ProHoster > Blog > Utongi > Rodha kuenzanisa muZimbra Open-Source Edition uchishandisa HAProxy

Rodha kuenzanisa muZimbra Open-Source Edition uchishandisa HAProxy

Rimwe remabasa makuru kana uchivaka hombe-hombe yeZimbra OSE zvivakwa ndiko kwakaringana kuyera mutoro. Pamusoro pekuti inowedzera kukanganisa kushivirira kwesevhisi, pasina kuyera kuyera hazvibviri kuve nechokwadi chekuteerera kwakafanana kwesevhisi kune vese vashandisi. Kuti ugadzirise dambudziko iri, mitoro inorema inoshandiswa - software uye hardware mhinduro dzinogoverazve zvikumbiro pakati pemaseva. Pakati pavo pane zvechinyakare, senge RoundRobin, iyo inongotumira chimwe nechimwe chinotevera chikumbiro kune inotevera sevha mune iyo rondedzero, uye kune zvakare yakawedzera yepamusoro, semuenzaniso HAProxy, iyo inoshandiswa zvakanyanya mu-high-load computing zvivakwa nekuda kwe nhamba yezvakanakira zvakakosha. Ngatitarisei kuti ungaita sei kuti HAProxy load balancer uye Zimbra OSE ishande pamwechete.

Rodha kuenzanisa muZimbra Open-Source Edition uchishandisa HAProxy

Saka, maererano nemirairo yebasa, isu tinopihwa iyo Zimbra OSE zvivakwa, iyo ine maviri Zimbra Proxy, maviri LDAP uye LDAP Replica maseva, mana mameseji ekuchengetera ane 1000 mail mabhokisi rimwe nerimwe uye matatu MTAs matatu. Tichifunga kuti tiri kubata nesevha yetsamba, inogashira mhando nhatu dzetraffic dzinoda kuenzanisa: HTTP yekurodha mutengi wewebhu, pamwe nePOP neSMTP yekutumira email. Muchiitiko ichi, traffic yeHTTP ichaenda kuZimbra Proxy maseva ane IP kero 192.168.0.57 uye 192.168.0.58, uye SMTP traffic ichaenda kuMTA maseva ane IP kero 192.168.0.77 uye 192.168.0.78.

Sezvatotaurwa, kuona kuti zvikumbiro zvinogoverwa zvakaenzana pakati pemaseva, isu tichashandisa HAProxy load balancer, iyo inomhanya paZimbra infrastructure ingress node inoshandisa Ubuntu 18.04. Kuisa haproxy pane ino yekushandisa system kunoitwa uchishandisa rairo sudo apt-tora kuisa haproxy. Mushure meizvi iwe unoda mufaira /etc/default/haproxy shandura parameter INOgoneswa=0 pamusoro INOgoneswa=1. Zvino, kuitira kuti uve nechokwadi chekuti haproxy iri kushanda, ingoisa murairo service haproxy. Kana sevhisi iyi ichishanda, izvi zvichave zvakajeka kubva pane zvakabuda zvekuraira.

Imwe yezvakanyanya kuipa kweHAProxy ndeyekuti nekusarudzika haifambisi IP kero yemutengi wekubatanidza, achiitsiva neyayo. Izvi zvinogona kutungamira kumamiriro ezvinhu apo maemail anotumirwa nevanorwisa haagone kuzivikanwa neIP kero kuitira kuti uwedzere kune blacklist. Zvisinei, nyaya iyi inogona kugadziriswa. Kuti uite izvi unofanirwa kugadzirisa faira /opt/zimbra/common/conf/master.cf.in pamaseva ane Postfix uye wedzera mitsara inotevera kwairi:

26      inet  n       -       n       -       1       postscreen
        -o postscreen_upstream_proxy_protocol=haproxy
 
466    inet  n       -       n       -       -       smtpd
%%uncomment SERVICE:opendkim%%  -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
        -o smtpd_tls_wrappermode=yes
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=
        -o smtpd_data_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_recipient_restrictions=
        -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
        -o syslog_name=postfix/smtps
        -o milter_macro_daemon_name=ORIGINATING
        -o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
 
588 inet n      -       n       -       -       smtpd
%%uncomment SERVICE:opendkim%%  -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_data_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_recipient_restrictions=
        -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
        -o syslog_name=postfix/submission
        -o milter_macro_daemon_name=ORIGINATING
        -o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust

Nekuda kweizvi, tichavhura ports 26, 466 uye 588, iyo inogashira inouya traffic kubva kuHAProxy. Mushure mekunge mafaera achengetwa, unofanirwa kutangazve Postfix pamaseva ese uchishandisa zmmtactl restart command.

