O se tasi o galuega autu pe a fausia ni mea tetele Zimbra OSE infrastructures o le paleni lelei o uta. I le faaopoopo atu i le mea moni e faʻateleina le faʻapalepale sese o le tautua, e aunoa ma le paleni o uta e le mafai ona faʻamautinoa le tali tutusa o le auaunaga mo tagata uma. Ina ia foia lenei faafitauli, o loʻo faʻaogaina le paleni o uta - polokalama faʻapipiʻi ma meafaigaluega e toe tufatufaina atu talosaga i le va o sapalai. I totonu oi latou o loʻo i ai ni mea faʻapitoa, pei o RoundRobin, lea e naʻo le tuʻuina atu o talosaga mulimuli ane i le isi server i le lisi, ma o loʻo i ai foʻi isi mea sili atu, mo se faʻataʻitaʻiga HAProxy, lea e faʻaaogaina lautele i luga o le tele o faʻaogaina o masini komepiuta ona o se numera o tulaga lelei taua. Se'i o tatou va'ai pe fa'apefea ona e fa'aogaina le HAProxy load balancer ma le Zimbra OSE e galulue fa'atasi.
O lea la, e tusa ai ma tuutuuga o le galuega, ua tuʻuina mai ia i matou le Zimbra OSE infrastructure, lea e lua Zimbra Proxy, lua LDAP ma LDAP Replica servers, fa meli faʻapipiʻi ma 1000 pusa meli taʻitasi ma tolu MTA. Tuuina atu o loʻo matou feagai ma se meli meli, o le a maua ni ituaiga se tolu o fefaʻatauaiga e manaʻomia le paleni: HTTP mo le siiina mai o le upega tafaʻilagi, faʻapea foʻi ma le POP ma le SMTP mo le lafoina o imeli. I lenei tulaga, o le a alu le HTTP traffic i Zimbra Proxy servers ma tuatusi IP 192.168.0.57 ma 192.168.0.58, ma o le SMTP traffic o le a alu i MTA servers ma tuatusi IP 192.168.0.77 ma 192.168.0.78.
E pei ona taʻua muamua, ina ia mautinoa o loʻo tufatufaina tutusa talosaga i le va o 'auʻaunaga, matou te faʻaogaina le HAProxy load balancer, lea o le a taʻavale i luga o le Zimbra infrastructure ingress node o loʻo faʻaogaina le Ubuntu 18.04. O le faʻapipiʻiina o le haproxy i luga o lenei faiga faʻaoga ua faia e faʻaaoga ai le poloaiga sudo apt-maua faʻapipiʻi le haproxy. A maeʻa lenei mea e te manaʻomia ile faila /etc/default/haproxy sui parakalafa ENABLED=0 i ENABLED=1. Ia, ina ia mautinoa o loʻo galue le haproxy, naʻo le ulufale i le poloaiga tautua haproxy. Afai o loʻo taʻavale lenei auaunaga, o le a manino mai le gaioiga o le faʻatonuga.
O se tasi o faʻaletonu autu o HAProxy o le le mafai ona tuʻuina atu le tuatusi IP o le tagata faʻafesoʻotaʻi fesoʻotaʻi, suia i ana lava. O lenei mea e mafai ona oʻo atu ai i tulaga e le mafai ai e imeli na lafoina e tagata osofaʻi ona iloa e le tuatusi IP ina ia faʻaopoopo i le lisi uliuli. Peitai, e mafai ona foia lenei mataupu. Ina ia faia lenei mea e te manaʻomia e faʻasaʻo le faila /opt/zimbra/common/conf/master.cf.in i luga o sapalai ma Postfix ma faʻaopopo laina nei i ai:
26 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
466 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
588 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
Ona o lenei mea, o le a matou tatalaina ports 26, 466 ma 588, lea o le a maua mai feʻaveaʻi mai HAProxy. A maeʻa ona faʻasaoina faila, e tatau ona e toe amataina le Postfix i luga o sapalai uma e faʻaaoga ai le zmmtactl restart command.
