On 03/19/2012 07:38 AM, Kristian Fiskerstrand wrote:
On 19.03.2012 02:25, Daniel Kahn Gillmor wrote:
So my nginx configuration stanzas are:
Thank you for the recommendation and the configuration example.
keys.kfwebs.net should be running a similar setup now on both IPv4 and
IPv6.
Thanks for doing that, Kristian!
Have you given any thought to my recommendation for pool operators?
Any round-robin pools that have "high-availability" among their goals
should probably limit themselves to SKS installations using a similar
HTTP reverse proxy.
A simple test might be to retrieve the Server: header from the HTTP
response to a GET http://$keyserver/ -- if Server: contains sks_www,
it's probably not a reverse proxy. keys.mayfirst.org shows Server:
nginx now. Any other suggested mechanisms to detect this?
If there was an ha-pool.sks-keyservers.net , i would be very happy to
use it instead of pool.sks-keyservers.net. Or should
pool.sks-keyservers.net do that high-availability filtering directly?
--dkg
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel