loaded: 3583821 keys
>>>>>> 
>>>>>> Line to add to /etc/sks/membership
>>>>>> 
>>>>>> sks-server.randala.com 11370
>>>>>> 
>>>>>> Thank you.
>>>>>> 
>>>>>> Martin
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Sks-devel mailing list address@hidden 
>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Sks-devel mailing list address@hidden 
>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>> 
>>>> 
>>>> _______________________________________________ Sks-devel
>>>> mailing list address@hidden 
>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>> 
>> 
>> _______________________________________________ Sks-devel mailing
>> list address@hidden 
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> 
> _______________________________________________ Sks-devel mailing
> list address@hidden 
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>