Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Phil Pennock
On 2013-02-27 at 17:35 -0600, John Clizbe wrote: > Header set Server "Apache/2.4.2 (Unix)" Eh, we really want to leave the Server: header showing the sks_www value if possible, right? Then use Via: to show the proxy information. -Phil pgpbKYLafceuc.pgp Description: PGP signature __

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread John Clizbe
Phil Pennock wrote: > > If someone has a current good example of Apache config for this, we > should add that too. Using this on both servers, ports 80 & 11371 ServerName keyserver.example.net ServerAlias pool.sks-keyservers.net *.pool.sks-keyservers.net ServerAlias keys.gnupg.ne

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Phil Pennock
On 2013-02-27 at 21:08 +0100, Stephan Seitz wrote: > this is how my apache proxies requests to sks: I see that the Server: header from SKS is being preserved in your setup; is the Via header also automatically derived? Did you want to put in anything just to say Apache? I've put this into the do

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Daniel Kahn Gillmor
On 02/27/2013 12:36 PM, Kristian Fiskerstrand wrote: > Are the ServerAliases strictly necessary for a port binding to 11371? > Presumably you're not using canonical names to determine the service. > If the aliases really are necessary, keep in mind that some pools are > using a CNAME to pool.sks-ke

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/27/2013 09:08 PM, Stephan Seitz wrote: > Hi Phil, > >> If someone has a current good example of Apache config for this, >> we should add that too. > Hi Stephan, Are the ServerAliases strictly necessary for a port binding to 11371? Presumabl

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Stephan Seitz
Hi Phil, > If someone has a current good example of Apache config for this, we > should add that too. this is how my apache proxies requests to sks: ServerName MY-KEYSERVER-HOSTNAME ServerAlias pool.sks-keyservers.net ServerAlias *.pool.sks-keyservers.net Order deny

[Sks-devel] Peering wiki text updated

2013-02-26 Thread Phil Pennock
Daniel referring to the reverse proxy stuff as a best practice nudged me to take another look at the peering wiki page. I've emphasised the current stance of folks that this is a best practice, as backed by Daniel's stance, the impact of not doing so, and the sheer number of servers on