Hi Andrew, Thank you for your reply!
Be careful to set the correct BEHIND* variables in haproxy, and that Caddy populates X-Forwarded-For -- otherwise haproxy may tarpit your entire Caddy instance. This is a commonly-encountered gotcha in the haproxy configuration. If you need help, please ask. :-)
Thanks for the advice! I believe I have done the right thing. Haproxy handles :11371 directly and only HAP_BEHIND_PROXY_EXCEPT_HKP is set to true. In haproxy's logs I can see the X-Forwarded-For header being set to the visitor's IP.
It’s not a good idea to use the `master` branch in production, you should instead build from the current support branch `branch-2.2`.
I have switched to it after I sent the original email and realized that the version number is a `git describe --long`.
Apologies, I see now that it is already running version 2.2.2. Please ignore my hasty admonition…!
No worries! The SKS network is a delicate piece of infrastructure and it's better to be safe early than sorry afterwards.
Once you have the latest branch-2.2 running, you can add the pgpkeys.eu nodes as follows: (config file omitted)
I have added the configs and it's live on my server now. Thank you again for adding me.
Etaoin
OpenPGP_signature.asc
Description: OpenPGP digital signature
