{"id":16559826,"url":"https://github.com/ctubio/php-proxy-keyserver","last_synced_at":"2025-03-21T11:31:31.700Z","repository":{"id":32122028,"uuid":"35694533","full_name":"ctubio/php-proxy-keyserver","owner":"ctubio","description":"PHP proxy and extensible web interface forwarding standard HKP requests to a local or remote SKS OpenPGP Keyserver.","archived":false,"fork":false,"pushed_at":"2019-07-02T22:31:07.000Z","size":548,"stargazers_count":45,"open_issues_count":0,"forks_count":5,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-01T05:41:25.435Z","etag":null,"topics":["keyserver","openpgp-keyserver","pgp","proxy","sks"],"latest_commit_sha":null,"homepage":"https://pgp.key-server.io/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ctubio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING","funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-05-15T20:15:44.000Z","updated_at":"2024-03-05T12:36:58.000Z","dependencies_parsed_at":"2022-08-21T09:50:55.096Z","dependency_job_id":null,"html_url":"https://github.com/ctubio/php-proxy-keyserver","commit_stats":null,"previous_names":[],"tags_count":43,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctubio%2Fphp-proxy-keyserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctubio%2Fphp-proxy-keyserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctubio%2Fphp-proxy-keyserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctubio%2Fphp-proxy-keyserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ctubio","download_url":"https://codeload.github.com/ctubio/php-proxy-keyserver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244135898,"owners_count":20403797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keyserver","openpgp-keyserver","pgp","proxy","sks"],"created_at":"2024-10-11T20:27:10.294Z","updated_at":"2025-03-21T11:31:31.384Z","avatar_url":"https://github.com/ctubio.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Release](https://img.shields.io/packagist/vpre/ctubio/php-proxy-keyserver.svg?label=release)](https://packagist.org/packages/ctubio/php-proxy-keyserver)\n[![Platform License](https://img.shields.io/badge/platform-unix--like-lightgray.svg)](https://www.gnu.org/)\n[![Software License](https://img.shields.io/badge/license-MIT-111111.svg)](LICENSE)\n\nThese sources are happy serving public keys at https://pgp.key-server.io (check the [pool status](https://sks-keyservers.net/status/)!).\n\n[![Build Status](https://img.shields.io/travis/ctubio/php-proxy-keyserver/master.svg?label=test%20suite)](https://travis-ci.org/ctubio/php-proxy-keyserver)\n[![Coverage Status](https://img.shields.io/coveralls/ctubio/php-proxy-keyserver/master.svg?label=code%20coverage)](https://coveralls.io/r/ctubio/php-proxy-keyserver?branch=master)\n[![SensioLabsInsight](https://img.shields.io/sensiolabs/i/9f6e4b8d-d42a-4c74-9dc5-fba26399c373.svg)](https://insight.sensiolabs.com/projects/9f6e4b8d-d42a-4c74-9dc5-fba26399c373)\n[![Dependency Status](https://www.versioneye.com/user/projects/5562f9753664660019240200/badge.svg?style=flat)](https://www.versioneye.com/user/projects/5562f9753664660019240200)\n[![Open Issues](https://img.shields.io/github/issues/ctubio/php-proxy-keyserver.svg)](https://github.com/ctubio/php-proxy-keyserver/issues)\n\n### Main Features\n * Minimalistic php framework focused to extend and prettify the default web interface of a keyserver.\n * PHPize any request at any port for humans, but keep the original output for gpg/pool clients.\n * 8 skins (thank you folks!), but you can make your own (with dynamic php blocks or static html).\n * Optionally auto addition and validation of user submitted membership lines for new peers.