Do all uploads in Discourse go to the 'original' folder when using a CDN?

phil22 · July 20, 2023, 4:00pm

I have a question re using a CDN with secure uploads. In https://meta.discourse.org/t/secure-uploads/meta/140017/118?u=phil22 it sounds like the CDN isn’t used for uploads but can be used for assets.

At the moment my CDN has GetObject access for my entire bucket. If I want uploads to be secure I need to change the BucketPolicy so that it is scoped just to assets. Can I do this via path? There are currently 3 directories in my uploads folder - assets, optimized and original. I’ve noticed that with secure uploads enabled discourse is fetching stuff from assets and optimized from the CDN.

So I could limit my bucket policy to only allow access to the CDN to /original but wanted to confirm - do all uploads end up in ‘original’ or are they sometimes in ‘optimized’?

phil22 · July 21, 2023, 9:27am

Ah think I’ve answered my own question - no bucket policy is needed at all because the ACLs that discourse sets on the static assets make them public, so cloudfront can access them without having any bucket policy set.

Topic		Replies	Views
Secure Uploads Announcements secure-uploads	43	17331	July 24, 2025
Unable to setup S3 bucket Self-hosting uploads , s3	11	360	January 12, 2025
Defining DISCOURSE_S3_CDN_URL links to assets in S3 CDN URL Support	42	6467	April 22, 2020
Downloads coming from S3 even with DISCOURSE_S3_CDN_URL set Support	4	737	April 23, 2025
S3 Uploads - Using CDN for PDFs? Bug	5	1648	December 31, 2021

Do all uploads in Discourse go to the 'original' folder when using a CDN?

Related topics