Thaum pib ntawm lub xyoo pua 21st, cov peev txheej xws li IPv4 chaw nyob yog nyob rau ntawm kev qaug zog. Rov qab rau xyoo 2011, IANA tau faib tsib qhov kawg / 8 blocks ntawm nws qhov chaw nyob rau cov neeg sau npe hauv Internet hauv cheeb tsam, thiab twb nyob rau xyoo 2017 lawv tau khiav tawm ntawm qhov chaw nyob. Cov lus teb rau qhov tsis txaus ntseeg ntawm IPv4 chaw nyob tsis yog tsuas yog qhov tshwm sim ntawm IPv6 raws tu qauv, tab sis kuj yog SNI thev naus laus zis, uas ua rau nws muaj peev xwm tuav tau ntau lub vev xaib ntawm ib qho chaw nyob IPv4. Lub ntsiab lus ntawm SNI yog qhov kev txuas ntxiv no tso cai rau cov neeg siv khoom, thaum lub sijhawm tuav tes, qhia rau lub server lub npe ntawm qhov chaw uas nws xav txuas. Qhov no tso cai rau tus neeg rau zaub mov khaws ntau daim ntawv pov thawj, uas txhais tau hais tias ntau qhov chaw tuaj yeem ua haujlwm ntawm ib tus IP chaw nyob. SNI thev naus laus zis tau dhau los ua neeg nyiam tshaj plaws ntawm kev lag luam SaaS cov chaw muab kev pabcuam, uas muaj lub sijhawm los tuav lub luag haujlwm yuav luag tsis txwv tsis hais txog tus lej IPv4 qhov chaw nyob xav tau rau qhov no. Cia peb kawm seb koj tuaj yeem siv SNI kev txhawb nqa hauv Zimbra Collaboration Suite Open-Source Edition li cas.
SNI ua haujlwm hauv txhua qhov tam sim no thiab txhawb nqa ntawm Zimbra OSE. Yog tias koj muaj Zimbra Open-Source khiav ntawm ntau lub server infrastructure, koj yuav tsum tau ua txhua kauj ruam hauv qab no ntawm lub node nrog Zimbra Proxy server ntsia. Tsis tas li ntawd, koj yuav xav tau daim ntawv pov thawj zoo sib xws + cov khub tseem ceeb, nrog rau cov ntawv pov thawj ntseeg siab los ntawm koj CA rau txhua qhov chaw koj xav tuav ntawm koj qhov chaw nyob IPv4. Thov nco ntsoov tias qhov ua rau ntawm feem ntau ntawm qhov yuam kev thaum teeb tsa SNI hauv Zimbra OSE yog cov ntaub ntawv tsis raug nrog cov ntawv pov thawj. Yog li ntawd, peb qhia koj kom ua tib zoo xyuas txhua yam ua ntej txhim kho lawv ncaj qha.
Ua ntej tshaj plaws, kom SNI ua haujlwm ib txwm, koj yuav tsum nkag mus rau cov lus txib zmprov mcf zimbraReverseProxySNIEnabled TRUE ntawm Zimbra proxy node, thiab tom qab ntawd rov pib qhov kev pabcuam Proxy siv cov lus txib zmproxyctl rov pib dua.
Peb mam li pib los ntawm kev tsim lub npe sau npe. Piv txwv li, peb yuav coj tus sau tuam txhab.ru thiab, tom qab lub npe tau tsim lawm, peb yuav txiav txim siab ntawm Zimbra virtual host lub npe thiab virtual IP chaw nyob. Thov nco ntsoov tias Zimbra virtual host lub npe yuav tsum phim lub npe uas tus neeg siv yuav tsum nkag mus rau hauv qhov browser kom nkag mus rau lub npe, thiab kuj phim lub npe teev hauv daim ntawv pov thawj. Piv txwv li, cia peb siv Zimbra ua lub npe virtual host xa ntawv.company.ru, thiab raws li qhov chaw nyob virtual IPv4 peb siv qhov chaw nyob 1.2.3.4.