\n * Optionally auto indent and validation of html pages before output html responses.\n * Meaningful (hope you like stack traces) error messages while developing skins/pages.\n * Webserver configs ready for apache2 or nginx (and tor hidden service and piwik tracker).\n * Load Balancer configs ready for haproxy (between PHP and HKP, or balance PHP too).\n * BOINC Status GUI RPC ready for display current assigned tasks on your server farm.\n * Or trash all *modern* features and stick with the great old plain html frontend (for historical purposes).\n\n### How to run your own SKS Keyserver with PHP and friends:\n```ini\n  $ # Check the latest sks version:\n  $ curl https://bitbucket.org/skskeyserver/sks-keyserver/raw/default/VERSION\n  $ # Check the available sks versions in your sources:\n  $ apt-cache policy sks\n  $ # Check your current sks version:\n  $ sks version\n  $ # Decide if you wanna download and compile the latest sks version.\n\n  $ # The README file have examples of configuration files for sks, nginx/apache, haproxy and tor.\n\n  $ # Check if your keyserver is up and running (in all machines):\n  $ netstat -anp | egrep --color 'sks'\n  tcp   0    0 0.0.0.0:11370                 0.0.0.0:*     LISTEN      8198/sks\n  tcp   0    0 127.0.0.1:11371               0.0.0.0:*     LISTEN      8197/sks\n  tcp6  0    0 :::11370                      :::*          LISTEN      8198/sks\n  unix  2    [ ACC ]    STREAM   LISTENING   29826   8197/sks   /var/lib/sks/db_com_sock\n  unix  2    [ ACC ]    STREAM   LISTENING   29835   8198/sks   /var/lib/sks/recon_com_sock\n  $ # If you don't see any output, please start the keyserver daemons with similar configs.\n\n  $ # Optionally, check if your load balancer is up and running (in primary machine):\n  $ netstat -anp | egrep --color 'haproxy'\n  tcp   0     0 0.0.0.0:11369                0.0.0.0:*     LISTEN      2438/haproxy\n  unix  2     [ ]       DGRAM                11553   2008/rsyslogd  /var/lib/haproxy/dev/log\n  unix  2     [ ]       DGRAM                12323   2438/haproxy\n  $ # Here port 11369 is used, but you are free to choose any other number if you wish.\n  $ # A load balancer isn't mandatory, unless you plan to generate daily keydumps.\n\n  $ # Optionally, check if your tor is up and running (in primary machine):\n  $ netstat -anp | egrep --color 'tor'\n  tcp   0    0 127.0.0.1:9050                0.0.0.0:*     LISTEN      11655/tor\n  unix  2    [ ACC ]   STREAM    LISTENING   53139133 11655/tor   /var/run/tor/control\n  unix  3    [ ]       STREAM    CONNECTED   53139131 11655/tor\n  unix  3    [ ]       STREAM    CONNECTED   53139130 11655/tor\n  $ # Here port 9050 is used, but you are free to choose any other number if you wish.\n  $ # A tor hidden service isn't mandatory, unless you plan to provide anonymity.\n\n  $ # Check if your webserver is up and running (in primary machine):\n  $ netstat -anp | egrep --color 'apache2|nginx'\n  tcp   0     0    10.10.10.2:11371          0.0.0.0:*     LISTEN      3197/apache2\n  tcp   0     0    10.10.10.2:80             0.0.0.0:*     LISTEN      3197/apache2\n  tcp   0     0    10.10.10.2:443            0.0.0.0:*     LISTEN      3197/apache2\n  tcp6  0     0    2607:f298:6050:6f:11371   :::*          LISTEN      9647/apache2\n  tcp6  0     0    2607:f298:6050:6f81::80   :::*          LISTEN      9647/apache2\n  tcp6  0     0    2607:f298:6050:6f81:443   :::*          LISTEN      9647/apache2\n  $ # The 4th column may be your own public IPs of your virtual machine/server.\n  $ # If you don't see any output, please start the webserver daemon with similar configs.