E 'ngoe ea mesebetsi ea mantlha ha ho etsoa lisebelisuoa tse kholo tsa Zimbra OSE ke ho leka-lekanya mojaro o nepahetseng. Ho phaella tabeng ea hore e eketsa mamello ea phoso ea ts'ebeletso, ntle le ho leka-lekanya mojaro ho ke ke ha khoneha ho netefatsa karabelo e tšoanang ea tšebeletso bakeng sa basebelisi bohle. E le ho rarolla bothata bona, ho sebelisoa li-balancers tsa mojaro - litharollo tsa software le hardware tse arolelanang likopo pakeng tsa li-server. Har'a bona ho na le tsa khale haholo, joalo ka RoundRobin, e romellang kopo e 'ngoe le e' ngoe ho seva se latelang lethathamong, hape ho na le tse tsoetseng pele haholo, mohlala, HAProxy, e sebelisoang haholo meahong ea likhomphutha tse ngata ka lebaka la palo ea melemo ea bohlokoa. Ha re shebeng hore na u ka etsa hore tekanyo ea mojaro oa HAProxy le Zimbra OSE li sebetse hammoho joang.
Kahoo, ho ea ka lipehelo tsa mosebetsi, re fuoa meralo ea motheo ea Zimbra OSE, e nang le Li-Proxy tse peli tsa Zimbra, li-server tse peli tsa LDAP le LDAP Replica, polokelo ea mangolo e mene e nang le mabokose a poso a 1000 le li-MTA tse tharo. Ka lebaka la hore re sebetsana le seva sa poso, se tla fumana mefuta e meraro ea sephethephethe se hlokang ho leka-lekana: HTTP bakeng sa ho khoasolla moreki oa marang-rang, hammoho le POP le SMTP bakeng sa ho romella lengolo-tsoibila. Tabeng ena, sephethephethe sa HTTP se tla ea ho li-server tsa Zimbra Proxy tse nang le liaterese tsa IP 192.168.0.57 le 192.168.0.58, 'me sephethephethe sa SMTP se tla ea ho li-server tsa MTA tse nang le liaterese tsa IP 192.168.0.77 le 192.168.0.78.
Joalokaha ho se ho boletsoe, ho netefatsa hore likopo li ajoa ka ho lekana pakeng tsa li-server, re tla sebelisa HAProxy load balancer, e tla sebetsa ho Zimbra Ingress Ingress Node e tsamaisang Ubuntu 18.04. Ho kenya haproxy tsamaisong ena ea ts'ebetso ho etsoa ho sebelisa taelo sudo apt-fumana kenya haproxy. Ka mor'a moo, o hloka ho kenya file /etc/default/haproxy fetola parameter MATLAFATSO=0 mabapi le MATLAFATSO=1. Hona joale, ho etsa bonnete ba hore haproxy ea sebetsa, kenya feela taelo tšebeletso haproxy. Haeba tšebeletso ena e ntse e sebetsa, sena se tla hlaka ho tsoa ho tlhahiso ea taelo.
E 'ngoe ea likotsi tse ka sehloohong tsa HAProxy ke hore ka nako e sa lekanyetsoang ha e fetise aterese ea IP ea mofani oa ho kopanya, ho e nkela sebaka sa eona. Sena se ka lebisa maemong ao li-imeile tse rometsoeng ke bahlaseli li ke keng tsa tsejoa ka aterese ea IP e le hore li e kenye lethathamong le letšo. Leha ho le joalo, taba ena e ka rarolloa. Ho etsa sena o hloka ho hlophisa file /opt/zimbra/common/conf/master.cf.in ho li-server tse nang le Postfix 'me u kenye mela e latelang ho eona:
26 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
466 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
588 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjustKa lebaka la sena, re tla bula likou tsa 26, 466 le 588, tse tla amohela sephethephethe se tsoang ho HAProxy. Ka mor'a hore lifaele li bolokoe, u lokela ho qala Postfix hape ho li-server tsohle u sebelisa taelo ea zmmtactl restart.
