Hoʻouka kaulike ma Zimbra Open-Source Edition me ka hoʻohana ʻana iā HAProxy

ʻO kekahi o nā hana koʻikoʻi i ke kūkulu ʻana i nā ʻōnaehana Zimbra OSE nui ʻo ia ke kau ʻana i ka ukana kūpono. Ma waho aʻe o ka hoʻonui ʻana i ka hoʻomanawanui hewa o ka lawelawe, ʻaʻole hiki ke hōʻoia i ka pane like o ka lawelawe no nā mea hoʻohana a pau. I mea e hoʻoponopono ai i kēia pilikia, hoʻohana ʻia nā mea kaulike hoʻoili - nā polokalamu a me nā hāmeʻa lako e hāʻawi hou i nā noi ma waena o nā kikowaena. Ma waena o lākou he mau mea kahiko loa, e like me RoundRobin, e hoʻouna wale ana i kēlā me kēia noi ma hope i ka server aʻe ma ka papa inoa, a aia kekahi mau mea ʻoi aku ka holomua, no ka laʻana HAProxy, ka mea i hoʻohana nui ʻia i nā ʻōnaehana helu kiʻekiʻe ma muli o kahi helu o na pomaikai nui. E nānā kākou pehea e hiki ai iā ʻoe ke hana pū i ka HAProxy load balancer a me Zimbra OSE.

No laila, e like me nā ʻōlelo o ka hana, hāʻawi ʻia mākou i ka ʻōnaehana Zimbra OSE, nona ʻelua Zimbra Proxy, ʻelua mau kikowaena LDAP a me LDAP Replica, ʻehā mau waihona leka me nā pahu leta 1000 i kēlā me kēia a me ʻekolu MTA. Hāʻawi ʻia mākou e pili ana i kahi kikowaena leka uila, e loaʻa iā ia ʻekolu ʻano kaʻa e pono ai ke kaulike: HTTP no ka hoʻoiho ʻana i ka mea kūʻai pūnaewele, a me POP a me SMTP no ka hoʻouna ʻana i ka leka uila. Ma keia hihia, e hele aku ka HTTP traffic i Zimbra Proxy servers me IP addresses 192.168.0.57 a me 192.168.0.58, a e hele aku ka SMTP traffic i MTA servers me IP addresses 192.168.0.77 a me 192.168.0.78.

E like me ka mea i haʻi mua ʻia, e hōʻoia i ka māhele like ʻana o nā noi ma waena o nā kikowaena, e hoʻohana mākou i ka HAProxy load balancer, e holo ana ma ka Zimbra infrastructure ingress node e holo ana i ka Ubuntu 18.04. Hoʻokomo ʻia ka haproxy ma kēia ʻōnaehana hana me ke kauoha sudo apt-e hoʻokomo i ka haproxy. Ma hope o kēia, pono ʻoe i ka faila /etc/default/haproxy hoʻololi hoʻohālikelike ENABLED=0 maluna o ENABLED=1. I kēia manawa, i mea e hōʻoia ai e hana ana ka haproxy, e hoʻokomo wale i ke kauoha lawelawe haproxy. Inā e holo ana kēia lawelawe, akaka kēia mai ka puka o ke kauoha.

ʻO kekahi o nā pōʻino nui o HAProxy ʻo ia ma ka maʻamau ʻaʻole ia e hoʻouna i ka IP address o ka mea hoʻopili pili, e hoʻololi iā ia me kāna iho. Hiki i kēia ke alakaʻi i nā kūlana i hiki ʻole ke ʻike ʻia nā leka uila i hoʻouna ʻia e nā mea hoʻouka e ka IP address i mea e hoʻohui ai i ka papa inoa ʻeleʻele. Eia naʻe, hiki ke hoʻoholo i kēia pilikia. No ka hana ʻana i kēia, pono ʻoe e hoʻoponopono i ka faila /opt/zimbra/common/conf/master.cf.in ma nā kikowaena me Postfix a hoʻohui i nā laina aʻe iā ia:

26      inet  n       -       n       -       1       postscreen
        -o postscreen_upstream_proxy_protocol=haproxy
 
466    inet  n       -       n       -       -       smtpd
%%uncomment SERVICE:opendkim%%  -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
        -o smtpd_tls_wrappermode=yes
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=
        -o smtpd_data_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_recipient_restrictions=
        -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
        -o syslog_name=postfix/smtps
        -o milter_macro_daemon_name=ORIGINATING
        -o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
 
588 inet n      -       n       -       -       smtpd
%%uncomment SERVICE:opendkim%%  -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_data_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_recipient_restrictions=
        -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
        -o syslog_name=postfix/submission
        -o milter_macro_daemon_name=ORIGINATING
        -o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust

Ma muli o kēia, e wehe mākou i nā awa 26, 466 a me 588, kahi e loaʻa ai nā kaʻa komo mai HAProxy. Ma hope o ka mālama ʻana i nā faila, pono ʻoe e hoʻomaka hou i ka Postfix ma nā kikowaena āpau e hoʻohana ana i ke kauoha zmmtactl restart.