\n\n  $ # Download and compose the php proxy and the extensible web interface between them:\n  $ cd /var/www\n  $ mkdir your.domain.name\n  $ cd your.domain.name\n  $ composer self-update\n  $ composer create-project ctubio/php-proxy-keyserver . --keep-vcs\n  $ make config\n  $ make help\n  $ # All done, thank you!\n\n  $ # Validate if your website can search/retrieve/submit pgp public keys.\n  $ # Validate if your keyserver works using the command line tool gpg (or others).\n  $ # Import the most recent database dump, and use the mailing list to find peers.\n  $ # Please, feel free to extend or customize as you need the web interface!\n```\n\n### Troubleshooting\n\n##### Common Installation Problems:\n```\n-bash: composer: command not found\n```\nto fix it, see https://getcomposer.org/doc/00-intro.md#installation-linux-unix-osx\n\n##### Silly Winny Problems:\n```\n'make' is not recognized as an internal or external command\n```\nto fix it, see http://gnuwin32.sourceforge.net/packages/make.htm\n\n### What if..\n\n##### ..i want to make a skin?\nrun the following command to create a new skin (using ```skin/default``` as a base, or any other), and if you would like to share it, please read the [CONTRIBUTING](CONTRIBUTING) file:\n```\n$ cp -r skin/default skin/new-skin\n```\n\n##### ..i want documentation about the available methods in ```skin/*.phtml``` files?\nYes Sir/Milady, please make use of ```$this``` 3 built-in methods from any phtml file:\n```php\n# get any value from etc/php-proxy-keyserver.ini\nstring $this-\u003egetConfig(string $option);\n# (you can add new options to the config file as you need)\n# for example:\necho $this-\u003egetConfig('hkp_load_balanced_addr'); # may print 127.0.0.1\necho $this-\u003egetConfig('custom_var');             # may print custom_value\n```\n\n```php\n# get any block form skin/blocks/*\nstring $this-\u003egetBlock(string $block);\n# (you can get blocks from any depth in the path)\n# for example:\necho $this-\u003egetBlock('gnu_inside');       # parse and print skin/block/gnu_inside.phtml\necho $this-\u003egetBlock('happy/gnu_inside'); # parse and print skin/block/happy/gnu_inside.phtml\n```\n\n```php\n# get any page form skin/page/*\nstring $this-\u003egetPage([string $page]);\n# (useful in the layout, or to show some page in the footer of all pages?)\n# for example:\necho $this-\u003egetPage();            # parse and print the current page based on http request\necho $this-\u003egetPage('index');     # parse and print page/index.phtml\necho $this-\u003egetPage('path/file'); # parse and print path/file.phtml\n```\n\n##### ..i don't want to use php?\nthe ```skin/default``` uses a php layout to build the given page with blocks. But if you would like to use only html files or any other static format, please see the source of [skin/pgpkeyserver-lite](https://github.com/mattrude/pgpkeyserver-lite) or [skin/XHTML+ES](https://github.com/ctubio/sks-keyserver-sampleWeb-XHTML-ES) as examples.\n\n##### ..i want to make a skin for the community but without run my own keyserver?\nfeel free to use my keyserver for your development, the address is ```pgp.key-server.io``` (see the answer below).\n\n##### ..my server is just a webserver?\nthe keyserver may be provided by another different server, if that is your case, please edit ```etc/php-proxy-keyserver.ini``` and customize the value of ```hkp_load_balanced_addr``` to match the address of the keyserver.\n\n##### ..i want to upgrade to a new version of php-proxy-keyserver?