DOC-427 (#118)

AnneLaure1307 · web-flow · commit 9650e4bed7b9 · 2026-03-17T15:36:22.000+01:00
* Added SeaweedFS

* Replaced MinIO example with SeaweedFS example

* Removed one minio reference

* Added S3 client information

* Modified the admonition block

* Updated admonition block

* Adjusted scripts for SeaweedFS
diff --git a/docs/includes/hot-backup-file-storage-minio.md b/docs/includes/hot-backup-file-storage-minio.md
diff --git a/docs/includes/hot-backup-file-storage-seaweedfs.md b/docs/includes/hot-backup-file-storage-seaweedfs.md
@@ -0,0 +1,29 @@
+```bash
+#!/bin/bash
+
+# TheHive attachment variables
+SEAWEEDFS_ARCHIVE_PATH=/mnt/backup/seaweedfs/
+
+# SeaweedFS variables
+SEAWEEDFS_BUCKET="thehive"
+SEAWEEDFS_ALIAS=th_seaweedfs
+SEAWEEDFS_SNAPSHOT_NAME="seaweedfs_$(date +%Y%m%d_%Hh%Mm%Ss)"
+
+# Check if SeaweedFS is accessible
+if ! mcli ls ${SEAWEEDFS_ALIAS} > /dev/null 2>&1; then
+    echo "Error: Cannot connect to SeaweedFS server"
+    exit 1
+fi
+
+# Mirror SeaweedFS bucket content to local backup folder
+mcli mirror ${SEAWEEDFS_ALIAS}/${SEAWEEDFS_BUCKET} ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_SNAPSHOT_NAME}
+
+tar cvf ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_SNAPSHOT_NAME}.tar -C "${SEAWEEDFS_ARCHIVE_PATH}" ${SEAWEEDFS_SNAPSHOT_NAME} 
+
+# Display the location of the backup
+echo ""
+echo "TheHive attachment files backup done! Keep the following backup archive safe:"
+echo "${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_SNAPSHOT_NAME}.tar"
+
+rm -rf ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_SNAPSHOT_NAME}
+```
diff --git a/docs/includes/hot-restore-file-storage-minio.md b/docs/includes/hot-restore-file-storage-minio.md
diff --git a/docs/includes/hot-restore-file-storage-seaweedfs.md b/docs/includes/hot-restore-file-storage-seaweedfs.md
@@ -0,0 +1,47 @@
+```bash
+#!/bin/bash
+
+# TheHive attachment variables
+SEAWEEDFS_ARCHIVE_PATH=/mnt/backup/seaweedfs/
+
+# SeaweedFS variables
+SEAWEEDFS_BUCKET="thehive"
+SEAWEEDFS_ALIAS=th_seaweedfs
+
+# Check if SeaweedFS is accessible
+if ! mcli ls ${SEAWEEDFS_ALIAS} > /dev/null 2>&1; then
+    echo "Error: Cannot connect to SeaweedFS server"
+    exit 1
+fi
+
+# Look for the latest backup snapshot in SeaweedFS
+SEAWEEDFS_BACKUP_LIST=(${SEAWEEDFS_ARCHIVE_PATH}/seaweedfs_????????_??h??m??s.tar)
+SEAWEEDFS_LATEST_BACKUP_NAME=$(basename ${SEAWEEDFS_BACKUP_LIST[-1]})
+if [ -z "${SEAWEEDFS_LATEST_BACKUP_NAME}" ]; then
+    echo "Error: No backup snapshots found in ${SEAWEEDFS_ARCHIVE_PATH}"
+    exit 1
+fi
+
+echo "Latest attachment files backup snapshot found is ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME}"
+
+tar xvf "${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME}" -C ${SEAWEEDFS_ARCHIVE_PATH} > /dev/null
+
+if [ ! -d "${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME%.tar}" ]; then
+    echo "Error: Extracted folder not found"
+    exit 1
+fi
+
+echo "Latest SeaweedFS backup archive extracted in ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME%.tar}"
+
+# Restore attachments from SeaweedFS
+echo "Restoring attachments from SeaweedFS snapshot ${SEAWEEDFS_LATEST_BACKUP_NAME}..."
+mcli mirror ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME%.tar} ${SEAWEEDFS_ALIAS}/${SEAWEEDFS_BUCKET}/
+
+# Clean up extracted folder
+rm -rf "${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME%.tar}"
+
+# Display completion message
+echo ""
+echo "Attachment files data restoration done!"
+echo "Restored from: ${SEAWEEDFS_ARCHIVE_PATH}/${SEAWEEDFS_LATEST_BACKUP_NAME}"
+```
diff --git a/docs/includes/s3-client-required.md b/docs/includes/s3-client-required.md
@@ -0,0 +1,2 @@
+!!! warning "Required S3 client"
+    You need an S3-compatible client to sync or mirror the bucket locally. The example uses `mc`. [Install it](https://github.com/minio/mc){target=_blank} before continuing. If you prefer another tool, adapt the commands accordingly.
diff --git a/docs/thehive/installation/deploying-a-cluster.md b/docs/thehive/installation/deploying-a-cluster.md
@@ -418,16 +418,9 @@ To set up shared file storage for TheHive in a clustered environment, several op
 
