Re: [Sks-devel] sks nginx config

Thu, 26 Jul 2012 21:06:13 -0700 

On 2012-07-26 at 09:40 -0400, Phil Benchoff wrote:
> server {
>     listen ...
>     root /your/keyserver/web;
>     location /pks {
>       proxy_pass http://localhost:11371/pks;
>       add_header Via "1.1 keyserver.example.com";
>     }
> }
> 
> I don't have a good setup to fully test this config, but at least the
> location /pks part works.

Hrm, for full compliance with HTTP, we really need:
  proxy_pass_header  Server;

Now, doing this breaks the current pool checks, because the Server:
header goes back to being "sks_www".  I've made the change anyway, so
sks.spodhuis.org will drop out of "proxy" pools until the pool
definitions change.

I'm assuming that Kristian will change his pool to accept presence of a
Via: header as a sign of a proxy.  :)

I debated with myself as to whether the Via header should be "1.1"
(implying "http/1.1") or if it should be "hkp/something"; I decided that
since the proxy itself is only aware of http, I should leave it at that.


< HTTP/1.1 200 OK
< Date: Fri, 27 Jul 2012 03:56:32 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 155170
< Connection: keep-alive
< Server: sks_www/1.1.3
< Via: 1.1 sks.spodhuis.org:11371 (nginx)

Here are two example server blocks which I have:

    server {
        listen      94.142.241.93:11371;
        listen      [2a02:898:31:0:48:4558:73:6b73]:11371;
        access_log  off;
        location / {
            proxy_pass         http://127.0.0.1:11371;
            proxy_pass_header  Server;
            add_header         Via "1.1 sks.spodhuis.org:11371 (nginx)";
        }
    }

    server {
        listen      94.142.241.93:80;
        listen      [2a02:898:31:0:48:4558:73:6b73]:80;
        server_name sks.spodhuis.org;

        access_log  /var/log/nginx/sks-access.log  combined;

        location / {
            root    /www/sites/sks.spodhuis.org/content;
            index   index.html;
        }

        location ~ /\. {
            deny  all;
        }

        location /pks {
            proxy_pass         http://127.0.0.1:11371;
            proxy_pass_header  Server;
            add_header         Via "1.1 sks.spodhuis.org:80 (nginx)";
        }

        location /sks-peers {
            include uwsgi_params;
            uwsgi_pass sks_peers_app;
            uwsgi_param SCRIPT_NAME /sks-peers;
            uwsgi_modifier1 30;
        }
    }

Attachment: pgpizCueoDTMi.pgp
Description: PGP signature

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to