Kumayambiriro kwa zaka za zana la 21, zida monga ma adilesi a IPv4 zatsala pang'ono kutha. Kubwerera ku 2011, IANA idapereka midadada isanu yotsala / 8 ya malo ake adilesi kwa olembetsa pa intaneti, ndipo mu 2017 adasowa ma adilesi. Yankho la kuchepa kwakukulu kwa ma adilesi a IPv4 sikunali kokha kutuluka kwa protocol ya IPv6, komanso ukadaulo wa SNI, zomwe zidapangitsa kuti pakhale mawebusayiti ambiri pa adilesi imodzi ya IPv4. Chofunikira cha SNI ndikuti kukulitsa uku kumalola makasitomala, panthawi yogwirana chanza, kuti auze seva dzina la tsamba lomwe akufuna kulumikizana nalo. Izi zimalola seva kusungira masatifiketi angapo, zomwe zikutanthauza kuti madambwe angapo amatha kugwira ntchito pa adilesi imodzi ya IP. Ukadaulo wa SNI watchuka kwambiri pakati pa opereka mabizinesi a SaaS, omwe ali ndi mwayi wokhala ndi madera ambiri osawerengera ma adilesi a IPv4 ofunikira pa izi. Tiyeni tiwone momwe mungagwiritsire ntchito thandizo la SNI mu Zimbra Collaboration Suite Open-Source Edition.
SNI imagwira ntchito m'mitundu yonse yamakono komanso yothandizidwa ya Zimbra OSE. Ngati muli ndi Zimbra Open-Source yomwe ikuyenda pama seva ambiri, muyenera kuchita masitepe onse omwe ali pansipa pa node yokhala ndi seva ya Zimbra Proxy yoyikidwa. Kuphatikiza apo, mufunika satifiketi yofananira + makiyi awiriawiri, komanso maunyolo odalirika a satifiketi kuchokera ku CA yanu pamagawo aliwonse omwe mukufuna kukhala nawo pa adilesi yanu ya IPv4. Chonde dziwani kuti zomwe zimayambitsa zolakwika zambiri mukakhazikitsa SNI mu Zimbra OSE ndizolakwika mafayilo okhala ndi satifiketi. Choncho, tikukulangizani kuti muyang'ane mosamala zonse musanaziike mwachindunji.
Choyamba, kuti SNI igwire ntchito bwino, muyenera kulowa lamulo zmprov mcf zimbraReverseProxySNIEnebled TRUE pa Zimbra proxy node, ndiyeno yambitsaninso ntchito ya Proxy pogwiritsa ntchito lamulo zmproxyctl kuyambitsanso.
Tiyamba ndi kupanga domain name. Mwachitsanzo, titenga domain company.ru ndipo, domain itapangidwa kale, tidzasankha dzina la gulu la Zimbra ndi adilesi ya IP. Chonde dziwani kuti dzina lachidziwitso la Zimbra liyenera kufanana ndi dzina lomwe wogwiritsa ntchito ayenera kulowa mu msakatuli kuti alowe mu domain, komanso lifanane ndi dzina lomwe lafotokozedwa pa satifiketi. Mwachitsanzo, tiyeni titenge Zimbra ngati dzina lodziwika bwino mail.company.ru, ndipo monga adilesi ya IPv4 timagwiritsa ntchito adilesiyo 1.2.3.4.
Pambuyo pake, ingolowetsani lamulo zmprov md company.ru zimbraVirtualHostName mail.company.ru zimbraVirtualIPAddress 1.2.3.4kumanga gulu la Zimbra ku adilesi yeniyeni ya IP. Chonde dziwani kuti ngati seva ili kuseri kwa NAT kapena firewall, muyenera kuwonetsetsa kuti zopempha zonse ku domain zimapita ku adilesi yakunja ya IP yolumikizidwa nayo, osati ku adilesi yake pamaneti akomweko.
Zonse zikachitika, chomwe chatsala ndikuwunika ndikukonzekera ziphaso za domain kuti zikhazikitsidwe, ndikuziyika.
Ngati kuperekedwa kwa satifiketi ya domain kudamalizidwa molondola, muyenera kukhala ndi mafayilo atatu okhala ndi ziphaso: awiri aiwo ndi maunyolo a satifiketi kuchokera kwa oyang'anira certification anu, ndipo imodzi ndi satifiketi yachindunji ya domain. Kuphatikiza apo, muyenera kukhala ndi fayilo yokhala ndi kiyi yomwe mudagwiritsa ntchito kuti mupeze satifiketi. Pangani chikwatu chosiyana /tmp/company.ru ndikuyika mafayilo onse omwe alipo ndi makiyi ndi ziphaso pamenepo. Chotsatiracho chiyenera kukhala chonchi:
ls /tmp/company.ru
company.ru.key
company.ru.crt
company.ru.root.crt
company.ru.intermediate.crtPambuyo pake, tidzaphatikiza maunyolo a satifiketi kukhala fayilo imodzi pogwiritsa ntchito lamulo cat company.ru.root.crt company.ru.intermediate.crt >> company.ru_ca.crt ndipo onetsetsani kuti zonse zikuyenda bwino ndi satifiketi pogwiritsa ntchito lamulo /opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/company.ru/company.ru.key /tmp/company.ru/company.ru.crt /tmp/company.ru/company.ru_ca.crt. Pambuyo potsimikizira satifiketi ndi kiyi yapambana, mutha kuyamba kuziyika.
Kuti tiyambe kuyika, choyamba tiphatikiza satifiketi ya domain ndi maunyolo odalirika kuchokera kwa oyang'anira certification kukhala fayilo imodzi. Izi zitha kuchitikanso pogwiritsa ntchito lamulo limodzi ngati cat company.ru.crt company.ru_ca.crt >> company.ru.bundle. Pambuyo pake, muyenera kuyendetsa lamulo kuti mulembe ziphaso zonse ndi kiyi ku LDAP: /opt/zimbra/libexec/zmdomaincertmgr savecrt company.ru company.ru.bundle company.ru.keyndiyeno yikani satifiketi pogwiritsa ntchito lamulo /opt/zimbra/libexec/zmdomaincertmgr deploycrts. Pambuyo kukhazikitsa, ziphaso ndi fungulo la domain.ru zidzasungidwa mufoda /opt/zimbra/conf/domaincerts/company.ru.
Pobwereza masitepewa pogwiritsa ntchito mayina osiyanasiyana koma ma adilesi a IP omwewo, ndizotheka kuchititsa madera mazana angapo pa adilesi imodzi ya IPv4. Pankhaniyi, mutha kugwiritsa ntchito ziphaso zochokera kumalo osiyanasiyana operekera popanda mavuto. Mutha kuyang'ana zolondola pazochita zonse zomwe zachitika mu msakatuli aliyense, pomwe dzina lililonse la wolandila liyenera kuwonetsa satifiketi yake ya SSL.
Pamafunso onse okhudzana ndi Zextras Suite, mutha kulumikizana ndi Woimira Zextras Ekaterina Triandafilidi ndi imelo. [imelo ndiotetezedwa]
Source: www.habr.com