 === "S3-compatible object storage"
 
-    TheHive can store files in object storage that implements the Amazon S3 API. This includes [Amazon S3](https://aws.amazon.com/s3/){target=_blank} itself, as well as many S3-compatible services, whether managed or self-hosted.
+    TheHive can store files in object storage that implements the Amazon S3 API. This includes [Amazon S3](https://aws.amazon.com/s3/){target=_blank} itself, as well as many S3-compatible services, whether managed by a cloud provider or self-hosted.
 
-    Commonly used S3-compatible options include:
-
-    * [Cloudflare R2](https://developers.cloudflare.com/r2/){target=_blank}
-    * [DigitalOcean Spaces](https://www.digitalocean.com/products/spaces){target=_blank}
-    * [Wasabi](https://wasabi.com/){target=_blank}
-    * [Backblaze B2](https://www.backblaze.com/cloud-storage){target=_blank}
-    * [MinIO](https://www.min.io/){target=_blank}
-    * [Ceph Object Gateway](https://docs.ceph.com/en/reef/radosgw/){target=_blank}
+    Several object storage solutions are compatible with TheHive. For example, the [SeaweedFS](https://github.com/seaweedfs/seaweedfs){target=_blank} S3-compatible storage system has been tested and works well with TheHive. You can also use object storage provided by your cloud provider or any other service implementing the S3 API.
 
     !!! note "Endpoint and availability"
         From TheHive perspective, you configure a single S3 endpoint. If you self-host object storage, ensure the endpoint is highly available, for example via the storage platform itself or a correctly configured load balancer.
@@ -578,7 +571,7 @@ File storage contains [attachments](../user-guides/analyst-corner/cases/attachme
     * An existing bucket
     * An access key and secret key (or equivalent credentials for your storage service)
     * The S3-compatible endpoint URL
-    * The region configured for your S3 service (if applicable)
+    * The region configured for your S3 service (if it doesn't define one, use `us-east-1`)
 
     To enable S3 file storage in a TheHive cluster, configure the storage section in `/etc/thehive/application.conf` on each TheHive node, using the same bucket and endpoint settings.
 
@@ -603,8 +596,8 @@ File storage contains [attachments](../user-guides/analyst-corner/cases/attachme
             }
         ```
 
-    !!! note "Access style and endpoint"
-        Some S3-compatible providers require path-style access, while others support or prefer virtual-hosted style. If you encounter addressing issues, adjust `access-style` accordingly.
+    !!! note "Access style"
+        Some S3-compatible providers require path-style access, while others support or prefer virtual-hosted style. SeaweedFS requires path-style access when used with TheHive.
 
     !!! note "High availability"
         Managed services expose a single highly available endpoint. For self-hosted S3-compatible platforms, ensure your endpoint is highly available, for example via the storage platform itself or a properly configured load balancer.
diff --git a/docs/thehive/operations/backup-restore/backup/hot-backup/hot-backup-cluster.md b/docs/thehive/operations/backup-restore/backup/hot-backup/hot-backup-cluster.md
@@ -2,7 +2,7 @@
 
 In this tutorial, we're going to guide you through performing a hot backup of TheHive on a cluster using the provided scripts.
 
-By the end, you'll have created complete backups of your database and search index across all three nodes, plus your file storage
+By the end, you'll have created complete backups of your database and search index across all three nodes, plus your file storage.
 
 Hot backups let you protect your data while keeping TheHive running, which means zero downtime for your security operations team.
 
@@ -212,7 +212,7 @@ For more details about snapshot management, refer to the official [Cassandra doc
 
 Finally, we're going to back up TheHive file storage, which contains all the attachments and files.
 
-The backup procedure depends on your storage backend—either NFS or an S3-compatible object storage service. The script below uses MinIO as an example, but you can adapt the same approach to any S3-compatible implementation.
+The backup procedure depends on your storage backend—either NFS or an S3-compatible object storage service. The script below uses SeaweedFS as an example, but you can adapt the same approach to any S3-compatible implementation.
 
 === "NFS"
 
@@ -226,31 +226,33 @@ The backup procedure depends on your storage backend—either NFS or an S3-compa
 
     After running the script, the backup archive is available at `/mnt/backup/storage`. Be sure to copy this archive to a separate server or storage location to safeguard against data loss if the TheHive server fails.
 
