Re: Looking for Hockeypuck/SKS peers

[Max Weiss]

I have modified my setup to be highly available. Please ignore the 
domain in my previous message, since it now round-robins between my 
three HA servers, which you should use instead:

# Max Weiss <m...@maxweiss.io>
# 0xE8B26E04C57C1280F83FAFA0C752F3B9871F2ADF
[hockeypuck.conflux.recon.partner.keyserver1_maxweiss_io]
httpAddr="keyserver1.maxweiss.io:11371"
reconAddr="keyserver1.maxweiss.io:11370"
# Max Weiss <m...@maxweiss.io>
# 0xE8B26E04C57C1280F83FAFA0C752F3B9871F2ADF
[hockeypuck.conflux.recon.partner.keyserver2_maxweiss_io]
httpAddr="keyserver2.maxweiss.io:11371"
reconAddr="keyserver2.maxweiss.io:11370"

# Max Weiss <m...@maxweiss.io>
# 0xE8B26E04C57C1280F83FAFA0C752F3B9871F2ADF
[hockeypuck.conflux.recon.partner.keyserver3_maxweiss_io]
httpAddr="keyserver3.maxweiss.io:11371"
reconAddr="keyserver3.maxweiss.io:11370"



On 2023-10-09 12:03 pm, Max Weiss wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello all, I was hoping I could get some Hockeypuck SKS peers. I run a
hockeypuck server at "keyserver.maxweiss.io" which was not peering for 
the
past several months because I didn't check in on it and didn't know 
about the
flood attack.

I have moved it from my old single-server to a self-managed kubernetes
cluster, so the FQDN resolves to four new nodes now. I have also 
started
from scratch in order to clean up the bad/flood keys, and I have 
implemented
the HAProxy recommendations in front of ports 80,443,11371. 80 and 443 
go
through my Traefik reverse proxy before hitting HAProxy, and 80 gets a
301 redirect to https (so it never really hits HAProxy). 11371 bypasses
Traefik and goes directly to HAProxy. 11370 goes through Traefik before
hitting the hockeypuck pod, so that I can add IP whitelisting via 
Traefik,
which I currently haven't done, but may in the future if 11370 starts 
getting
dos'd or otherwise attacked.

I have loaded a key dump from Sep. 25, so I'm a few weeks out of date, 
but
still have ~657k keys loaded.

I am hoping to add as many peers as I can to ensure that I stay 
up-to-date,
now that I have HAProxy setup and the ability to whitelist peers on 
11370.

Thanks so much!

# Max Weiss <m...@maxweiss.io>
# 0xE8B26E04C57C1280F83FAFA0C752F3B9871F2ADF
[hockeypuck.conflux.recon.partner.keyserver_maxweiss_io]
httpAddr="keyserver.maxweiss.io:11371"
reconAddr="keyserver.maxweiss.io:11370"

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQTosm4ExXwSgPg/r6DHUvO5hx8q3wUCZSROAAAKCRDHUvO5hx8q
38X4AP0ShaWNLM8PqSR/1QWiq7omXZH0ZG+aJwV1LRIEqC3dkwEA57Oxz1N1+MEA
398t5OPnFQDXSnMnOwWJop0LarWZUgc=
=ESO2
-----END PGP SIGNATURE-----