\nplease run the following commands (using v1.2.3 as an example):\n```bash\n $ git fetch;           # see the available new versions in the output\n $ git checkout v1.2.3; # upgrade to v1.2.3\n```\nor you can revert back to a previous version with:\n```bash\n $ git checkout v1.2.2; # downgrade back to v1.2.2\n```\n\n##### ..my keyserver is not an instance of ```sks```?\nthe php proxy will work with any keyserver as long as it is based on the [OpenPGP HTTP Keyserver Protocol (HKP)](http://ietfreport.isoc.org/all-ids/draft-shaw-openpgp-hkp-00.txt).\n\n##### ..i would like to see some sks configs:\nplease take this as an example:\n```\n# debuglevel 3 is default (max. debuglevel is 10)\nbasedir:            /var/lib/sks\ndebuglevel:         3\nhostname:           your.domain.name\nnodename:           your.node.name\nhkp_port:           11371\nhkp_address:        127.0.0.1\nrecon_port:         11370\n#recon_address:     127.0.0.1\n#\nserver_contact:\t\t\t0xYOUR64BITKEYID\nfrom_addr:\t\t\t    pgp-public-keys@hostname\nsendmail_cmd:\t\t  \t/usr/sbin/sendmail -t -oi\ninitial_stat:\ndisable_mailsync:\nmembership_reload_interval: 21\nstat_hour:          21\n#\n# set DB file pagesize as recommended by db_tuner\n# pagesize is (n * 512) bytes\n# NOTE: These must be set _BEFORE_ [fast]build \u0026 pbuild and remain set\n# for the life of the database files. To change a value requires recreating\n# the database from a dump\n#\n# KDB/key\t\t65536\npagesize: 1        28\n#\n# KDB/keyid\t\t     32768\nkeyid_pagesize:    64\n#\n# KDB/meta\t    \t 512\nmeta_pagesize:     1\n# KDB/subkeyid\t\t 65536\nsubkeyid_pagesize: 128\n#\n# KDB/time\t    \t 65536\ntime_pagesize:     128\n#\n# KDB/tqueue\t\t   512\ntqueue_pagesize:   1\n#\n# KDB/word - db_tuner suggests 512 bytes. This locked the build process\n# Better to use a default of 8 (4096 bytes) for now\nword_pagesize:\t\t 8\n#\n# PTree/ptree\t\t   4096\nptree_pagesize:    8\n```\n\n##### ..i would like to see some tor configs:\nplease take this as an example, where you should replace the keyword ```YOUR.PUBLIC.IPv4```.\n\nEnable Tor Hidden Service for SKS:\n```\nDataDirectory /var/lib/tor\nHiddenServiceDir /var/lib/tor/hidden_service/\nHiddenServicePort 11371 YOUR.PUBLIC.IPv4:11371\nHiddenServicePort 80    YOUR.PUBLIC.IPv4:80\nHiddenServicePort 443   YOUR.PUBLIC.IPv4:443\n```\n\n##### ..i would like to see some haproxy configs:\nhere is a basic setup for a network (see the output of netstat command at the top of the README file) with a single ```apache2``` running a single ```php-proxy-keyserver``` that forwards hkp request to a single ```haproxy``` to balance the load of multiple redundant ```sks``` keyservers (the objective here is to avoid the downtimes while making daily keydumps, additionaly you can put the webserver behind another load balancing setup, ofcourse):\n```\nglobal\n  log /dev/log local0\n  log /dev/log local1 notice\n  chroot /var/lib/haproxy\n  maxconn 4096\n  user  haproxy\n  group haproxy\n  daemon\n\ndefaults\n  log     global\n  mode    http\n  option  httplog\n  option  dontlognull\n  option  http-server-close\n  option  forwardfor\n  timeout connect 5000\n  timeout client  50000\n  timeout server  50000\n  retries 2\n  option  redispatch\n  stats enable\n  stats hide-version\n  stats uri /haproxy\n  errorfile 400 /etc/haproxy/errors/400.http\n  errorfile 403 /etc/haproxy/errors/403.http\n  errorfile 408 /etc/haproxy/errors/408.http\n  errorfile 500 /etc/haproxy/errors/500.http\n  errorfile 502 /etc/haproxy/errors/502.http\n  errorfile 503 /etc/haproxy/errors/503.http\n  errorfile 504 /etc/haproxy/errors/504.http\n\nlisten php-proxy-keyserver *:11369\n  balance leastconn\n  server carles.tubio.sks-database_0 127.0.0.1:11371 check\n  server carles.tubio.sks-database_1 10.10.10.21:11371 check\n  server carles.tubio.sks-database_2 10.10.10.22:11371 check\n  server carles.tubio.sks-database_3 10.10.10.23:11371 check\n```\n\n##### ..i would like to see some nginx configs:\nplease take this files as an examples, where you should replace the keywords ```YOUR.PUBLIC.IPv4```, ```YOUR.PUBLIC.IPv6``` and ```YOUR.DOMAIN.NAME```.