Gabor,
so, please call me Mr. Evil ;-)
A few weeks ago, I set up a simple Nginx load balancer (two lines with
https-portal[1]) statically seeded with the nodes that were in the pool
at that time for test purposes. It randomly returns the status page of
one of the backend servers, though, but that could be easily changed.
I wasn't as evil-minded to start faking a pool that would gradually
fake an increasing delta of keys against the "real" keys. Kudos for
that! ;-)
(The idea was triggered by the general unreliability of pool members. I
think we need to work on that. And also spam, trust, GDPR compliance,
and RTBF; but these are topics for a different thread.)
Greetings,
-Marcel
PS: Even if you are just load-balancing your own servers, you might
include the following line into your Nginx load balancer config
("non_idempotent" is fine, as even the POST requests that modify
anything, notably /pks/add, are in fact idempotent):
proxy_next_upstream error timeout http_500 http_502 http_503 http_504
http_404 http_429 non_idempotent;
[1] https://github.com/SteveLTN/https-portal
On Mon, 2021-03-22 at 21:08 +0100, Kiss Gabor (Bitman) wrote:
> One can decide to setup a proxy server without any own backend
> but redirecting queries to some of the existing servers.
> No one would recognize the cheating. :-)
>
> Gabor
> --
> "Virgil Brigman back on the air" (Abyss)
>
