Omunye wemisebenzi esemqoka lapho kwakhiwa ingqalasizinda ye-Zimbra OSE enkulukazi ukulinganisa ukulayisha okufanele. Ngaphezu kokuthi kwandisa ukubekezelelana kwephutha kwesevisi, ngaphandle kokulinganisa umthwalo akunakwenzeka ukuqinisekisa ukusabela okufanayo kwesevisi kubo bonke abasebenzisi. Ukuze kuxazululwe le nkinga, kusetshenziswa izilinganisi zomthwalo - izixazululo zesofthiwe ne-hardware esabalalisa kabusha izicelo phakathi kwamaseva. Phakathi kwazo kukhona ezakudala impela, njenge-RoundRobin, evele ithumele isicelo ngasinye esilandelayo kuseva elandelayo ohlwini, futhi kukhona nezithuthuke kakhulu, ngokwesibonelo, i-HAProxy, esetshenziswa kabanzi kwingqalasizinda yekhompyutha elayisha kakhulu ngenxa ye- inani lezinzuzo ezibalulekile. Ake sibheke ukuthi ungayenza kanjani i-HAProxy load balancer ne-Zimbra OSE zisebenze ndawonye.
Ngakho-ke, ngokwemibandela yomsebenzi, sinikezwa ingqalasizinda ye-Zimbra OSE, ene-Zimbra Proxy ezimbili, amaseva amabili e-LDAP kanye ne-LDAP Replica, isitoreji semeyili esinebhokisi leposi eliyi-1000 ngalinye kanye nama-MTA amathathu. Njengoba sibhekene neseva yemeyili, izothola izinhlobo ezintathu zethrafikhi ezidinga ukulinganisa: I-HTTP yokulanda iklayenti lewebhu, kanye ne-POP ne-SMTP yokuthumela i-imeyili. Kulokhu, ithrafikhi ye-HTTP izoya kumaseva e-Zimbra Proxy anamakheli e-IP 192.168.0.57 kanye ne-192.168.0.58, futhi ithrafikhi ye-SMTP izoya kumaseva e-MTA namakheli e-IP 192.168.0.77 kanye ne-192.168.0.78.
Njengoba sekushiwo, ukuze siqinisekise ukuthi izicelo zisatshalaliswa ngokulinganayo phakathi kwamaseva, sizosebenzisa i-HAProxy load balancer, ezosebenza endaweni yengqalasizinda yeZimbra esebenzisa Ubuntu 18.04. Ukufaka i-haproxy kulolu hlelo lokusebenza kwenziwa kusetshenziswa umyalo sudo apt-get ukufaka i-haproxy. Ngemva kwalokhu udinga kufayela /etc/default/haproxy shintsha ipharamitha KUNIKA AMANDLA=0 on KUNIKA AMANDLA=1. Manje, ukuze uqiniseke ukuthi i-haproxy iyasebenza, vele ufake umyalo i-haproxy yesevisi. Uma le sevisi isebenza, lokhu kuzocaca ekuphumeni komyalo.
Enye yezinto ezimbi eziyinhloko ze-HAProxy ukuthi ngokuzenzakalelayo ayidlulisi ikheli le-IP leklayenti elixhumayo, lifake esikhundleni salo. Lokhu kungaholela ezimeni lapho ama-imeyili athunyelwe abahlaseli engakwazi ukukhonjwa ngekheli lasesizindeni se-inthanethi ukuze awengeze ohlwini lwabavinjelwe. Nokho, lolu daba lungaxazululeka. Ukuze wenze lokhu udinga ukuhlela ifayela /opt/zimbra/common/conf/master.cf.in kumaseva ane-Postfix bese wengeza imigqa elandelayo kuyo:
26 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
466 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
588 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjustNgenxa yalokhu, sizovula amachweba 26, 466 kanye ne-588, azothola ithrafikhi engenayo evela ku-HAProxy. Ngemva kokuthi amafayela alondoloziwe, kufanele uqale kabusha i-Postfix kuwo wonke amaseva usebenzisa umyalo wokuqalisa kabusha i-zmmtactl.
