Bilowgii qarniga 21-aad, kheyraadka sida cinwaannada IPv4 ayaa qarka u saaran daal. Dib ugu noqoshada 2011, IANA waxay u qoondeysay shantii ugu dambeysay ee soo hartay / 8 baloog ee booskeeda ciwaanka diiwaan-geliyayaasha internetka ee gobolka, horeyna 2017 waxay ka dhamaadeen ciwaanadooda. Jawaabta masiibada yar ee ciwaannada IPv4 ma ahayn oo kaliya soo ifbaxa borotokoolka IPv6, laakiin sidoo kale tignoolajiyada SNI, taas oo suurta gelisay in tiro badan oo shabakado ah lagu martigeliyo hal ciwaan IPv4 ah. Nuxurka SNI waa in kordhintan ay u ogolaato macaamiisha, inta lagu jiro habka gacan-qaadka, inay u sheegaan server-ka magaca goobta uu rabo inuu ku xidho. Tani waxay u oggolaanaysaa server-ku inuu kaydiyo shahaadooyin badan, taas oo macnaheedu yahay in meelo badan ay ku shaqeyn karaan hal ciwaan IP ah. Tiknoolajiyada SNI waxay si gaar ah caan uga noqotay bixiyeyaasha SaaS ee ganacsiga, kuwaas oo fursad u haysta inay martigeliyaan tiro aan xadidnayn oo domains ah iyada oo aan loo eegin tirada cinwaannada IPv4 ee looga baahan yahay tan. Aynu ogaano sida aad u hirgelin karto taageerada SNI ee Zimbra Collaboration Suite Edition Open-Source Edition.
SNI waxay ka shaqeysaa dhammaan noocyada hadda jira iyo kuwa la taageeray ee Zimbra OSE. Haddii aad haysato Zimbra Open-Source oo ku shaqaynaysa kaabayaal adeegayaal badan, waxaad u baahan doontaa inaad ku fuliso dhammaan tillaabooyinka hoose dhinaca noodhka oo lagu rakibay server-ka Zimbra Proxy. Intaa waxaa dheer, waxaad u baahan doontaa shahaadada isku midka ah+Lammaanaha muhiimka ah, iyo sidoo kale silsilado shahaado ah oo la aamini karo oo CA-gaaga mid kasta oo ka mid ah xayndaabyada aad rabto inaad ku martigeliso ciwaankaaga IPv4. Fadlan la soco in sababta qaladaadka ugu badan marka la samaynayo SNI ee Zimbra OSE ay tahay faylal khaldan oo shahaadooyin wata. Sidaa darteed, waxaan kugula talineynaa inaad si taxadar leh u hubiso wax walba ka hor inta aadan si toos ah u rakibin.
Marka hore, si SNI ay si caadi ah ugu shaqeyso, waxaad u baahan tahay inaad geliso amarka zmprov mcf zimbraReverseProxySNIEnabled TRUE on the Zimbra proxy node, ka dibna dib u billow adeegga wakiilka addoo amarka zmproxyctl dib u bilow.
Waxaan ku bilaabi doonaa abuurista magac domain Tusaale ahaan, waxaan qaadan doonaa domainka shirkadda.ru iyo, ka dib markii domainka mar hore la abuuray, waxaan go'aansan doonaa Zimbra magaca martida loo yahay iyo ciwaanka IP-ga ah. Fadlan ogow in magaca martida loo yahay ee Zimbra uu waafaqayaa magaca uu isticmaaluhu ku qasban yahay inuu galo browserka si uu u galo domainka, iyo sidoo kale waafaqo magaca lagu sheegay shahaadada. Tusaale ahaan, aan u soo qaadanno Zimbra sida magaca martida loo yahay mail.company.ru, iyo sida ciwaanka IPV4 ahaan waxaan isticmaalnaa ciwaanka 1.2.3.4.
