[Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've received reports that uploading some (large) keys to some of the
keyservers in the pool (my test shows failure on 30 servers after
trying to run against 115: These are listed in [A]) results in a
gpgkeys: HTTP post error 22: The requested URL returned error: 413
Request Entity Too Large

In this case the Content-Length is 1377406, seemingly exceeding the
default nginx configuration. The fix for nginx is to set
client_max_body_size 2m; (or larger) in the http context of nginx.conf.

I have not yet implemented an automated check for this in the pool
(and a bit unsure how I'd do it without actually sending large amount
of data to the server during the check, something I generally want to
avoid), but might run a semi-manual / scripted check and add affected
servers to the blacklist if the issue persists after some time.

gpg2 --send-key DE7AAF6E94C09C7F can be used to test.

Please consider re-configuring the servers accordingly.

[A] non-exhaustive list of servers affected
sks.spodhuis.org
zimmermann.mayfirst.org
vm-keyserver.spline.inf.fu-berlin.de
keyserver.mesh.deuxpi.ca
sks.fidocon.de
keys.exosphere.de
keys.sflc.info
pgpkeys.mallos.nl
keyserver.uz.sns.it
openpgp.andrew.kvalhe.im
pgp.gmu.edu
keyserver.compbiol.bio.tu-darmstadt.de
keys2.alderwick.co.uk
keys.alderwick.co.uk
keyserver.advmapper.com
sks.undergrid.net
keys.jhcloos.com
sks.alpha-labs.net
pgpkey.org
keys.indymedia.org
pgp.freiwuppertal.de
keyserver.linuxpro.nl
keyserver.secure-u.de
sks.stsisp.ro
key.ip6.li
keys-01.licoho.de
key.adeti.org
keys-02.licoho.de
keyserver.durcheinandertal.ch
keyserver.blupill.com


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Varitatio delectat
Change pleases
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTXoEGAAoJEPw7F94F4Tagyc0P/jKRdmXTAajPGdIDemTl0Nhi
tCkghQqiwyIyVp0NVSBpE8Ohw8gRN4RiyFkR8T6bMz6Iu3bIEGwgwiYFZvn2dTNr
WjucyQJ+Rf3WfQ0Nt0Zuv0hM8Ntm6S3zI5/Lyxd4QmczFPkPLcHI/XRR05bVYFid
SdWxUqmQ6v7Mxs0h+pjZi9F11H0KYRra8H610iDdjg8mMdPgnQkUJxoGZ1y00Wsy
nAA9UN3ygLzVNwhBkbj90H2VRNgZt3TOiQmXhH7D6qQW4dhVzW8B4EHmjj16fiaY
3mJTErAnzvN3wgizXD3GhZ2uo4h9IGjKFR8i2sGTZQTQP4/yl0AhTwqsOLQ6c82f
lfBEvWmXi8OP26cK6INT88sBQOu3CK8cMFVMhDHgu9iTd8fvccwOwNB9iRXwpH8U
AFq+NU8qpE19HispdEu0sAZLNuK+HKdwEXxyHvu1Bi/OCC1GMGUnApWYQMNhwK2x
NwhCEVwyehzyOa0cJQiKmAMc8PUpXcPsMQO4Oz/XeNXRdAbdCGOJmBP2/VKnT7JY
eHTHpECb737P7qhBi6o1dfeGxSf4AhioqoOcxd3dvY/DaU3pPUbV4b2skRtTT5Ux
ajcTQHd5ZqtBonbISkX9IKXE+Bt84fzRabT9aT3S7Wb6BtGZq7iTSfcWLB8fOYpg
JPYLKIVO3p0i6lh4pMZl
=00Kr
-----END PGP SIGNATURE-----