Re: [Sks-devel] Configuring the reverse proxy to support large keys

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Configuring the reverse proxy to support large keys - HT

From:	Andrew Alderwick
Subject:	Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413
Date:	Mon, 28 Apr 2014 18:32:05 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

Dear all,

On Mon, Apr 28, 2014 at 06:25:45PM +0200, Kristian Fiskerstrand wrote:

I've received reports that uploading some (large) keys to some of the
keyservers in the pool (my test shows failure on 30 servers after
trying to run against 115: These are listed in [A]) results in a
gpgkeys: HTTP post error 22: The requested URL returned error: 413
Request Entity Too Large

[...]

keys2.alderwick.co.uk
keys.alderwick.co.uk

Good catch, Kristian, and thanks for scanning my servers. I've fixedtheir config now.


On Mon, Apr 28, 2014 at 07:05:00PM +0200, Gabor Kiss wrote:

I have not yet implemented an automated check for this in the pool
(and a bit unsure how I'd do it without actually sending large amount
of data to the server during the check, something I generally want to
avoid), but might run a semi-manual / scripted check and add affected
servers to the blacklist if the issue persists after some time.


My 2 cents:
It is not necessary to thest this attribute more than once a week.
And servers passing the test need no more examination.

I was wondering if, separately to the automated checks, a script on thewiki would be helpful for new admins to test a server. I could have abash at it, unless anyone knows of a testing script that already exists.


Example output:

$ ./sks-lint keys.alderwick.co.uk
Testing keys.alderwick.co.uk...
[ OK ] SKS version is 1.1.4
[ OK ] 3608500 keys in database
[ OK ] lookup via port 80 supported
[FAIL] lookup via hkps failed
       - SSL certificate is invalid
           - common name is ssl.alderwick.co.uk - see http://example.com/sni
[FAIL] large key upload failed
       - server returned HTTP error 413 - see http://example.com/upload_size

Such a script could come with switches for the admin to indicate ifthey're interested in being in all the pools, some of them, or merelychecking that their config doesn't have any obvious flaws.


Thanks,
Andy

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Kristian Fiskerstrand, 2014/04/28
- Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Gabor Kiss, 2014/04/28
- Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Jeremy T. Bouse, 2014/04/28
  - Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Phil Pennock, 2014/04/28
    - Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Daniel Kahn Gillmor, 2014/04/28
  - Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Kristian Fiskerstrand, 2014/04/28
- Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Andrew Alderwick <=
- Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413, Tobias Frei, 2014/04/29

Prev by Date: Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413
Next by Date: Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413
Previous by thread: Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413
Next by thread: Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413
Index(es):
- Date
- Thread