Mushure meizvozvo, ngatitangei kuseta HAProxy. Kuti uite izvi, tanga wagadzira kopi yekuchengetedza yefaira rekugadzirisa cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. Wobva wavhura iyo source file mune text editor /etc/haproxy/haproxy.cfg uye tanga kuwedzera zvigadziriso zvinodiwa kwairi nhanho nhanho. Yekutanga bhuroka ichave ichiwedzera sevha inotora matanda, ichiisa iyo yakanyanya kubvumidzwa nhamba yekubatanidza panguva imwe chete, pamwe nekutsanangura zita neboka remushandisi iyo nzira yekuuraya ichave.

global
    user daemon
    group daemon
    daemon
    log 127.0.0.1 daemon
    maxconn 5000
    chroot /var/lib/haproxy

Nhamba ye5000 yekubatanidza panguva imwe chete yakaonekwa nokuda kwechikonzero. Sezvo isu tiine zviuru zvina zvemabhokisi etsamba muzvivakwa zvedu, isu tinofanirwa kufunga nezve mukana wekuti vese vachawana email yavo yebasa panguva imwe chete. Mukuwedzera, zvinodikanwa kusiya diki yekuchengetedza kana nhamba yavo ichiwedzera.

Zvino ngatiwedzerei block ine default marongero:

defaults
        timeout client 1m
        log global
        mode tcp
        timeout server 1m
        timeout connect 5s

Ichi chivharo chinogadzirisa nguva yakawanda yekuvhara kwemutengi uye sevha yekuvhara kuwirirana kana yapera, uye inogadzirisa maitiro ekushanda kweHAProxy. Muchiitiko chedu, muyero wemutoro unoshanda muTCP modhi, kureva kuti, inongoendesa TCP mapaketi pasina kuongorora zvirimo.

Tevere tichawedzera mitemo yekubatanidza pane akasiyana madoko. Semuyenzaniso, kana port 25 ichishandiswa SMTP yekubatanidza uye tsamba, saka zvine musoro kutumira zvinongedzo kune iyo kuMTAs inowanikwa muzvivako zvedu. Kana iyo yekubatanidza iri pachiteshi 80, saka ichi chikumbiro che http chinoda kuendeswa kuZimbra Proxy.

Mutemo wechiteshi 25:

frontend smtp-25
bind *:27
default_backend backend-smtp-25
 
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxy

Mutemo wechiteshi 465:

frontend smtp-465
bind *:467
default_backend backend-smtp-465

backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxy

Mutemo wechiteshi 587:

frontend smtp-587
bind *:589
default_backend backend-smtp-587
 
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxy

Mutemo wechiteshi 80:

frontend http-80
bind    *:80
default_backend http-80
 
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check

Mutemo wechiteshi 443:

frontend https
bind  *:443
default_backend https-443
 
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check

Ndokumbira utarise kuti mumitemo yekutumira TCP mapaketi kuMTA, padivi pekero yavo pane parameter. send-proxy. Izvi zvinodikanwa kuitira kuti, maererano neshanduko dzatakaita kare kune zvigadziriso zvePostfix, iyo yekutanga IP kero yemutumi wayo inotumirwa pamwe neTCP mapaketi.

Iye zvino kuti shanduko dzese dzinodiwa dzaitwa kuHAProxy, unogona kutangazve sevhisi uchishandisa rairo service haproxy restart uye tanga kuishandisa.

Pamibvunzo yese ine chekuita neZextras Suite, unogona kubata Zextras Representative Ekaterina Triandafilidi neemail. [email inodzivirirwa]

Source: www.habr.com

Voeg