Tom qab no, cia li nkag mus rau qhov hais kom ua zmprov md company.ru zimbraVirtualHostName mail.company.ru zimbraVirtualIPAddress 1.2.3.4txhawm rau khi Zimbra virtual host rau qhov chaw nyob IP virtual. Thov nco ntsoov tias yog tias tus neeg rau zaub mov nyob tom qab NAT lossis firewall, koj yuav tsum xyuas kom meej tias txhua qhov kev thov rau lub npe mus rau qhov chaw nyob IP sab nraud cuam tshuam nrog nws, thiab tsis yog rau nws qhov chaw nyob hauv lub network.
Tom qab txhua yam ua tiav, txhua yam uas tseem tshuav yog txhawm rau txheeb xyuas thiab npaj cov ntawv pov thawj sau npe rau kev teeb tsa, thiab tom qab ntawd nruab lawv.
Yog tias qhov kev tshaj tawm ntawm daim ntawv pov thawj sau npe tau ua tiav kom raug, koj yuav tsum muaj peb cov ntaub ntawv nrog daim ntawv pov thawj: ob ntawm lawv yog cov chains ntawm daim ntawv pov thawj los ntawm koj daim ntawv pov thawj, thiab ib qho yog daim ntawv pov thawj ncaj qha rau lub npe. Tsis tas li ntawd, koj yuav tsum muaj cov ntaub ntawv nrog tus yuam sij uas koj siv kom tau txais daim ntawv pov thawj. Tsim ib daim ntawv tais ceev tseg /tmp/company.ru thiab tso tag nrho cov ntaub ntawv uas twb muaj lawm nrog cov yuam sij thiab daim ntawv pov thawj nyob rau ntawd. Cov txiaj ntsig kawg yuav tsum yog qee yam zoo li no:
ls /tmp/company.ru
company.ru.key
company.ru.crt
company.ru.root.crt
company.ru.intermediate.crtTom qab no, peb yuav muab cov ntawv pov thawj chains rau hauv ib cov ntaub ntawv siv cov lus txib miv company.ru.root.crt company.ru.intermediate.crt >> company.ru_ca.crt thiab xyuas kom meej tias txhua yam nyob rau hauv kev txiav txim nrog cov ntawv pov thawj siv cov lus txib /opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/company.ru/company.ru.key /tmp/company.ru/company.ru.crt /tmp/company.ru/company.ru_ca.crt. Tom qab kev txheeb xyuas cov ntawv pov thawj thiab tus yuam sij ua tiav, koj tuaj yeem pib txhim kho lawv.
Txhawm rau pib qhov kev teeb tsa, peb yuav xub muab cov ntawv pov thawj sau npe thiab cov chains ntseeg tau los ntawm cov ntawv pov thawj rau hauv ib daim ntawv. Qhov no kuj tuaj yeem ua tiav siv ib qho lus txib zoo li miv company.ru.crt company.ru_ca.crt >> company.ru.bundle. Tom qab ntawd, koj yuav tsum tau khiav cov lus txib kom sau tag nrho cov ntawv pov thawj thiab tus yuam sij rau LDAP: /opt/zimbra/libexec/zmdomaincertmgr savecrt company.ru company.ru.bundle company.ru.keythiab tom qab ntawd nruab cov ntawv pov thawj siv cov lus txib /opt/zimbra/libexec/zmdomaincertmgr deploycrts. Tom qab kev teeb tsa, daim ntawv pov thawj thiab tus yuam sij rau lub tuam txhab sau npe yuav muab khaws cia rau hauv daim nplaub tshev /opt/zimbra/conf/domaincerts/company.ru.
Los ntawm kev rov ua cov kauj ruam no siv cov npe sib txawv tab sis tib qhov chaw nyob IP, nws muaj peev xwm tuav tau ntau pua lub npe ntawm ib tus IPv4 chaw nyob. Hauv qhov no, koj tuaj yeem siv daim ntawv pov thawj los ntawm ntau lub chaw muab kev pabcuam yam tsis muaj teeb meem. Koj tuaj yeem tshawb xyuas qhov tseeb ntawm txhua qhov kev ua tiav hauv txhua qhov browser, qhov twg txhua lub npe virtual host yuav tsum tso nws tus kheej SSL daim ntawv pov thawj.
Rau tag nrho cov lus nug ntsig txog Zextras Suite, koj tuaj yeem tiv tauj Tus Neeg Sawv Cev ntawm Zextras Ekaterina Triandafilidi los ntawm e-mail [email tiv thaiv]
Tau qhov twg los: www.hab.com