Making SKS available on port 80 with nginx

Posted: Sat, 30 July 2011 | permalink | No comments

Being the conscientious sysadmin that I am1, I happened to be looking in my nginx error logs today and noticed a few requests for slightly funny-looking URLs pointed at the hostname pool.sks-keyservers.net. This isn’t as strange as it sounds, given that I run a server that is part of the Synchronising Keyserver network.

Typically, clients connect to the pool using the HKP protocol, a bastard variant of HTTP that runs on port 11371. However it appears that some people hit the pool using port 80, and so I decided to help them out a little by adding a vhost to nginx that will do the right thing for those people and point them to the keyserver.

It turned out to be surprisingly easy; my vhost config, in it’s entireity, is as follows:

upstream sks {
    server 127.0.0.1:11371;
}

server {
    listen 80;
    listen [::]:80;

    server_name sks.hezmatt.org pool.sks-keyservers.net;

    access_log /var/log/nginx/sites/sks.hezmatt.org/access.log;
    error_log /var/log/nginx/sites/sks.hezmatt.org/error.log;

    root /usr/share/empty;

    location / {
        proxy_pass http://sks;
    }
}

A couple of things to note:

Hopefully this spurs a few more people to make the SKS pool a bit more user friendly. The person who had a wide-open PBX management console on port 80 should definitely implement this, before someone naughty finds it.

  1. Actually, I was bored. It’s the same thing though, really.


Post a comment

All comments are held for moderation; markdown formatting accepted.

This is a honeypot form. Do not use this form unless you want to get your IP address blacklisted. Use the second form below for comments.
Name: (required)
E-mail: (required, not published)
Website: (optional)
Name: (required)
E-mail: (required, not published)
Website: (optional)