Pakutanga kwezana ramakore rechi21, sosi yakaita seye IPv4 kero yave pedyo nekuneta. Kudzoka muna 2011, IANA yakagovera zvivharo zvishanu zvekupedzisira / 8 zvekero nzvimbo yayo kune vedunhu Internet registrars, uye kare muna 2017 vakapererwa nemakero. Mhinduro kudambudziko rekushomeka kweIPv4 kero kwaisangova kubuda kweIPv6 protocol, asiwo tekinoroji yeSNI, iyo yakaita kuti zvikwanise kutora nhamba huru yemawebhusaiti pane imwe IPv4 kero. Izvo zvakakosha zveSNI ndezvekuti kuwedzera uku kunobvumira vatengi, panguva yekubata maoko, kuti vaudze sevha zita resaiti yainoda kubatana nayo. Izvi zvinobvumira sevha kuchengetedza zvitupa zvakawanda, zvinoreva kuti akawanda madomasi anogona kushanda pane imwe IP kero. SNI tekinoroji yave kunyanya kufarirwa pakati pebhizinesi SaaS vanopa, vane mukana wekugamuchira dzinenge dzisingaperi nhamba yemadomasi pasina hanya nenhamba yeIPv4 kero inodiwa kune izvi. Ngatione kuti ungaite sei tsigiro yeSNI muZimbra Collaboration Suite Open-Source Edition.
SNI inoshanda mune ese aripo uye anotsigirwa shanduro yeZimbra OSE. Kana iwe uine Zimbra Open-Source inomhanya pane akawanda-server masisitimu, iwe unozofanirwa kuita ese matanho ari pazasi pane node ine Zimbra Proxy server yakaiswa. Pamusoro pezvo, iwe unozoda chitupa chekufananidza + kiyi pairi, pamwe neakavimbika setifiketi cheni kubva kuCA yako kune yega yega madomasi aunoda kugamuchira pane yako IPv4 kero. Ndokumbira utarise kuti chikonzero chemhosho dzakawanda pakumisikidza SNI muZimbra OSE ndeyechokwadi mafaira ane zvitupa. Naizvozvo, tinokupa zano kuti unyatso tarisa zvese usati wazviisa zvakananga.
Chekutanga pane zvese, kuitira kuti SNI ishande zvakajairika, unofanirwa kuisa murairo zmprov mcf zimbraReverseProxySNIEabled TRUE paZimbra proxy node, wobva watangazve sevhisi yeProxy uchishandisa rairo zmproxyctl restart.
Tichatanga nekugadzira zita rezita. Semuenzaniso, isu tichatora iyo domain company.ru uye, mushure mekunge iyo domain yatogadzirwa, isu tichasarudza paZimbra virtual host zita uye chaiyo IP kero. Ndokumbira utarise kuti Zimbra chaiyo yekugamuchira zita inofanirwa kuenderana nezita iro mushandisi anofanira kupinda mubrowser kuti awane iyo domain, uye zvakare kuenzanisa zita rakatsanangurwa muchitupa. Semuyenzaniso, ngatitore Zimbra sezita chairo rekutambira mail.company.ru, uye senge IPv4 kero tinoshandisa kero 1.2.3.4.
Mushure meizvi, ingoisa murairo zmprov md company.ru zimbraVirtualHostName mail.company.ru zimbraVirtualIPAddress 1.2.3.4kusunga iyo Zimbra virtual host kune chaiyo IP kero. Ndokumbira utarise kuti kana sevha iri kuseri kweNAT kana firewall, unofanirwa kuve nechokwadi chekuti zvikumbiro zvese kune iyo domain zvinoenda kune yekunze IP kero yakabatana nayo, uye kwete kukero yayo pane yemuno network.
Mushure mekunge zvese zvaitwa, chasara kutarisa uye kugadzirira domain zvitupa zvekuisa, wobva wazvimisa.
Kana kupihwa kwechitupa chezita kwakapedzwa nemazvo, iwe unofanirwa kunge uine mafaera matatu ane zvitupa: maviri acho macheni ezvitupa kubva kune yako certification chiremera, uye chimwe chitupa chakananga chedunhu. Pamusoro pezvo, iwe unofanirwa kuve nefaira rine kiyi yawakashandisa kutora chitupa. Gadzira imwe folda /tmp/company.ru uye isa mafaera ese aripo nemakiyi nezvitupa ipapo. Mhedzisiro yacho inofanira kunge yakaita seizvi:
ls /tmp/company.ru
company.ru.key
company.ru.crt
company.ru.root.crt
company.ru.intermediate.crtMushure meizvi, isu tichabatanidza maketani echitupa kuita faira rimwe chete tichishandisa murairo cat company.ru.root.crt company.ru.intermediate.crt >> company.ru_ca.crt uye ita shuwa kuti zvese zvakarongeka nezvitupa uchishandisa rairo /opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/company.ru/company.ru.key /tmp/company.ru/company.ru.crt /tmp/company.ru/company.ru_ca.crt. Mushure mekunge kuongororwa kwezvitupa uye kiyi kwabudirira, unogona kutanga kuzviisa.
Kuti utange kuisirwa, isu tinotanga tasanganisa domain chitupa uye cheni dzakavimbika kubva kune zvitupa zvitupa kuita faira rimwe. Izvi zvinogona zvakare kuitwa uchishandisa imwechete kuraira senge cat company.ru.crt company.ru_ca.crt >> company.ru.bundle. Mushure meizvi, unofanirwa kumhanyisa kuraira kuti unyore zvese zvitupa uye kiyi kuLDAP: /opt/zimbra/libexec/zmdomaincertmgr savecrt company.ru company.ru.bundle company.ru.keywobva waisa zvitupa uchishandisa rairo /opt/zimbra/libexec/zmdomaincertmgr deploycrts. Mushure mekuisa, zvitupa uye kiyi yekambani.ru domain ichachengetwa mufolda /opt/zimbra/conf/domaincerts/company.ru.
Nekudzokorodza nhanho idzi uchishandisa mazita edomasi akasiyana asi iyo imwe kero yeIP, zvinokwanisika kugamuchira mazana akati wandei madomasi pane imwechete IPv4 kero. Muchiitiko ichi, unogona kushandisa zvitupa kubva kwakasiyana siyana ekupa nzvimbo pasina matambudziko. Iwe unogona kutarisa iko kurongeka kwezviito zvese zvakaitwa mune chero browser, apo yega yega zita rekutambira rinofanira kuratidza rayo SSL chitupa.
Pamibvunzo yese ine chekuita neZextras Suite, unogona kubata Zextras Representative Ekaterina Triandafilidi neemail. [email inodzivirirwa]
Source: www.habr.com