A farkon karni na 21, albarkatu kamar adiresoshin IPv4 suna gab da gajiyawa. Komawa cikin 2011, IANA ta ware ragowar guda biyar na ƙarshe / 8 na sararin adireshi ga masu rijistar Intanet na yanki, kuma tuni a cikin 2017 sun ƙare. Amsar bala'in karancin adireshi na IPv4 ba kawai bullar ka'idar IPv6 ba ce, har ma da fasahar SNI, wacce ta ba da damar karbar bakuncin dimbin gidajen yanar gizo a adireshin IPv4 guda daya. Mahimmancin SNI shine cewa wannan tsawo yana ba abokan ciniki damar, yayin aikin musafaha, don gaya wa uwar garken sunan shafin da yake son haɗawa da shi. Wannan yana ba uwar garken damar adana takaddun shaida da yawa, wanda ke nufin cewa yankuna da yawa na iya aiki akan adireshin IP ɗaya. Fasahar SNI ta zama sananne musamman a tsakanin masu samar da SaaS na kasuwanci, waɗanda ke da damar ɗaukar nauyin yanki kusan marasa iyaka ba tare da la’akari da adadin adiresoshin IPv4 da ake buƙata don wannan ba. Bari mu gano yadda zaku iya aiwatar da tallafin SNI a cikin Zimbra Collaboration Suite Bude-Source Edition.
SNI tana aiki a duk nau'ikan Zimbra OSE na yanzu da tallafi. Idan kana da Zimbra Open-Source da ke gudana akan kayan aikin uwar garken da yawa, kuna buƙatar aiwatar da duk matakan da ke ƙasa akan kumburi tare da shigar da sabar wakili na Zimbra. Bugu da ƙari, kuna buƙatar madaidaicin takardar shedar+ maɓalli na maɓalli, da amintattun sarƙoƙi na takaddun shaida daga CA na kowane yanki da kuke son ɗaukar bakuncin adreshinku na IPv4. Lura cewa dalilin mafi yawan kurakurai lokacin kafa SNI a Zimbra OSE daidai fayilolin da ba daidai ba ne tare da takaddun shaida. Sabili da haka, muna ba ku shawara ku duba komai a hankali kafin shigar da su kai tsaye.
Da farko, don SNI yayi aiki kullum, kuna buƙatar shigar da umarnin zmprov mcf zimbraReverseProxySNIE an kunna GASKIYA a kan kullin wakili na Zimbra, sannan kuma sake kunna sabis ɗin wakili ta amfani da umarnin zmproxyctl sake kunnawa.
Za mu fara da ƙirƙirar sunan yanki. Misali, za mu dauki yankin kamfani.ru kuma, bayan an riga an ƙirƙiri yankin, za mu yanke shawara akan sunan mai masaukin baki na Zimbra da adireshin IP na kama-da-wane. Lura cewa sunan mai masaukin baki na Zimbra dole ne ya dace da sunan da dole ne mai amfani ya shigar da shi a cikin mai lilo don samun damar yankin, kuma ya dace da sunan da aka ƙayyade a cikin takaddun shaida. Misali, bari mu dauki Zimbra azaman sunan mai masaukin baki mail.company.ru, kuma azaman adireshin IPv4 na kama-da-wane muna amfani da adireshin 1.2.3.4.
Bayan wannan, kawai shigar da umarnin zmprov md company.ru zimbraVirtualHostName mail.company.ru zimbraVirtualIPAdress 1.2.3.4don ɗaure mai masaukin baki na Zimbra zuwa adireshin IP na kama-da-wane. Lura cewa idan uwar garken tana bayan NAT ko Tacewar zaɓi, dole ne ku tabbatar da cewa duk buƙatun yankin sun tafi zuwa adireshin IP na waje wanda ke da alaƙa da shi, ba adireshinsa akan hanyar sadarwar gida ba.
Bayan duk abin da aka yi, abin da ya rage shi ne duba da shirya takaddun shaida don shigarwa, sannan shigar da su.
Idan an kammala ba da takardar shedar yanki daidai, ya kamata ku sami fayiloli guda uku masu takaddun shaida: biyu daga cikinsu sarƙoƙi ne na takaddun shaida daga ikon takaddun ku, ɗayan kuma takardar shedar kai tsaye ce ga yankin. Bugu da kari, dole ne ku sami fayil mai maɓalli wanda kuka yi amfani da shi don samun takaddun shaida. Ƙirƙiri babban fayil daban /tmp/company.ru kuma sanya duk fayilolin da aka samu tare da maɓallai da takaddun shaida a wurin. Sakamakon ƙarshe ya kamata ya zama wani abu kamar haka:
ls /tmp/company.ru
company.ru.key
company.ru.crt
company.ru.root.crt
company.ru.intermediate.crtBayan wannan, za mu haɗa sarƙoƙin takaddun shaida cikin fayil ɗaya ta amfani da umarnin kamfanin cat.ru.root.crt company.ru.intermediate.crt >> company.ru_ca.crt kuma tabbatar da cewa komai yana cikin tsari tare da takaddun shaida ta amfani da umarnin /opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/company.ru/company.ru.key /tmp/company.ru/company.ru.crt /tmp/company.ru/company.ru_ca.crt. Bayan tabbatar da takaddun takaddun da maɓalli sun yi nasara, zaku iya fara shigar da su.
Domin fara shigarwa, za mu fara haɗa takaddun yanki da amintattun sarƙoƙi daga hukumomin takaddun shaida cikin fayil ɗaya. Hakanan ana iya yin wannan ta amfani da umarni ɗaya kamar kamfanin cat.ru.crt company.ru_ca.crt >> company.ru.bundle. Bayan wannan, kuna buƙatar gudanar da umarni don rubuta duk takaddun shaida da maɓallin LDAP: /opt/zimbra/libexec/zmdomaicertmgr savecrt company.ru company.ru.bundle company.ru.keysannan shigar da takaddun shaida ta amfani da umarnin /opt/zimbra/libexec/zmdomaicertmgr deploycrts. Bayan shigarwa, takaddun shaida da maɓalli na yankin company.ru za a adana su a cikin babban fayil ɗin /opt/zimbra/conf/domaincerts/company.ru.
Ta hanyar maimaita waɗannan matakan ta amfani da sunayen yanki daban-daban amma adireshin IP iri ɗaya, yana yiwuwa a dauki nauyin yanki da yawa akan adireshin IPv4 guda ɗaya. A wannan yanayin, zaku iya amfani da takaddun shaida daga cibiyoyin bayarwa iri-iri ba tare da wata matsala ba. Kuna iya bincika daidaiton duk ayyukan da aka yi a kowane mai bincike, inda kowane sunan mai masaukin baki ya kamata ya nuna takardar shaidar SSL ta kansa.
Don duk tambayoyin da suka shafi Zextras Suite, zaku iya tuntuɓar Wakilin Zextras Ekaterina Triandafilidi ta imel [email kariya]
source: www.habr.com