Problem with gpg server

David Blaisonneau <david.blaisonneau@xxxxxxxxxxxxxxxxxx> · Fri, 10 Sep 2010 14:21:22 +0200

 Hi !

I am having trouble with my squid proxy: everything is ok, except 
fetching the gpg signature.
My proxy is behind another proxy and everything should go to through it. 
But with this request the proxy wants to go directly to the web server.

Can someone help me please ? I have burn all my neurones to solve this 
problem. Thanks a lot.

The following request does not work:

   server1:~# gpg --keyserver pgpkeys.mit.edu --recv-keys C514AF8E4BA401C3
   gpg: requesting key 4BA401C3 from hkp server pgpkeys.mit.edu
   gpg: keyserver timed out
   gpg: keyserver receive failed: keyserver error

The equivalent HTTP request is not working anymore:

   server1:~# wget
   'http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3'
   --2010-09-10 11:35:56--
   http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3
   Resolving myway... 192.168.100.2
   Connecting to myway|192.168.100.2|:3128... connected.
   Proxy request sent, awaiting response... 504 Gateway Time-out
   2010-09-10 11:38:55 ERROR 504: Gateway Time-out.

   Squid logs are:

   ==> /var/log/squid/access.log <==
   1284122031.432 180023 192.168.100.11 TCP_MISS/504 1529 GET
   http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3
   - DIRECT/18.9.60.141 text/html

   ==> /var/log/squid/store.log <==
   1284122031.432 RELEASE -1 FFFFFFFF 2CC990F7B7B5BDA236B4C689AF96F7CE 
   504 1284122031        -1 1284122031 text/html 1160/1160 GET
   http://pgpkeys.mit.edu:11371/pks/lookup?op=get&options=mr&search=0x4BA401C3

What makes me perplex is this result: without parameters the HTTP 
request is going out to the good way.

   server1:~# wget 'http://pgpkeys.mit.edu:11371
   --2010-09-10 13:51:48-- http://pgpkeys.mit.edu:11371/
   Resolving myway... 192.168.100.2
   Connecting to myway|192.168.100.2|:3128... connected.
   Proxy request sent, awaiting response... 200 OK
   Length: unspecified [text/html]
   Saving to: `index.html'

        [ <=>                                   ] 1,995       --.-K/s  
   in 0s

   2010-09-10 13:51:53 (105 MB/s) - `index.html' saved [1995]

   Squid logs are:

   ==> /var/log/squid/access.log <==
   1284121918.557    245 192.168.100.11 TCP_MISS/200 2300 GET
   http://pgpkeys.mit.edu:11371/ - FIRST_UP_PARENT/172.20.0.1 text/html

   ==> /var/log/squid/store.log <==
   1284121918.557 RELEASE -1 FFFFFFFF 3828411FC0C814608C64548487002F2D 
   200 1284118339        -1        -1 text/html -1/1995 GET
   http://pgpkeys.mit.edu:11371/

Here is my config:

   cache_mgr admin@xxxxxxxxxxxx

   visible_hostname mydomain.org

   acl localnet src 192.168.0.0/24
   acl localnet src 192.168.100.0/24
   acl localnet src 192.168.200.0/24
   acl adminNode src admin

   acl all src all
   acl manager proto cache_object
   acl localhost src 127.0.0.1/32
   acl to_localhost dst 127.0.0.0/8
   acl SSL_ports port 443          # https
   acl SSL_ports port 563          # snews
   acl SSL_ports port 873          # rsync
   acl Safe_ports port 80          # http
   acl Safe_ports port 21          # ftp
   acl Safe_ports port 443         # https
   acl Safe_ports port 70          # gopher
   acl Safe_ports port 210         # wais
   acl Safe_ports port 280         # http-mgmt
   acl Safe_ports port 488         # gss-http
   acl Safe_ports port 591         # filemaker
   acl Safe_ports port 777         # multiling http
   acl Safe_ports port 631         # cups
   acl Safe_ports port 873         # rsync
   acl Safe_ports port 901         # SWAT
   acl Safe_ports port 11371       # PGP keyservers -
   acl Safe_ports port 6667        # IRC -
   acl Safe_ports port 1935        # RTE
   acl Safe_ports port 2381        # HP SIM -
   acl Safe_ports port 5222        # Jabber -
   acl Safe_ports port 11371       # PGP keyservers -

   acl purge method PURGE
   acl CONNECT method CONNECT

   url_rewrite_program /usr/bin/squidGuard /etc/squid/squidGuard.conf
   url_rewrite_children 5

   cache_peer 172.20.0.1 parent 80 0 proxy-only no-query

   http_access allow purge localhost
   http_access deny purge
   http_access deny !Safe_ports
   http_access deny CONNECT !SSL_ports
   http_access deny to_localhost
   http_access allow localnet
   http_access allow localhost
   http_access deny all
   icp_access allow localnet
   icp_access allow localhost
   icp_access deny all

   http_port myway:3128 transparent

   hierarchy_stoplist cgi-bin ?
   access_log /var/log/squid/access.log squid
   refresh_pattern ^ftp:           1440    20%     10080
   refresh_pattern ^gopher:        1440    0%      1440
   refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
   refresh_pattern (Release|Package(.gz)*)$        0       20%     2880
   refresh_pattern .               0       20%     4320
   acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
   upgrade_http0.9 deny shoutcast
   acl apache rep_header Server ^Apache
   broken_vary_encoding allow apache
   extension_methods REPORT MERGE MKACTIVITY CHECKOUT
   hosts_file /etc/hosts
   coredump_dir /var/spool/squid

Thanks a lot.