\n\nEnable support for standard HKP, HTTP and HTTTPS requests:\n```\nserver {\n        listen   YOUR.PUBLIC.IPv4:80;\n        listen   [YOUR.PUBLIC.IPv6]:80;\n        listen   YOUR.PUBLIC.IPv4:443 ssl;\n        listen   [YOUR.PUBLIC.IPv6]:443 ssl;\n        server_name www.YOUR.DOMAIN.NAME;\n        rewrite ^ $scheme://YOUR.DOMAIN.NAME$uri permanent;\n        ssl_certificate /etc/nginx/keys/YOUR.DOMAIN.NAME.crt;\n        ssl_certificate_key /etc/nginx/keys/YOUR.DOMAIN.NAME.key;\n        ssl_session_timeout 5m;\n        ssl_protocols SSLv3 TLSv1.2;\n        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;\n        ssl_prefer_server_ciphers on;\n}\n\nserver {\n        listen   YOUR.PUBLIC.IPv4:80;\n        listen   [YOUR.PUBLIC.IPv6]:80;\n        listen   YOUR.PUBLIC.IPv4:11371;\n        listen   [YOUR.PUBLIC.IPv6]:11371;\n        listen   YOUR.PUBLIC.IPv4:443 ssl;\n        listen   [YOUR.PUBLIC.IPv6]:443 ssl;\n\n        root /var/www/YOUR.DOMAIN.NAME/pub;\n        index php-proxy-keyserver.php;\n\n        disable_symlinks off;\n\n        server_name YOUR.DOMAIN.NAME pool.sks-keyservers.net *.pool.sks-keyservers.net;\n\n        location /dump {\n         autoindex on;\n         add_before_body /dump/.css;\n        }\n\n        location / {\n         try_files $uri $uri/ /php-proxy-keyserver.php?$query_string;\n        }\n\n        location ~ \\.php$ {\n         fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n         fastcgi_pass unix:/var/run/php5-fpm.sock;\n         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n         include fastcgi_params;\n        }\n\n        location ~ /\\.ht {\n         deny all;\n        }\n\n        ssl_certificate /etc/nginx/keys/YOUR.DOMAIN.NAME.crt;\n        ssl_certificate_key /etc/nginx/keys/YOUR.DOMAIN.NAME.key;\n        ssl_session_timeout 5m;\n        ssl_protocols SSLv3 TLSv1.2;\n        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;\n        ssl_prefer_server_ciphers on;\n}\n```\n##### ..i would like to see some apache2 configs:\nplease take this files as an examples, where you should replace the keywords ```YOUR.PUBLIC.IPv4```, ```YOUR.PUBLIC.IPv6``` and ```YOUR.DOMAIN.NAME```.\n\nEnable support for standard HKP requests:\n```\nListen YOUR.PUBLIC.IPv4:11371\nNameVirtualHost YOUR.PUBLIC.IPv4:11371\nListen [YOUR.PUBLIC.IPv6]:11371\nNameVirtualHost [YOUR.PUBLIC.IPv6]:11371\n\u003cVirtualHost YOUR.PUBLIC.IPv4:11371 [YOUR.PUBLIC.IPv6]:11371\u003e\n  ServerAdmin webmaster@localhost\n  ServerName www.YOUR.DOMAIN.NAME\n  ServerAlias YOUR.DOMAIN.NAME\n  DocumentRoot /var/www/YOUR.DOMAIN.NAME/pub\n  RewriteEngine on\n  RewriteCond %{HTTP_HOST}  =www.YOUR.DOMAIN.NAME       [NC]\n  RewriteRule ^(.*)         http://YOUR.DOMAIN.NAME$1  [R=301,NE]\n  RewriteRule ^(.*)$ /php-proxy-keyserver.php?$1 [QSA,L]\n\t\u003cDirectory /\u003e\n\t\tOptions FollowSymLinks\n\t\tAllowOverride None\n\t\u003c/Directory\u003e\n\t\u003cDirectory /var/www/YOUR.DOMAIN.NAME/pub\u003e\n\t\tOptions Indexes FollowSymLinks MultiViews\n\t\tAllowOverride All\n\t\tOrder allow,deny\n\t\tallow from all\n\t\u003c/Directory\u003e\n\n\tScriptAlias /cgi-bin/ /usr/lib/cgi-bin/\n\t\u003cDirectory \"/usr/lib/cgi-bin\"\u003e\n\t\tAllowOverride None\n\t\tOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatch\n\t\tOrder allow,deny\n\t\tAllow from all\n\t\u003c/Directory\u003e\n\n\tErrorLog ${APACHE_LOG_DIR}/error.log\n\n\t# Possible values include: debug, info, notice, warn, error, crit,\n\t# alert, emerg.