Kamora moo, a re qaleng ho theha HAProxy. Ho etsa sena, qala ka ho etsa kopi ea "backup" ea faele ea litlhophiso cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. Ebe u bula faele ea mohloli ho mohlophisi oa mongolo /etc/haproxy/haproxy.cfg 'me u qale ho eketsa litlhophiso tse hlokahalang ho eona mohato ka mohato. Sebaka sa pele se tla be se eketsa seva se nkang li-log, ho beha palo e phahameng ka ho fetisisa e lumelletsoeng ea likhokahano tsa nako e le 'ngoe, hammoho le ho hlalosa lebitso le sehlopha sa mosebedisi seo mokhoa oa ho phethahatsa o tla ba oa sona.
global
user daemon
group daemon
daemon
log 127.0.0.1 daemon
maxconn 5000
chroot /var/lib/haproxyPalo ea likhokahano tse 5000 4000 ka nako e le 'ngoe e hlahile ka lebaka. Kaha re na le mabokose a poso a XNUMX lits'ebetsong tsa rona, re hloka ho nahana ka monyetla oa hore kaofela ba tla fumana lengolo-tsoibila la bona la mosebetsi ka nako e le 'ngoe. Ho phaella moo, hoa hlokahala ho tlohela sebaka se senyenyane sa polokelo haeba palo ea bona e eketseha.
Joale ha re kenyeng block ka li-setting tsa kamehla:
defaults
timeout client 1m
log global
mode tcp
timeout server 1m
timeout connect 5sSebaka sena se beha nako e ngata ea nako bakeng sa mofani le seva ho koala khokahanyo ha e fela, hape e beha mokhoa oa ho sebetsa oa HAProxy. Tabeng ea rona, tekanyo ea mojaro e sebetsa ka mokhoa oa TCP, ke hore, e fetisetsa lipakete tsa TCP ntle le ho hlahloba litaba tsa tsona.
Ka mor'a moo re tla eketsa melao bakeng sa likhokahano likoung tse fapaneng. Mohlala, haeba port 25 e sebelisoa bakeng sa likhokahano tsa SMTP le mangolo, hoa utloahala ho fetisetsa likhokahano ho eona ho li-MTA tse fumanehang lits'ebetsong tsa rona. Haeba khokahanyo e le ho port 80, joale ena ke kopo ea http e hlokang ho fetisetsoa ho Zimbra Proxy.
Molao oa boema-kepe 25:
frontend smtp-25
bind *:27
default_backend backend-smtp-25
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxyMolao oa boema-kepe 465:
frontend smtp-465
bind *:467
default_backend backend-smtp-465
backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxyMolao oa boema-kepe 587:
frontend smtp-587
bind *:589
default_backend backend-smtp-587
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxyMolao oa boema-kepe 80:
frontend http-80
bind *:80
default_backend http-80
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 checkMolao oa boema-kepe 443:
frontend https
bind *:443
default_backend https-443
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 checkKa kopo hlokomela hore melaong ea ho fetisetsa lipakete tsa TCP ho MTA, haufi le liaterese tsa bona ho na le parameter. romela-moemedi. Sena sea hlokahala e le hore, ho ea ka liphetoho tseo re li entseng pejana ho litlhophiso tsa Postfix, aterese ea pele ea IP ea moromeli oa eona e rometsoe hammoho le lipakete tsa TCP.
Kaha joale liphetoho tsohle tse hlokahalang li entsoe ho HAProxy, u ka qala tšebeletso hape u sebelisa taelo service haproxy restart ebe o qala ho e sebelisa.
Bakeng sa lipotso tsohle tse amanang le Zextras Suite, o ka ikopanya le Moemeli oa Zextras Ekaterina Triandafilidi ka imeile [imeile e sirelelitsoe]
Source: www.habr.com