Otu n'ime isi ọrụ mgbe ị na-ewu nnukwu akụrụngwa Zimbra OSE bụ ndozi ibu kwesịrị ekwesị. Na mgbakwunye na eziokwu na ọ na-abawanye ntachi obi nke ọrụ ahụ, na-enweghị nhazi ibu ọ gaghị ekwe omume iji hụ na otu nzaghachi nke ọrụ ahụ maka ndị ọrụ niile. Iji dozie nsogbu a, a na-eji ndị na-edozi ibu - ngwanrọ na ngwaike ngwọta nke na-ekesa arịrịọ n'etiti sava. N'ime ha enwere ndị ochie, dị ka RoundRobin, nke na-eziga arịrịọ ọ bụla na-esote na sava na-esote na listi ahụ, enwerekwa ndị ọzọ dị elu, dịka ọmụmaatụ HAProxy, nke a na-ejikarị na akụrụngwa kọmpụta dị elu n'ihi a. ọnụ ọgụgụ dị ịrịba ama uru. Ka anyị leba anya ka ị ga-esi mee ka HAProxy load balancer na Zimbra OSE rụọ ọrụ ọnụ.
Yabụ, dịka usoro nke ọrụ ahụ si dị, a na-enye anyị akụrụngwa Zimbra OSE, nke nwere Zimbra Proxy abụọ, sava abụọ LDAP na LDAP Replica, ebe nchekwa ozi anọ nwere igbe ozi 1000 nke ọ bụla na atọ MTA. Nyere na anyị na-emeso ihe nkesa ozi, ọ ga-enweta ụdị okporo ụzọ atọ chọrọ nhazi: HTTP maka nbudata onye ahịa weebụ, yana POP na SMTP maka izipu email. N'okwu a, okporo ụzọ HTTP ga-aga na sava Zimbra Proxy nwere adreesị IP 192.168.0.57 na 192.168.0.58, na okporo ụzọ SMTP ga-aga na sava MTA na adreesị IP 192.168.0.77 na 192.168.0.78.
Dịka e kwurula, iji hụ na a na-ekesa arịrịọ n'etiti sava ahụ, anyị ga-eji HAProxy load balancer, nke ga-agba ọsọ na oghere ingress Zimbra na-agba ọsọ Ubuntu 18.04. Ịwụnye haproxy na sistemụ arụmọrụ a na-eji iwu ahụ sudo apt-nweta tinye haproxy. Mgbe nke a gasịrị, ịchọrọ na faịlụ /etc/default/haproxy gbanwee oke KWERE=0 on KWERE=1. Ugbu a, iji hụ na haproxy na-arụ ọrụ, dị nnọọ tinye iwu ọrụ haproxy. Ọ bụrụ na ọrụ a na-agba ọsọ, nke a ga-apụta ìhè site na mmepụta nke iwu ahụ.
Otu n'ime ihe ọghọm dị na HAProxy bụ na site na ndabara ọ naghị ebufe adreesị IP nke onye ahịa na-ejikọta ya, dochie ya na nke ya. Nke a nwere ike ibute ọnọdụ ebe adreesị IP enweghị ike ịmata ozi-e nke ndị mwakpo zitere iji tinye ya na ndetu ojii. Agbanyeghị, enwere ike idozi okwu a. Iji mee nke a, ịkwesịrị idezi faịlụ ahụ /opt/zimbra/common/conf/master.cf.in na sava nwere Postfix ma tinye ahịrị ndị a na ya:
26 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
466 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
588 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjustN'ihi nke a, anyị ga-emeghe ọdụ ụgbọ mmiri 26, 466 na 588, nke ga-enweta okporo ụzọ na-abata site na HAProxy. Mgbe echekwara faịlụ ndị ahụ, ị kwesịrị ịmalitegharịa Postfix na sava niile site na iji zmmtactl malitegharịa iwu.