\n\tLogLevel warn\n\n\tCustomLog ${APACHE_LOG_DIR}/access.log combined\n\u003c/VirtualHost\u003e\n```\nEnable support for HTTP requests:\n```\nListen YOUR.PUBLIC.IPv4:80\nNameVirtualHost YOUR.PUBLIC.IPv4:80\nListen [YOUR.PUBLIC.IPv6]:80\nNameVirtualHost [YOUR.PUBLIC.IPv6]:80\n\u003cVirtualHost YOUR.PUBLIC.IPv4:80 [YOUR.PUBLIC.IPv6]:80\u003e\n  ServerAdmin webmaster@localhost\n  ServerName www.YOUR.DOMAIN.NAME\n  ServerAlias YOUR.DOMAIN.NAME pool.sks-keyservers.net *.pool.sks-keyservers.net\n  DocumentRoot /var/www/YOUR.DOMAIN.NAME/pub\n  RewriteEngine on\n  RewriteCond %{HTTP_HOST}  =www.YOUR.DOMAIN.NAME       [NC]\n  RewriteRule ^(.*)         http://YOUR.DOMAIN.NAME$1  [R=301,NE]\n  RewriteRule ^(.*)$ /php-proxy-keyserver.php?$1 [QSA,L]\n\t\u003cDirectory /\u003e\n\t\tOptions FollowSymLinks\n\t\tAllowOverride None\n\t\u003c/Directory\u003e\n\t\u003cDirectory /var/www/YOUR.DOMAIN.NAME/pub\u003e\n\t\tOptions Indexes FollowSymLinks MultiViews\n\t\tAllowOverride All\n\t\tOrder allow,deny\n\t\tallow from all\n\t\u003c/Directory\u003e\n\n\tScriptAlias /cgi-bin/ /usr/lib/cgi-bin/\n\t\u003cDirectory \"/usr/lib/cgi-bin\"\u003e\n\t\tAllowOverride None\n\t\tOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatch\n\t\tOrder allow,deny\n\t\tAllow from all\n\t\u003c/Directory\u003e\n\n\tErrorLog ${APACHE_LOG_DIR}/error.log\n\n\t# Possible values include: debug, info, notice, warn, error, crit,\n\t# alert, emerg.\n\tLogLevel warn\n\n\tCustomLog ${APACHE_LOG_DIR}/access.log combined\n\u003c/VirtualHost\u003e\n```\nEnable support for HTTPS requests:\n```\n\u003cIfModule mod_ssl.c\u003e\nListen YOUR.PUBLIC.IPv4:443\nNameVirtualHost YOUR.PUBLIC.IPv4:443\nListen [YOUR.PUBLIC.IPv6]:443\nNameVirtualHost [YOUR.PUBLIC.IPv6]:443\n\u003cVirtualHost YOUR.PUBLIC.IPv4:443 [YOUR.PUBLIC.IPv6]:443\u003e\n  ServerAdmin webmaster@localhost\n  ServerName www.YOUR.DOMAIN.NAME\n  ServerAlias YOUR.DOMAIN.NAME\n  RewriteEngine on\n  RewriteCond %{HTTP_HOST}  =www.YOUR.DOMAIN.NAME       [NC]\n  RewriteRule ^(.*)         https://YOUR.DOMAIN.NAME$1  [R=301,NE]\n  RewriteRule ^(.*)$ /php-proxy-keyserver.php?$1 [QSA,L]\n\tDocumentRoot /var/www/YOUR.DOMAIN.NAME/pub\n\t\u003cDirectory /\u003e\n\t\tOptions FollowSymLinks\n\t\tAllowOverride None\n\t\u003c/Directory\u003e\n\t\u003cDirectory /var/www/YOUR.DOMAIN.NAME/pub\u003e\n\t\tOptions Indexes FollowSymLinks MultiViews\n\t\tAllowOverride All\n\t\tOrder allow,deny\n\t\tallow from all\n\t\u003c/Directory\u003e\n\n\tScriptAlias /cgi-bin/ /usr/lib/cgi-bin/\n\t\u003cDirectory \"/usr/lib/cgi-bin\"\u003e\n\t\tAllowOverride None\n\t\tOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatch\n\t\tOrder allow,deny\n\t\tAllow from all\n\t\u003c/Directory\u003e\n\n\tErrorLog ${APACHE_LOG_DIR}/error.log\n\n\t# Possible values include: debug, info, notice, warn, error, crit,\n\t# alert, emerg.\n\tLogLevel warn\n\n\tCustomLog ${APACHE_LOG_DIR}/ssl_access.log combined\n\n\t#   SSL Engine Switch:\n\t#   Enable/Disable SSL for this virtual host.\n\tSSLEngine on\n\n\t#   A self-signed (snakeoil) certificate can be created by installing\n\t#   the ssl-cert package. See\n\t#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.\n\t#   If both key and certificate are stored in the same file, only the\n\t#   SSLCertificateFile directive is needed.