Navigation

Discover Zimbra’s new Storage Management and use Zimbra with Minio S3 (updated)

By on May 17, 2023 in Product News, Did You Know, PowerTips – Admins, Zimbra Server

In Zimbra we have overhauled the Storage Management and support for external storage providers such as Amazon S3, Ceph, NetApp StorageGrid and OpenIO have been added.

In this article you will learn how to install Minio as on premise S3 storage solution and how to set it up in Zimbra.

Installing Minio

On a dedicated virtual machine install Ubuntu 20 and install Minio using the following steps:

  1. Go to https://min.io/download#/linux and click the deb button:

image

Copy the first 2 lines and run them as root on your Ubuntu 20 Minio server:

wget https://dl.min.io/server/minio/release/linux-amd64/minio_20220813215444.0.0_amd64.deb
dpkg -i minio_20220813215444.0.0_amd64.deb

Next create the OS user, OS group and storage location for Minio:

groupadd -r minio-user
useradd -M -r -g minio-user minio-user
mkdir /media/data
chown minio-user:minio-user /media/data

Next create the configuration for Minio creating /etc/default/minio using nano:

nano /etc/default/minio

Add the following content to the /etc/default/minio file, and set the
admin password:

MINIO_VOLUMES="/media/data"
MINIO_OPTS="--console-address :9001"
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=set-a-password-here

You will have to configure a firewall and open port 9000 and 9001.
Example:

apt-get install -y netfilter-persistent iptables
systemctl stop iptables
systemctl disable iptables
systemctl mask iptables

systemctl stop ufw
systemctl disable ufw
systemctl mask ufw

iptables -P INPUT ACCEPT

iptables --flush
#block null packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
#block syn flood
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
#block XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

#accept all traffic on your loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#Allow Established and Related Incoming Connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

#Allow ports
iptables -A INPUT -p tcp -m tcp --dport 9000  -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 9001  -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

#enable ping
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Set policy defaults
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P INPUT DROP

#IPv6 closed for now
/usr/sbin/ip6tables -P OUTPUT ACCEPT
/usr/sbin/ip6tables -P FORWARD ACCEPT
/usr/sbin/ip6tables -P INPUT DROP

netfilter-persistent save

Instead of allowing port 9000 and 9001 for everyone, you can limit the access to Minio by restricting IP’s. Replace the lines with 9000 and 9001 from above example with:

iptables -A INPUT -p tcp -s IP-ADDRESS-OF-ZIMBRA-SERVER -m tcp --dport 9000  -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 -m tcp --dport 9001  -j ACCEPT

Port 9001 is used for the management interface, you can put your workstation IP or a trusted network. Port 9000 is where the actual S3 storage API works from, you can allow only Zimbra server IP’s to reach port 9000.

Finally start and enable Minio:

systemctl start minio
systemctl enable minio
systemctl status minio

Setting up S3 bucket in Minio

Open your browser and go to http://your-minio-server-ip:9001/login and enter the credentials you choose in the /etc/default/minio file:

image

Next navigate to Identity → User and click Create User.

image

Set a username and password, select the readwrite option and click Save.

image

Next go to Buckets→Create Bucket

image

Enter the name of the bucket and click Create Bucket.

image

Configuring S3 bucket on Zimbra

In the Zimbra Admin Console go to Configure → Server → Your Server and click Storage Management. And click the Add button.

image

Select Amazon S3 volume type and click next.

image

Select the volume type, enter a name and prefix and click the Create a new bucket button.

image

Enter the bucket details as you have set it up in Minio and click Test (the test button will be removed in a future version) and then Next.

image

Finally select the bucket configuration you just created from the dropdown and click Finish.

image

You can now use the S3 bucket from Minio as a Zimbra volume via the Assign Current Volume settings.
image

Gotchas

  • Currently self-signed certificates are not supported
  • It is suggested you configure the (storage) network between Zimbra and MinIO using vlans
  • Bucket configurations created via the Admin Console can only be modified via the CLI, refer to Admin Guide. You can remove buckets via Configure -> Global Settings -> Storage Management and then add them with the same steps as above.

Use S3 bucket as Secondary Message Volume for Hierarchical Storage Management (HSM)

You can use an S3 bucket and configure it as Secondary Message Volume, you can then enable Storage Management Policy to move old email/documents to the S3 bucket. This will free up space on your Primary Message Volume. If you use Amazon S3 the older data will likely not change much and will eventually be in a cheaper storage tier.

image

Further reading

This guide describes how to use Minio with a TLS certificate:
https://www.digitalocean.com/community/tutorials/how-to-set-up-minio-object-storage-server-in-standalone-mode-on-ubuntu-20-04

For more details, refer to Storage Management section in the Admin Guide.

8 Responses to Discover Zimbra’s new Storage Management and use Zimbra with Minio S3 (updated)

  1. João Diss May 17, 2023 at 11:13 AM #

    is possible creste a volume for archived emails?

    • Avatar photo
      Barry de Graaff May 19, 2023 at 12:01 AM #

      Hello João,

      Not directly, but you can use an S3 bucket and configure it as Secondary Message Volume, you can then enable Storage Management Policy to move old email/documents to the S3 bucket.

      If you also enable the Archiving feature, data in the archive account should eventually be moved into the S3 bucket as well.

  2. Yeak Nai Siew October 9, 2023 at 4:41 PM #

    About data recovery, if user deleted old mails that stored in external minio, will the data in external minio be deleted as well? If so, how to recover data if we backup only local primary store but not external? Minio has bucket versioning, AWS S3 also, is Zimbra integrated to use this mechanism to restore?

    • Avatar photo
      Barry de Graaff October 12, 2023 at 4:32 AM #

      Items deleted from Zimbra will be deleted from the S3 bucket as well. You would have to backup both your local and external storage if you want to recover deleted items.

  3. stephane Vangheluwe November 13, 2023 at 4:58 AM #

    I barry
    I suppose the granulary recover of a user is not permitted ?
    have yo a suggestion to do that ?

  4. Christian December 18, 2023 at 5:27 AM #

    Is it possible to use an S3 buckets to store the index ?

    • Avatar photo
      Barry de Graaff February 7, 2024 at 7:22 AM #

      yes

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures