On 04/24/2017 09:33 PM, Jonathon Weiss wrote: > Daniel, > > I'm pulling your questions into this thread, which I started before > seeing your mail: > > For reference, I can download this key without a problem. While I'm > topologically closer to pgp.mit.edu than you are, I believe the 1s > timeout should only count the time passing the info to Apache, not all > the way back to you (but please correct me if you think I'm wrong here). > If it is, in fact, taking more than 1s to transfer extremely large keys > from SKS to Apache, then I'm somewhat between a rock and a hard place > here. If you go back and try again now, are you still seeing the > problem?
Fwiw, I'm still seeing it. > > As noted, I dropped this timeout form 4s to 1s last week to deal with > the cascading failure described below. > > The reverse proxy is Apache, but it is SKS' wserver_timeout that is set > to 1s. > > Any thoughts and advice would be welcome here. I have a couple, but > they are either of dubious effectiveness, or relatively drastic / much > slower to implement. > One thing that springs to mind is multiple instances of SKS behind the reverse proxy to distribute the load (I run two instances myself - and that is for lesser load). Would just need separate key port and do local reconciliation only between them necessary , can make sure stats page (?op=stats) only reaches the primary so it exposes the external peers on the reverse proxy. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "My father used to say: ‘Don’t raise your voice, improve your argument.’" (Desmond Tutu)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