\n\tSSLCertificateFile  /etc/apache2/keys/YOUR.DOMAIN.NAME.crt\n\tSSLCertificateKeyFile  /etc/apache2/keys/YOUR.DOMAIN.NAME.key\n\n\t#   Server Certificate Chain:\n\t#   Point SSLCertificateChainFile at a file containing the\n\t#   concatenation of PEM encoded CA certificates which form the\n\t#   certificate chain for the server certificate. Alternatively\n\t#   the referenced file can be the same as SSLCertificateFile\n\t#   when the CA certificates are directly appended to the server\n\t#   certificate for convinience.\n\t#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt\n\tSSLCertificateChainFile  /etc/apache2/keys/YOUR.DOMAIN.NAME.int\n\n\t#   Certificate Authority (CA):\n\t#   Set the CA certificate verification path where to find CA\n\t#   certificates for client authentication or alternatively one\n\t#   huge file containing all of them (file must be PEM encoded)\n\t#   Note: Inside SSLCACertificatePath you need hash symlinks\n\t#         to point to the certificate files. Use the provided\n\t#         Makefile to update the hash symlinks after changes.\n\t#SSLCACertificatePath /etc/ssl/certs/\n\t#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt\n\n\t#   Certificate Revocation Lists (CRL):\n\t#   Set the CA revocation path where to find CA CRLs for client\n\t#   authentication or alternatively one huge file containing all\n\t#   of them (file must be PEM encoded)\n\t#   Note: Inside SSLCARevocationPath you need hash symlinks\n\t#         to point to the certificate files. Use the provided\n\t#         Makefile to update the hash symlinks after changes.\n\t#SSLCARevocationPath /etc/apache2/ssl.crl/\n\t#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl\n\n\t#   Client Authentication (Type):\n\t#   Client certificate verification type and depth.  Types are\n\t#   none, optional, require and optional_no_ca.  Depth is a\n\t#   number which specifies how deeply to verify the certificate\n\t#   issuer chain before deciding the certificate is not valid.\n\t#SSLVerifyClient require\n\t#SSLVerifyDepth  10\n\n\t#   Access Control:\n\t#   With SSLRequire you can do per-directory access control based\n\t#   on arbitrary complex boolean expressions containing server\n\t#   variable checks and other lookup directives.  The syntax is a\n\t#   mixture between C and Perl.  See the mod_ssl documentation\n\t#   for more details.\n\t#\u003cLocation /\u003e\n\t#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \\\n\t#            and %{SSL_CLIENT_S_DN_O} eq \"Snake Oil, Ltd.\" \\\n\t#            and %{SSL_CLIENT_S_DN_OU} in {\"Staff\", \"CA\", \"Dev\"} \\\n\t#            and %{TIME_WDAY} \u003e= 1 and %{TIME_WDAY} \u003c= 5 \\\n\t#            and %{TIME_HOUR} \u003e= 8 and %{TIME_HOUR} \u003c= 20       ) \\\n\t#           or %{REMOTE_ADDR} =~ m/^192\\.76\\.162\\.[0-9]+$/\n\t#\u003c/Location\u003e\n\n\t#   SSL Engine Options:\n\t#   Set various options for the SSL engine.\n\t#   o FakeBasicAuth:\n\t#     Translate the client X.509 into a Basic Authorisation.  This means that\n\t#     the standard Auth/DBMAuth methods can be used for access control.  The\n\t#     user name is the `one line' version of the client's X.509 certificate.\n\t#     Note that no password is obtained from the user. Every entry in the user\n\t#     file needs this password: `xxj31ZMTZzkVA'.\n\t#   o ExportCertData:\n\t#     This exports two additional environment variables: SSL_CLIENT_CERT and\n\t#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the\n\t#     server (always existing) and the client (only existing when client\n\t#     authentication is used). This can be used to import the certificates\n\t#     into CGI scripts.