Taas ka dib, kaliya geli amarka zmprov md company.ru zimbraVirtualHostName mail.company.ru zimbraVirtualIPAddress 1.2.3.4in lagu xidho martigeliyaha farsamada ee Zimbra ciwaanka IP-ga ee dhabta ah. Fadlan ogow in haddii server-ku uu ku yaallo gadaasha NAT ama firewall, waa inaad hubisaa in dhammaan codsiyada domainka ay aadaan ciwaanka IP-ga ee dibadda ee la xidhiidha, oo aan loo gudbin ciwaankiisa shabakadda deegaanka.
Ka dib markii wax walba la sameeyo, waxa hadhay oo dhan waa in la hubiyo oo la diyaariyo shahaadooyinka domain si loo rakibo, ka dibna iyaga la rakibo.
Haddii bixinta shahaadada domain si sax ah loo dhammeeyay, waa inaad haysataa saddex fayl oo shahaadooyin wata: laba ka mid ah waa silsilado shahaadooyin ah oo ka socda maamulkaaga shahaadada, midna waa shahaado toos ah domainka. Intaa waxaa dheer, waa inaad haysataa fayl leh furihii aad isticmaashay si aad u hesho shahaadada. Samee gal gaar ah /tmp/company.ru oo dhig dhammaan faylasha la heli karo oo wata furayaal iyo shahaadooyin halkaas. Natiijadu waa inay noqotaa sida soo socota:
ls /tmp/company.ru
company.ru.key
company.ru.crt
company.ru.root.crt
company.ru.intermediate.crtTaas ka dib, waxaan isku dari doonaa silsiladaha shahaadada hal fayl anagoo adeegsanayna amarka shirkadda bisadaha.ru.root.crt company.ru.intermediate.crt >> company.ru_ca.crt oo hubi in wax walba ay hagaagsan yihiin shahaadooyinka la isticmaalayo amarka /opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/company.ru/company.ru.key /tmp/company.ru/company.ru.crt /tmp/company.ru/company.ru_ca.crt. Ka dib markii la xaqiijiyo shahaadooyinka iyo furaha lagu guuleysto, waxaad bilaabi kartaa rakibidda.
Si aan u bilowno rakibaadda, waxaan marka hore isku dari doonaa shahaadada domainka iyo silsiladaha la aamini karo ee maamulka shahaado bixinta hal fayl. Tan waxa kale oo lagu samayn karaa iyadoo la isticmaalayo hal amar sida shirkadda bisadaha.ru.crt company.ru_ca.crt >> company.ru.bundle. Taas ka dib, waxaad u baahan tahay inaad socodsiiso amarka si aad u qorto dhammaan shahaadooyinka iyo furaha LDAP: /opt/zimbra/libexec/zmdomaicertmgr savecrt company.ru company.ru.bundle company.ru.keyka dibna ku rakib shahaadooyinka adoo isticmaalaya amarka /opt/zimbra/libexec/zmdomaicertmgr deploycrts. Ka dib markii la rakibo, shahaadooyinka iyo furaha domainka company.ru ayaa lagu kaydin doonaa faylka /opt/zimbra/conf/domaincerts/company.ru.
Ku celcelinta tillaabooyinkan adigoo isticmaalaya magacyo domain kala duwan laakiin isla cinwaanka IP-ga, waxaa suurtogal ah in lagu martigeliyo dhowr boqol oo goobood hal ciwaan IPv4 ah. Xaaladdan oo kale, waxaad isticmaali kartaa shahaadooyinka xarumaha kala duwan ee bixinta iyada oo aan wax dhibaato ah. Waxaad hubin kartaa saxnaanta dhammaan ficillada lagu sameeyo browser kasta, halkaas oo magac kasta oo martigeliyaha ah uu ku muujiyo shahaadada SSL-ka.
Dhammaan su'aalaha la xiriira Zextras Suite, waxaad kula xiriiri kartaa wakiilka Zextras Ekaterina Triandafilidi e-mail [emailka waa la ilaaliyay]
Source: www.habr.com