A maeʻa lena, seʻi o tatou amata seti HAProxy. Ina ia faia lenei mea, muamua faia se kopi faaleoleo o le faila seti cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. Ona tatala lea o le faila faila i totonu o se tusitala o tusitusiga /etc/haproxy/haproxy.cfg ma amata fa'aopoopo tulaga talafeagai i lea laasaga ma lea laasaga. O le poloka muamua o le a faʻaopoopoina se 'auʻaunaga e ave ogalaau, faʻatulagaina le maualuga faʻatagaina numera o fesoʻotaʻiga tutusa, faʻapea foʻi ma le faʻamaoniaina o le igoa ma le vaega o le tagata faʻaoga o le a auai i le faʻatinoga.
global
user daemon
group daemon
daemon
log 127.0.0.1 daemon
maxconn 5000
chroot /var/lib/haproxy
Ole fuainumera ole 5000 fesoʻotaʻiga faʻatasi na faʻaalia mo se mafuaʻaga. Talu ai e 4000 a matou pusameli i totonu oa tatou atinaʻe, e tatau ona tatou mafaufau i le avanoa latou te maua uma ai a latou imeli galuega i le taimi e tasi. E le gata i lea, e tatau ona tuʻu se faʻaagaga laʻititi pe a faʻateleina a latou numera.
Se'i o tatou fa'aopoopoina se poloka e iai fa'atonuga fa'aletonu:
defaults
timeout client 1m
log global
mode tcp
timeout server 1m
timeout connect 5s
O le poloka lea e fa'atulaga ai le taimi aupito maualuga mo le kalani ma le server e tapunia le feso'ota'iga pe a muta, ma fa'apena fo'i le fa'aogaina o le HAProxy. I la matou tulaga, o loʻo galue le paleni o uta i le TCP mode, o lona uiga, naʻo le tuʻuina atu o pusa TCP e aunoa ma le suʻeina o latou mea.
O le isi o le a matou faʻaopoopo tulafono mo fesoʻotaʻiga i luga o ports eseese. Mo se fa'ata'ita'iga, afai e fa'aoga le port 25 mo feso'ota'iga SMTP ma meli, e talafeagai le tu'uina atu o feso'ota'iga i MTA o lo'o maua i totonu oa tatou atina'e. Afai o le fesoʻotaʻiga o loʻo i luga o le taulaga 80, o lona uiga ole talosaga http lea e manaʻomia ona tuʻuina atu ile Zimbra Proxy.
Tulafono mo le taulaga 25:
frontend smtp-25
bind *:27
default_backend backend-smtp-25
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxy
Tulafono mo le taulaga 465:
frontend smtp-465
bind *:467
default_backend backend-smtp-465
backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxy
Tulafono mo le taulaga 587:
frontend smtp-587
bind *:589
default_backend backend-smtp-587
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxy
Tulafono mo le taulaga 80:
frontend http-80
bind *:80
default_backend http-80
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check
Tulafono mo le taulaga 443:
frontend https
bind *:443
default_backend https-443
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check
Faamolemole ia matau i tulafono mo le auina atu o pepa TCP i le MTA, i tafatafa o latou tuatusi o loʻo i ai se parakalafa. lafo-solo. E manaʻomia lenei mea ina ia, e tusa ai ma suiga na matou faia muamua i le Postfix settings, o le tuatusi IP muamua a le tagata na auina atu e auina atu faʻatasi ma pepa TCP.
I le taimi nei ua uma ona faia suiga talafeagai i HAProxy, e mafai ona e toe amataina le auaunaga e faʻaaoga ai le poloaiga tautua haproxy toe amata ma amata faʻaaogaina.
Mo fesili uma e fesoʻotaʻi ma Zextras Suite, e mafai ona e faʻafesoʻotaʻi le Sui o Zextras Ekaterina Triandafilidi ile imeli [imeli puipuia]
puna: www.habr.com