\n\t#   o StdEnvVars:\n\t#     This exports the standard SSL/TLS related `SSL_*' environment variables.\n\t#     Per default this exportation is switched off for performance reasons,\n\t#     because the extraction step is an expensive operation and is usually\n\t#     useless for serving static content. So one usually enables the\n\t#     exportation for CGI and SSI requests only.\n\t#   o StrictRequire:\n\t#     This denies access when \"SSLRequireSSL\" or \"SSLRequire\" applied even\n\t#     under a \"Satisfy any\" situation, i.e. when it applies access is denied\n\t#     and no other module can change it.\n\t#   o OptRenegotiate:\n\t#     This enables optimized SSL connection renegotiation handling when SSL\n\t#     directives are used in per-directory context.\n\t#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire\n\t\u003cFilesMatch \"\\.(cgi|shtml|phtml|php)$\"\u003e\n\t\tSSLOptions +StdEnvVars\n\t\u003c/FilesMatch\u003e\n\t\u003cDirectory /usr/lib/cgi-bin\u003e\n\t\tSSLOptions +StdEnvVars\n\t\u003c/Directory\u003e\n\n\t#   SSL Protocol Adjustments:\n\t#   The safe and default but still SSL/TLS standard compliant shutdown\n\t#   approach is that mod_ssl sends the close notify alert but doesn't wait for\n\t#   the close notify alert from client. When you need a different shutdown\n\t#   approach you can use one of the following variables:\n\t#   o ssl-unclean-shutdown:\n\t#     This forces an unclean shutdown when the connection is closed, i.e. no\n\t#     SSL close notify alert is send or allowed to received.  This violates\n\t#     the SSL/TLS standard but is needed for some brain-dead browsers. Use\n\t#     this when you receive I/O errors because of the standard approach where\n\t#     mod_ssl sends the close notify alert.\n\t#   o ssl-accurate-shutdown:\n\t#     This forces an accurate shutdown when the connection is closed, i.e. a\n\t#     SSL close notify alert is send and mod_ssl waits for the close notify\n\t#     alert of the client. This is 100% SSL/TLS standard compliant, but in\n\t#     practice often causes hanging connections with brain-dead browsers. Use\n\t#     this only for browsers where you know that their SSL implementation\n\t#     works correctly.\n\t#   Notice: Most problems of broken clients are also related to the HTTP\n\t#   keep-alive facility, so you usually additionally want to disable\n\t#   keep-alive for those clients, too. Use variable \"nokeepalive\" for this.\n\t#   Similarly, one has to force some clients to use HTTP/1.0 to workaround\n\t#   their broken HTTP/1.1 implementation. Use variables \"downgrade-1.0\" and\n\t#   \"force-response-1.0\" for this.\n\tBrowserMatch \"MSIE [2-6]\" \\\n\t\tnokeepalive ssl-unclean-shutdown \\\n\t\tdowngrade-1.0 force-response-1.0\n\t# MSIE 7 and newer should be able to use keepalive\n\tBrowserMatch \"MSIE [17-9]\" ssl-unclean-shutdown\n\n\u003c/VirtualHost\u003e\n\u003c/IfModule\u003e\n```\n\n##### ..i really don't want a keyserver, but a webserver that uses ```gpg``` locally to answer the request?\nhey, the other day i found https://github.com/remko/phkp, hope it helps!\n\n### Very special thanks to:\n- https://bitbucket.org/skskeyserver/sks-keyserver\n- https://keyserver.mattrude.com\n- https://pgp.mit.edu\n- https://sks-keyservers.net\n- https://github.com/jenssegers/php-proxy\n- https://getcomposer.org/\n- https://www.gnu.org/software/make/manual/make.html\n- https://git-scm.com/book\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctubio%2Fphp-proxy-keyserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fctubio%2Fphp-proxy-keyserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctubio%2Fphp-proxy-keyserver/lists"}