Do all uploads in Discourse go to the 'original' folder when using a CDN?

phil22 · July 20, 2023, 4:00pm

I have a question re using a CDN with secure uploads. In Secure Uploads - #118 by Falco it sounds like the CDN isn’t used for uploads but can be used for assets.

At the moment my CDN has GetObject access for my entire bucket. If I want uploads to be secure I need to change the BucketPolicy so that it is scoped just to assets. Can I do this via path? There are currently 3 directories in my uploads folder - assets, optimized and original. I’ve noticed that with secure uploads enabled discourse is fetching stuff from assets and optimized from the CDN.

So I could limit my bucket policy to only allow access to the CDN to /original but wanted to confirm - do all uploads end up in ‘original’ or are they sometimes in ‘optimized’?

phil22 · July 21, 2023, 9:27am

Ah think I’ve answered my own question - no bucket policy is needed at all because the ACLs that discourse sets on the static assets make them public, so cloudfront can access them without having any bucket policy set.

Topic		Replies	Views
Uploads to AWS S3 and Configured CDN installation	2	482	September 1, 2022
CloudFront not caching static files installation	9	1817	March 27, 2022
Secure Uploads announcements secure-uploads	41	14814	July 25, 2023
Full Site CDN Using AWS CloudFront installation	1	1420	August 30, 2023
Migrating uploads to s3 does not work with private bucket feature	8	1560	March 1, 2021

Do all uploads in Discourse go to the 'original' folder when using a CDN?

Related Topics