SOLVED Where to install web key directory configuration in Apache?

[kkarsten62]

Hi,

I would like to add the following section to Apache configuration in order to establish Web Key Directory (WKD) services for easy providing my GnuPG keys. I never did Apache configuration before so I would like to be sure to do it right.

## WEB KEY DIRECTORY ##
<Directory "/.well-known/openpgpkey">
   <IfModule mod_mime.c>
      ForceType application/octet-stream
      Header always set Access-Control-Allow-Origin "*"
   </IfModule>
</Directory>

How to do this by using WHM?

Many thanks to help a newbie.

kkarsten62

 

[cPanelAnthony]

Hello! You can do this using the Include Editor in WHM as described here.

Include Editor

 

[kkarsten62]

Many thanks for the link. I already identfied this in WHM. But I would like to know in which option/section I have to integrate the <directory> code. "Pre Main Include" or "Pre VirtualHost Include " or "Post VirtualHost Include"?

And a next question: Do I need a restart of Apache service?

Thanks for a concretisation.

kkarsten62

 

[bellwood]

Do you only want this directory to be valid for a single user or all users?

And a next question: Do I need a restart of Apache service?

Anytime you make a configuration file modification you need to restart the service.

 

[kkarsten62]

Do you only want this directory to be valid for a single user or all users?

I don't know what do you mean by "user". I have only one (1) Account installed in WHM.

kkarsten62

 

[bellwood]

Rather than modify the entire httpd.conf for a simple directive, perhaps place that block within an .htaccess inside the desired directory?

/home/$user/www/.well-known/openpgpkey

.htaccess:

   <IfModule mod_mime.c>
      ForceType application/octet-stream
      Header always set Access-Control-Allow-Origin "*"
   </IfModule>

This way, if you ever add an additional user, you aren't *blindly* adding that directive to a directory that may not exist or be needed.

 

[kkarsten62]

Many thanks bellwood. I followed your advice to handle it by .htaccess.

And according to this test:
https://metacode.biz/openpgp/web-key-directory
it seems to be already working and a test with a second E-Mail account was also positive.

But the check by:

gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email-adress

failed!

I am following a German script for implementation of Web Key Directory, opengpgkey (WKD).
https://www.kuketz-blog.de/gnupg-web-key-directory-wkd-einrichten/

In this script it is said that WKD will first try to evaluate to the subdomain opengpgkey.mydomain
To avoid this an empty TXT record has to be set to the DNS Zone.

I already did this in WHM and add a new TXT record with an "empty" string in WHM DNS Zone Manager.

After an hour I try to check by:

host -t txt openpgpkey.mydomain

I always get:

openpgpkey.mydomain has no TXT record

But I expect the following output:

openpgpkey.mydomain descriptive text "empty"

So simple question:
Do I have to restart or push "something" in WHM to publish my new TXT record in Zone Manager?

Many thanks for the support of a newbie.

 

[cPRex]

@kkarsten62 - If you make a change to a DNS zone through cPanel or WHM there are no additional actions that need to be taken to ensure that is live and working normally. It's possible an hour isn't long enough for propagation to happen - are you still seeing the issue now that it's been a few days? If so, feel free to submit a ticket to our team so we can check things directly on the system for you.

 

[kkarsten62]

Thank you for your proactive help.

Meanwhile, I have forwarded the issue to my hoster. He "manually" propagated it into the DNS. I had seen that the openDNS process is set to "Failed". I have a small "Managed service support package" with my Hoster. So he is responsible to take care of this.

Thanks again. Ticket can be closed.

 

[cPRex]

I'm glad the host was able to help!