SOLVED Where to install web key directory configuration in Apache?

kkarsten62

Member
May 13, 2016
7
1
53
Germany
cPanel Access Level
Website Owner
Hi,

I would like to add the following section to Apache configuration in order to establish Web Key Directory (WKD) services for easy providing my GnuPG keys. I never did Apache configuration before so I would like to be sure to do it right.

Code:
## WEB KEY DIRECTORY ##
<Directory "/.well-known/openpgpkey">
   <IfModule mod_mime.c>
      ForceType application/octet-stream
      Header always set Access-Control-Allow-Origin "*"
   </IfModule>
</Directory>
How to do this by using WHM?

Many thanks to help a newbie.

kkarsten62
 

kkarsten62

Member
May 13, 2016
7
1
53
Germany
cPanel Access Level
Website Owner
Many thanks for the link. I already identfied this in WHM. But I would like to know in which option/section I have to integrate the <directory> code. "Pre Main Include" or "Pre VirtualHost Include " or "Post VirtualHost Include"?

And a next question: Do I need a restart of Apache service?

Thanks for a concretisation.

kkarsten62
 
Last edited:

bellwood

Well-Known Member
PartnerNOC
Sep 25, 2012
120
55
153
New York
cPanel Access Level
DataCenter Provider
Rather than modify the entire httpd.conf for a simple directive, perhaps place that block within an .htaccess inside the desired directory?

/home/$user/www/.well-known/openpgpkey

.htaccess:
Code:
   <IfModule mod_mime.c>
      ForceType application/octet-stream
      Header always set Access-Control-Allow-Origin "*"
   </IfModule>
This way, if you ever add an additional user, you aren't *blindly* adding that directive to a directory that may not exist or be needed.
 

kkarsten62

Member
May 13, 2016
7
1
53
Germany
cPanel Access Level
Website Owner
Many thanks bellwood. I followed your advice to handle it by .htaccess. :)

And according to this test:
https://metacode.biz/openpgp/web-key-directory
it seems to be already working and a test with a second E-Mail account was also positive.

But the check by:
Code:
gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email-adress
failed!

I am following a German script for implementation of Web Key Directory, opengpgkey (WKD).
https://www.kuketz-blog.de/gnupg-web-key-directory-wkd-einrichten/

In this script it is said that WKD will first try to evaluate to the subdomain opengpgkey.mydomain
To avoid this an empty TXT record has to be set to the DNS Zone.

I already did this in WHM and add a new TXT record with an "empty" string in WHM DNS Zone Manager.

After an hour I try to check by:
Bash:
host -t txt openpgpkey.mydomain
I always get:
Bash:
openpgpkey.mydomain has no TXT record
But I expect the following output:
Bash:
openpgpkey.mydomain descriptive text "empty"
So simple question:
Do I have to restart or push "something" in WHM to publish my new TXT record in Zone Manager?

Many thanks for the support of a newbie.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,505
2,605
363
cPanel Access Level
Root Administrator
@kkarsten62 - If you make a change to a DNS zone through cPanel or WHM there are no additional actions that need to be taken to ensure that is live and working normally. It's possible an hour isn't long enough for propagation to happen - are you still seeing the issue now that it's been a few days? If so, feel free to submit a ticket to our team so we can check things directly on the system for you.
 

kkarsten62

Member
May 13, 2016
7
1
53
Germany
cPanel Access Level
Website Owner
Thank you for your proactive help.

Meanwhile, I have forwarded the issue to my hoster. He "manually" propagated it into the DNS. I had seen that the openDNS process is set to "Failed". I have a small "Managed service support package" with my Hoster. So he is responsible to take care of this.

Thanks again. Ticket can be closed.