Ngemuva kwalokho, ake siqale ukusetha i-HAProxy. Ukwenza lokhu, qala wenze ikhophi eyisipele yefayela lezilungiselelo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. Bese uvula ifayela elingumthombo kusihleli sombhalo /etc/haproxy/haproxy.cfg bese uqala ukwengeza izilungiselelo ezidingekayo kuyo isinyathelo ngesinyathelo. Ibhulokhi yokuqala izobe ingeza iseva ethatha amalogi, ibeka inombolo enkulu evunyelwe yokuxhumeka ngesikhathi esisodwa, kanye nokucacisa igama neqembu lomsebenzisi okuzoba ngelalo inqubo yokwenza.
global
user daemon
group daemon
daemon
log 127.0.0.1 daemon
maxconn 5000
chroot /var/lib/haproxyIsibalo se-5000 sokuxhumana ngesikhathi esisodwa sivele ngesizathu. Njengoba sinamabhokisi eposi angu-4000 kungqalasizinda yethu, sidinga ukucabangela ukuthi kungenzeka bonke bafinyelele i-imeyili yabo yomsebenzi ngesikhathi esisodwa. Ngaphezu kwalokho, kuyadingeka ukushiya indawo encane uma kwenzeka inani labo likhuphuka.
Manje ake sengeze ibhulokhi enezilungiselelo ezizenzakalelayo:
defaults
timeout client 1m
log global
mode tcp
timeout server 1m
timeout connect 5sLeli bhulokhi libeka isikhathi esiphezulu sokuvala ukuze iklayenti neseva ivale uxhumano lapho kuphelelwa yisikhathi, futhi ibeka imodi yokusebenza ye-HAProxy. Esimweni sethu, ibhalansi yomthwalo isebenza kumodi ye-TCP, okungukuthi, ivele idlulisele amaphakethe we-TCP ngaphandle kokuhlaziya okuqukethwe kwawo.
Okulandelayo sizokwengeza imithetho yokuxhumeka kumachweba ahlukahlukene. Isibonelo, uma i-port 25 isetshenziselwa ukuxhumeka kwe-SMTP nemeyili, khona-ke kunengqondo ukudlulisela ukuxhumana kuyo kuma-MTA atholakala kungqalasizinda yethu. Uma uxhumano kuku-port 80, khona-ke lesi isicelo se-http esidinga ukudluliselwa ku-Zimbra Proxy.
Umthetho we-port 25:
frontend smtp-25
bind *:27
default_backend backend-smtp-25
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxyUmthetho we-port 465:
frontend smtp-465
bind *:467
default_backend backend-smtp-465
backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxyUmthetho we-port 587:
frontend smtp-587
bind *:589
default_backend backend-smtp-587
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxyUmthetho we-port 80:
frontend http-80
bind *:80
default_backend http-80
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 checkUmthetho we-port 443:
frontend https
bind *:443
default_backend https-443
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 checkSicela uqaphele ukuthi emithethweni yokudlulisela amaphakethe e-TCP ku-MTA, eduze kwamakheli abo kukhona ipharamitha. thumela ummeleli. Lokhu kuyadingeka ukuze, ngokuvumelana nezinguquko esizenze ngaphambili kuzilungiselelo ze-Postfix, ikheli le-IP langempela lomthumeli walo lithunyelwe kanye namaphakethe e-TCP.
Manje njengoba zonke izinguquko ezidingekayo zenziwe ku-HAProxy, ungaqala kabusha isevisi usebenzisa umyalo isevisi ye-haproxy iqala kabusha bese uqala ukuyisebenzisa.
Kuyo yonke imibuzo ehlobene ne-Zextras Suite, ungathinta Ummeleli we-Zextras Ekaterina Triandafilidi nge-imeyili [i-imeyili ivikelwe]
Source: www.habr.com