In Zimbra we have overhauled the Storage Management and support for external storage providers such as Amazon S3, Ceph, NetApp StorageGrid and OpenIO have been added.
In this article you will learn how to install Minio as on premise S3 storage solution and how to set it up in Zimbra.
On a dedicated virtual machine install Ubuntu 20 and install Minio using the following steps:
- Go to https://min.io/download#/linux and click the deb button:
Copy the first 2 lines and run them as root on your Ubuntu 20 Minio server:
wget https://dl.min.io/server/minio/release/linux-amd64/minio_20220813215444.0.0_amd64.deb dpkg -i minio_20220813215444.0.0_amd64.deb
Next create the OS user, OS group and storage location for Minio:
groupadd -r minio-user useradd -M -r -g minio-user minio-user mkdir /media/data chown minio-user:minio-user /media/data
Next create the configuration for Minio creating
Add the following content to the
/etc/default/minio file, and set the
MINIO_VOLUMES="/media/data" MINIO_OPTS="--console-address :9001" MINIO_ROOT_USER=minioadmin MINIO_ROOT_PASSWORD=set-a-password-here
You will have to configure a firewall and open port 9000 and 9001.
apt-get install -y netfilter-persistent iptables systemctl stop iptables systemctl disable iptables systemctl mask iptables systemctl stop ufw systemctl disable ufw systemctl mask ufw iptables -P INPUT ACCEPT iptables --flush #block null packets iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #block syn flood iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #block XMAS packets iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #accept all traffic on your loopback interface iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #Allow Established and Related Incoming Connections iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT #Allow ports iptables -A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #enable ping iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT #Set policy defaults iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P INPUT DROP #IPv6 closed for now /usr/sbin/ip6tables -P OUTPUT ACCEPT /usr/sbin/ip6tables -P FORWARD ACCEPT /usr/sbin/ip6tables -P INPUT DROP netfilter-persistent save
Instead of allowing port 9000 and 9001 for everyone, you can limit the access to Minio by restricting IP’s. Replace the lines with 9000 and 9001 from above example with:
iptables -A INPUT -p tcp -s IP-ADDRESS-OF-ZIMBRA-SERVER -m tcp --dport 9000 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.0/24 -m tcp --dport 9001 -j ACCEPT
Port 9001 is used for the management interface, you can put your workstation IP or a trusted network. Port 9000 is where the actual S3 storage API works from, you can allow only Zimbra server IP’s to reach port 9000.
Finally start and enable Minio:
systemctl start minio systemctl enable minio systemctl status minio
Setting up S3 bucket in Minio
Open your browser and go to
http://your-minio-server-ip:9001/login and enter the credentials you choose in the
Next navigate to Identity → User and click Create User.
Set a username and password, select the readwrite option and click Save.
Next go to Buckets→Create Bucket
Enter the name of the bucket and click Create Bucket.
Configuring S3 bucket on Zimbra
In the Zimbra Admin Console go to Configure → Server → Your Server and click Storage Management. And click the Add button.
Select Amazon S3 volume type and click next.
Select the volume type, enter a name and prefix and click the Create a new bucket button.
Enter the bucket details as you have set it up in Minio and click Test (the test button will be removed in a future version) and then Next.
Finally select the bucket configuration you just created from the dropdown and click Finish.
You can now use the S3 bucket from Minio as a Zimbra volume via the Assign Current Volume settings.
- Currently self-signed certificates are not supported
- It is suggested you configure the (storage) network between Zimbra and MinIO using vlans
- Bucket configurations created via the Admin Console can only be modified via the CLI, refer to Admin Guide. You can remove buckets via Configure -> Global Settings -> Storage Management and then add them with the same steps as above.
Use S3 bucket as Secondary Message Volume for Hierarchical Storage Management (HSM)
You can use an S3 bucket and configure it as Secondary Message Volume, you can then enable Storage Management Policy to move old email/documents to the S3 bucket. This will free up space on your Primary Message Volume. If you use Amazon S3 the older data will likely not change much and will eventually be in a cheaper storage tier.
This guide describes how to use Minio with a TLS certificate:
For more details, refer to Storage Management section in the Admin Guide.