Ma hope o kēlā, e hoʻomaka kākou e hoʻonohonoho i ka HAProxy. No ka hana ʻana i kēia, hana mua i kope kope o ka faila hoʻonohonoho cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. A laila wehe i ka waihona kumu ma kahi hoʻoponopono kikokikona /etc/haproxy/haproxy.cfg a hoʻomaka e hoʻohui i nā hoʻonohonoho pono iā ia i kēlā me kēia pae. ʻO ka poloka mua e hoʻohui i kahi kikowaena e lawe i nā lāʻau, e hoʻonohonoho ana i ka helu kiʻekiʻe i ʻae ʻia o nā pilina like, a me ka wehewehe ʻana i ka inoa a me ka hui o ka mea hoʻohana e pili ai ke kaʻina hana.

global
    user daemon
    group daemon
    daemon
    log 127.0.0.1 daemon
    maxconn 5000
    chroot /var/lib/haproxy

Ua ʻike ʻia ke kiʻi o 5000 mau pilina like ʻole no kahi kumu. No ka loaʻa ʻana o 4000 mau pahu leta i loko o kā mākou ʻoihana, pono mākou e noʻonoʻo i ka hiki ke komo i kā lākou leka uila hana i ka manawa like. Eia kekahi, pono e waiho i kahi waihona liʻiliʻi inā piʻi kā lākou helu.

I kēia manawa e hoʻohui i kahi poloka me nā hoʻonohonoho paʻamau:

defaults
        timeout client 1m
        log global
        mode tcp
        timeout server 1m
        timeout connect 5s

Hoʻonohonoho kēia poloka i ka manawa palena loa no ka mea kūʻai aku a me ke kikowaena e pani i ka pilina i ka wā e pau ai, a hoʻonohonoho pū i ke ʻano hana o HAProxy. I kā mākou hihia, hoʻohana ka mea kaulike i ke ʻano TCP, ʻo ia hoʻi, hoʻouna wale ia i nā ʻeke TCP me ka ʻole o ka nānā ʻana i kā lākou ʻike.

A laila e hoʻohui mākou i nā lula no nā pili ma nā awa like ʻole. No ka laʻana, inā hoʻohana ʻia ke awa 25 no nā pili SMTP a me ka hoʻouna ʻana i ka leka uila, a laila kūpono ke hoʻouna ʻana i nā pilina iā ia i nā MTA i loaʻa i kā mākou ʻoihana. Inā pili ka pilina ma ke awa 80, a laila he noi http kēia e pono e hoʻouna ʻia iā Zimbra Proxy.

Rula no ka awa 25:

frontend smtp-25
bind *:27
default_backend backend-smtp-25
 
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxy

Rula no ka awa 465:

frontend smtp-465
bind *:467
default_backend backend-smtp-465

backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxy

Rula no ka awa 587:

frontend smtp-587
bind *:589
default_backend backend-smtp-587
 
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxy

Rula no ka awa 80:

frontend http-80
bind    *:80
default_backend http-80
 
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check

Rula no ka awa 443:

frontend https
bind  *:443
default_backend https-443
 
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check

E ʻoluʻolu e hoʻomaopopo i nā lula no ka hoʻouna ʻana i nā ʻeke TCP i ka MTA, ma ka ʻaoʻao o kā lākou mau ʻōlelo he ʻāpana. hoʻouna-proxy. Pono kēia i mea, e like me nā hoʻololi a mākou i hana mua ai i nā hoʻonohonoho Postfix, hoʻouna ʻia ka IP IP kumu o kāna mea hoʻouna me nā ʻeke TCP.

I kēia manawa ua hoʻololi ʻia nā hoʻololi a pau i HAProxy, hiki iā ʻoe ke hoʻomaka hou i ka lawelawe me ke kauoha hoʻomaka hou ka lawelawe haproxy a hoʻomaka e hoʻohana.

No nā nīnau a pau e pili ana iā Zextras Suite, hiki iā ʻoe ke kelepona iā Zextras Representative Ekaterina Triandafilidi ma ka leka uila. [pale ʻia ka leka uila]

Source: www.habr.com