-=== "S3-compatible object storage (MinIO example)"
+=== "S3-compatible object storage (SeaweedFS example)"
+
+    {% include-markdown "includes/s3-client-required.md" %}
 
     ### 1. Prepare the backup script
 
     Before running the script, you'll need to update several values to match your environment:
 
-    * Update `MINIO_ENDPOINT` with your MinIO server URL.
-    * Update `MINIO_ACCESS_KEY` with your MinIO access key.
-    * Update `MINIO_SECRET_KEY` with your MinIO secret key.
-    * Change `MINIO_BUCKET` if you want to use a different bucket name.
-    * Change `MINIO_ALIAS` if you want to use a different alias name.
+    * Update `SEAWEEDFS_ENDPOINT` with your SeaweedFS server URL.
+    * Update `SEAWEEDFS_ACCESS_KEY` with your SeaweedFS access key.
+    * Update `SEAWEEDFS_SECRET_KEY` with your SeaweedFS secret key.
+    * Change `SEAWEEDFS_BUCKET` if you want to use a different bucket name.
+    * Change `SEAWEEDFS_ALIAS` if you want to use a different alias name.
 
-    ### 2. Configure the MinIO alias
+    ### 2. Configure the SeaweedFS alias
 
-    Run this command once to configure the MinIO alias using the same values you defined in the script:
+    Run this command once to configure the SeaweedFS alias using the same values you defined in the script:
     
     ```bash
-    mcli alias set <minio_alias> <minio_endpoint> <minio_access_key> <minio_secret_key>
+    mcli alias set <th_seaweedfs> <seaweedfs_endpoint> <seaweedfs_access_key> <seaweedfs_secret_key>
     ```
 
     ### 3. Run the backup script
 
-    {% include-markdown "includes/hot-backup-file-storage-minio.md" %}
+    {% include-markdown "includes/hot-backup-file-storage-seaweedfs.md" %}
 
-    After running the script, the backup archive is available at `/mnt/backup/minio`. Be sure to copy this archive to a separate server or storage location to safeguard against data loss if the TheHive server fails.
+    After running the script, the backup archive is available at `/mnt/backup/seaweedfs`. Be sure to copy this archive to a separate server or storage location to safeguard against data loss if the TheHive server fails.
 
 You've completed the hot backup process for your TheHive cluster. We recommend verifying your backup archives are complete and accessible before relying on them for recovery.
 
diff --git a/docs/thehive/operations/backup-restore/restore/hot-restore/restore-hot-backup-cluster.md b/docs/thehive/operations/backup-restore/restore/hot-restore/restore-hot-backup-cluster.md
@@ -66,7 +66,7 @@ For additional details, refer to the official [Cassandra documentation](https://
 
 Finally, we're going to restore the file attachments that were backed up.
 
-The restore procedure depends on your storage backend—either NFS or an S3-compatible object storage service. The script below uses MinIO as an example, but you can adapt the same approach to any S3-compatible implementation.
+The restore procedure depends on your storage backend—either NFS or an S3-compatible object storage service. The script below uses SeaweedFS as an example, but you can adapt the same approach to any S3-compatible implementation.
 
 === "NFS"
 
@@ -78,21 +78,23 @@ The restore procedure depends on your storage backend—either NFS or an S3-comp
 
     {% include-markdown "includes/hot-restore-file-storage-local-nfs.md" %}
 
-=== "S3-compatible object storage (MinIO example)"
+=== "S3-compatible object storage (SeaweedFS example)"
+
+    {% include-markdown "includes/s3-client-required.md" %}
 
     ### 1. Prepare the restore script
 
     Before running the script, you'll need to update several values to match your environment:
 
-    * Update `MINIO_ENDPOINT` with your MinIO server URL.
-    * Update `MINIO_ACCESS_KEY` with your MinIO access key.
-    * Update `MINIO_SECRET_KEY` with your MinIO secret key.
-    * Change `MINIO_BUCKET` if you want to use a different bucket name.
-    * Change `MINIO_ALIAS` if you want to use a different alias name.
+    * Update `SEAWEEDFS_ENDPOINT` with your SeaweedFS server URL.
+    * Update `SEAWEEDFS_ACCESS_KEY` with your SeaweedFS access key.
+    * Update `SEAWEEDFS_SECRET_KEY` with your SeaweedFS secret key.
+    * Change `SEAWEEDFS_BUCKET` if you want to use a different bucket name.
+    * Change `SEAWEEDFS_ALIAS` if you want to use a different alias name.
 
     ### 2. Run the restore script
 
-    {% include-markdown "includes/hot-restore-file-storage-minio.md" %}
+    {% include-markdown "includes/hot-restore-file-storage-seaweedfs.md" %}
 
 ## Step 4: Start TheHive on all nodes and verify
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+!!! warning "Required S3 client"`
	`2`	+ You need an S3-compatible client to sync or mirror the bucket locally. The example uses `mc`. [Install it](https://github.com/minio/mc){target=_blank} before continuing. If you prefer another tool, adapt the commands accordingly.