Mgbe nke ahụ gasịrị, ka anyị bido ịtọlite HAProxy. Iji mee nke a, buru ụzọ mepụta nnomi ndabere nke faịlụ ntọala cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. Mepee faịlụ isi mmalite na nchịkọta ederede /etc/haproxy/haproxy.cfg wee malite ịgbakwunye ntọala ndị dị mkpa na ya site na nzọụkwụ. Ihe mgbochi nke mbụ ga-agbakwunye ihe nkesa na-ewe ndekọ, na-edozi ọnụ ọgụgụ kachasị ekwe omume nke njikọ n'otu oge, yana ịkọwa aha na otu onye ọrụ nke usoro mmebe ga-adị.
global
user daemon
group daemon
daemon
log 127.0.0.1 daemon
maxconn 5000
chroot /var/lib/haproxyỌnụ ọgụgụ nke njikọ 5000 n'otu oge pụtara maka ihe kpatara ya. Ebe anyị nwere igbe akwụkwọ ozi 4000 na akụrụngwa anyị, anyị kwesịrị ịtụle ohere na ha niile ga-enweta ozi email ọrụ ha n'otu oge. Na mgbakwunye, ọ dị mkpa ịhapụ obere nchekwa ma ọ bụrụ na ọnụ ọgụgụ ha na-abawanye.
Ugbu a, ka anyị tinye ngọngọ nwere ntọala ndabara:
defaults
timeout client 1m
log global
mode tcp
timeout server 1m
timeout connect 5sIhe mgbochi a na-edobe oge kachasị maka onye ahịa na ihe nkesa iji mechie njikọ ahụ mgbe ọ kwụsịrị, ma na-edozikwa ọnọdụ ọrụ nke HAProxy. N'ọnọdụ anyị, onye na-ebu ibu na-arụ ọrụ na ọnọdụ TCP, ya bụ, ọ na-ebufe ngwugwu TCP na-enyochaghị ọdịnaya ha.
Ọzọ anyị ga-agbakwunye iwu maka njikọ na ọdụ ụgbọ mmiri dị iche iche. Dịka ọmụmaatụ, ọ bụrụ na eji ọdụ ụgbọ mmiri 25 maka njikọ SMTP na mail, mgbe ahụ ọ bụ ihe ezi uche dị na ya ibuga njikọ ya na MTA dị na akụrụngwa anyị. Ọ bụrụ na njikọ ahụ dị na ọdụ ụgbọ mmiri 80, nke a bụ arịrịọ http nke kwesịrị ibuga Zimbra Proxy.
Iwu maka ọdụ ụgbọ mmiri 25:
frontend smtp-25
bind *:27
default_backend backend-smtp-25
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxyIwu maka ọdụ ụgbọ mmiri 465:
frontend smtp-465
bind *:467
default_backend backend-smtp-465
backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxyIwu maka ọdụ ụgbọ mmiri 587:
frontend smtp-587
bind *:589
default_backend backend-smtp-587
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxyIwu maka ọdụ ụgbọ mmiri 80:
frontend http-80
bind *:80
default_backend http-80
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 checkIwu maka ọdụ ụgbọ mmiri 443:
frontend https
bind *:443
default_backend https-443
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 checkBiko mara na na iwu maka ibuga ngwugwu TCP na MTA, n'akụkụ adreesị ha nwere oke. izipu-proxy. Nke a dị mkpa ka, dabere na mgbanwe anyị mere na mbụ na ntọala Postfix, a na-eziga adreesị IP mbụ nke onye zitere ya yana ngwugwu TCP.
Ugbu a ka emeela mgbanwe niile dị mkpa na HAProxy, ị nwere ike ịmalitegharị ọrụ ahụ site na iji iwu ahụ ọrụ haproxy malitegharịa malite iji ya.
Maka ajụjụ niile metụtara Zextras Suite, ị nwere ike ịkpọtụrụ Zextras Representative Ekaterina Triandafilidi site na email. [email protected]
isi: www.habr.com