Re: [Sks-devel] New server at keyserver.mesh.deuxpi.ca

[Philippe Gauthier]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-11-18 23:55, Phil Pennock wrote:
> The hostname in DNS now has an A record too, but the recon port is
> not open on IPv4.  This isn't going to work too well.

Good point. I moved the A record to the dynamic IPv4 address -- it
will take one day to propagate. Also, if I understand correctly,
Gossip works with NAT but proxying wouldn't have helped.

> You can use different hostnames for peering and for clients, and
> give the peers the hostname which you want usable from the outside
> world. You probably want to keep the hostname in sksconf to be the
> external one, as that's what external pool systems may use for SRV
> records.

I may create a second hostname, but I plan to keep the current one
working for peering and the external world.

The hkp port is handled by nginx which responds to port 11371 and 80.
In the case of port 80, the connection be correctly proxied to sks
only if the hostname of the keyserver matches. Should I add
"pool.sks-keyservers.net *.pool.sks-keyservers.net" to server_name?

- -- 
Philippe Gauthier <address@hidden>
http://www.deuxpi.ca/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlCqvNoACgkQdX62PscofCQAggCgnwtQ30MfRPHOO5tfIQHTVBZM
LdAAn3pbUUoHziVDZQqR2JKozfmJeet9
=y3FN
-----END PGP SIGNATURE-----