The Benno Mail Archive Wiki

User tools

Website tools

You are here: Benno Mail Archive » storage » Amazon S3 AWS Storage Backend
Last viewed: Amazon S3 AWS Storage Backend
storage:s3

This is an old version of the document!

Table of contents

Amazon S3 AWS Storage Backend

Amazon AWS bzw. der Amazon S3 Storage kann (ebenso wie S3-kompatible Storagesysteme) zur Ablage der archivierten E-Mails verwendet werden.


Legal information on GoBD-compliant archiving and S3 storage solutions

If emails are to be archived in compliance with German law (especially the German Principles for the Proper Keeping and Use of Books, Records and Documents in Electronic Form and for Data Access, etc.), the use of Amazon S3 AWS as an external cloud storage technology (i.e., storing the archived emails in Amazon AWS) involves legal aspects that must be clarified and contractually agreed upon with Amazon. In particular, the physical storage location of the archived emails must be contractually agreed upon with Amazon, as GoBD-compliant archiving is only possible if the stored emails are kept within the territory of the Federal Republic of Germany. Any use outside this area should not be pursued without the express permission of the tax authorities or the responsible tax office.

This also applies, of course, to S3-compatible storage solutions used with other cloud service providers. The same applies to in-house storage solutions with an S3 interface, provided they are used outside the company's own cloud environment.

The aforementioned legal notices do not constitute legal advice. They serve only as general information. We assume no liability for the accuracy or completeness of the information. All liability is excluded.


Installation and setup of the Benno MailArchiv S3 Storage backend

Um die E-Mails des Repos in S3 zu speichern wird das Paket benno-storage-s3 benötigt. 

apt install benno-storage-s3

configuration

The configuration is entered in the configuration file /etc/benno/benno.xml . 

<simplecontainer>
  <identifier>Mandant1</identifier>
  <conditions>
    <or>
      <domain sender="true" recipient="true" from="true" to="true" cc="true">mandant1.de</domain>
      <domain sender="true" recipient="true" from="true" to="true" cc="true">mandant1.com</domain>
    </or>
  </conditions>
  <luceneindex version="LUCENE_36">
    <directory>/srv/benno/mandant1/index</directory>
  </luceneindex>
  <boxgenerator rotation="YEARLY">
    <directory>/srv/benno/mandant1/repo</directory>
    <boxtemplate>
      <compression>gzip</compression>
      <journal rotation="MONTHLY"/>
      <storage driver="s3">
        <identifier>Bucket1</identifier>
        <region>eu-central-1</region><!-- AWS -->
        <!-- <endpoint>https://gos3.io</endpoint>  Endpoint-Konfiguration -->
        <authentication>
          <authKeyId>YOUR_S3_AUTH_KEY_ID</authKeyId>
          <authKey>YOUR_S3_AUTH_KEY</authKey>
        </authentication>
      </storage>
    </boxtemplate>
  </boxgenerator>
</simplecontainer>


Identifier

Container or client

The container is addressed via its container identifier during the search. This should be a descriptive name for the client. 

<simplecontainer>
  <identifier>Mandant1</identifier>

Address filter

Im Tag <conditions /> unterhalb von <simplecontainer /> wird festgelegt, welche Sender- und Empfängeradressen der E-Mails in diesem Container gespeichert werden. 

<simplecontainer>
  <conditions>
    <or>
      <domain sender="true" recipient="true" from="true" to="true" cc="true">mandant1.de</domain>
      <domain sender="true" recipient="true" from="true" to="true" cc="true">mandant1.com</domain>
    </or>
  </conditions>

Index Directory

<simplecontainer>
  <luceneindex version="LUCENE_36">
    <directory>/srv/benno/mandant1/index</directory>
  </luceneindex>

The search index must be stored in the Benno MailArchiv server's file system (i.e., it is not stored in S3 storage). The path to the index is defined here. The directory is created automatically when the archiving daemon starts.

Storage backend metadata

Die Metadaten des Repos (u.a. das Journal über die archivierten E-Mails) werden im Filesystem gespeichert. Der hier angegebene Pfad muss für jeden Container unterschiedlich sein. Dieser Pfad ist gleichzeitig das Prefix bei der Speicherung in S3.

Dieser Pfad wird im <directory />-Tag innerhalb vom <boxgenerator /> konfiguriert. 

<boxgenerator rotation="YEARLY">
  <directory>/srv/benno/mandant1/repo</directory>

S3 Storage Backend

Die Konfiguration des S3-Storage-Backends kann wahlweise per „AWS Region“ erfolgen (bei Amazon AWS S3 Storage) oder alternativ über eine „Endpoint URL“.

AWS Region

AWS Storage is configured via the "Access Key Id" (<authKey /> ) and “Secret Access Key” (<authKey /> ) and the region (<region /> ). 

<storage driver="s3">
  <identifier>Bucket1</identifier>
  <region>eu-central-1</region>
  <authentication>
    <authKeyId>YOUR_S3_AUTH_KEY_ID</authKeyId>
    <authKey>YOUR_S3_AUTH_KEY</authKey>
  </authentication>
</storage>

Endpoint URL

Der Zugriff auf Buckets in einem S3-kompatiblen Storage kann per Endpoint-URL () konfiguriert werden. 

<storage driver="s3">
  <identifier>Bucket1</identifier>
  <endpoint>https://gos3.io</endpoint>
  <authentication>
    <authKeyId>YOUR_S3_AUTH_KEY_ID</authKeyId>
    <authKey>YOUR_S3_AUTH_KEY</authKey>
  </authentication>
</storage>

Bucket ID

Der Identifier unterhalb von <storage /> legt fest, in welchem Bucket die Objekte gespeichert werden. Die Bucket-Id kann dabei mehrfach vergeben werden.

Within the bucket, objects are stored with a prefix .

If no bucket with this name exists, one will be created. 

<storage driver="s3">
  <identifier>Bucket1</identifier>
storage/s3.1531466314.txt.gz · Zuletzt geändert: 2018/07/13 07:18 von lwsystems

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki