Could not find file in the store located at url: //s3-bucket/prefix/file.jpeg

I am currently in progress of setting up the official Docker image on AWS ECS.
While running on EC2 the docker image works perfectly fine.

However after starting it on ECS with the same configuration, I end up with broken avatar images.

Related errors:

Could not find file in the store located at url: //


Failed to process hijacked response correctly : FinalDestination::SSRFDetector::LookupFailedError : FinalDestination: lookup failed

The file is in the bucket and the access rights are the same as for the EC2 instance.

Can somebody please point me where I can dig deeper and find the root cause?


Did you build am image with launcher and push the image to a repo? And you’re launching it with the same env as launcher uses?

Yes. I use the environment variables that the run-cmd command generates. I could not spot an error so far.
Unfortunately I could not find some ECS examples for Discourse so far.

You’re on the right track, but it’s tricky getting the standee migrated and assets uploaded. I’m not sure what the issue might be.

I found the root cause. Due to my setup of the Discourse AI plugin I had added a private Zone to the VPC to make the diverse services available VPC internally.

When running Discourse on an EC2 instance in a Docker container, the container gets a host name like 12-34-56-78-app. When running as an ECS task however you can not set the host name when in awsvpc mode, neither you can’t configure the DNS search domain. This leads to the fact that DNS resolution is different on ECS, in my case adding a search domain like xxxx.internal.

After digging around I found using tcpdump that Discourse tries to resolve its own FQDN as part of the SSRF checks. If this fails, the check fail. As a subsequent error the call to S3 fails with the bogus error message above.

The fix in my case was to add the FQDN record which is an alias to my Cloudfront distribution to my private DNS zone.


Wow. That’s some good debugging! And that’s why this is an unsupported install! Not much way that much of any of that could be guessed!

1 Like

In the end it is as usual: if it does not work, it’s always DNS :joy:

Hi @nodomain,
I experienced the exact error as in your post below. The request to user avatar for example response with 500. In my case, the domain name is not setup in public DNS, in the testing stage, I spoof in my host file locally. Will this issue not appear when the domain name got setup in public DNS?