Image upload error: The bucket does not allow ACL's

Users and even Admins cannot upload pictures anymore.
error log says hotlink error
4MB limit but, I tried to upload 800KB file as test after user complained.

We did a recent update a few days ago (2.9.0.beta4)
We recently setup s3 buckets.

I noticed a recent fix in github from 15 days ago for hotlink.
I cannot make issues on github… is this the place to report bugs?

Message (2 copies reported)

default: Failed to pull hotlinked image (https://jackrail.space/images/discourse-logo-sketch-small.png) post: 586
The bucket does not allow ACLs
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-s3-1.96.1/lib/aws-sdk-s3/plugins/sse_cpk.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-s3-1.96.1/lib/aws-sdk-s3/plugins/dualstack.rb:36:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-s3-1.96.1/lib/aws-sdk-s3/plugins/accelerate.rb:50:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/aws-sdk-core/plugins/param_converter.rb:26:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/seahorse/client/plugins/request_callback.rb:71:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/aws-sdk-core/plugins/response_paging.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/seahorse/client/plugins/response_target.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-core-3.121.2/lib/seahorse/client/request.rb:72:in `send_request'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-s3-1.96.1/lib/aws-sdk-s3/client.rb:11274:in `put_object'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/aws-sdk-s3-1.96.1/lib/aws-sdk-s3/object.rb:1329:in `put'
/var/www/discourse/lib/s3_helper.rb:74:in `upload'
/var/www/discourse/lib/file_store/s3_store.rb:116:in `store_file'
/var/www/discourse/lib/file_store/s3_store.rb:30:in `store_upload'
/var/www/discourse/lib/upload_creator.rb:212:in `block (2 levels) in cr...

Backtrace

/var/www/discourse/app/jobs/regular/pull_hotlinked_images.rb:243:in `public_send'
/var/www/discourse/app/jobs/regular/pull_hotlinked_images.rb:243:in `log'
/var/www/discourse/app/jobs/regular/pull_hotlinked_images.rb:58:in `rescue in block in execute'
/var/www/discourse/app/jobs/regular/pull_hotlinked_images.rb:35:in `block in execute'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.13.4-x86_64-linux/lib/nokogiri/xml/node_set.rb:234:in `block in each'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.13.4-x86_64-linux/lib/nokogiri/xml/node_set.rb:233:in `upto'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.13.4-x86_64-linux/lib/nokogiri/xml/node_set.rb:233:in `each'
/var/www/discourse/app/jobs/regular/pull_hotlinked_images.rb:34:in `execute'
/var/www/discourse/app/jobs/base.rb:232:in `block (2 levels) in perform'
/var/www/discourse/vendor/bundle/ruby/2.7.0/gems/rails_multisite-4.0.1/lib/rails_multisite/connection_management.rb:80:in `with_connection'

I think i fixed it but I’m not sure what this feature does or if it disables my s3 backups.
"enable s3 uploads"
I enabled this thinking this was part of the backup procedure.
I disabled this and I no longer get this error when I upload a test image.

That setting puts your uploads in the S3 bucket and is separate from the uploads. It sounds like that bucket isn’t codified properly for uploads (see Using Object Storage for Uploads (S3 & Clones) for info).

You should still check that your backups are working.

I guess that was the problem and it is confirmed as fixed by the user who complained.

I’m not sure what this upload of images does, but I guess it is some extra feature that complex servers might need. I guess our 40 users don’t need a discourse with this complex feature. We are more interested in emoji likes.

However, when I followed the s3 instructions, I had to double back and make a new bucket for “backups” while the original one was for uploads (because I did in order as it appeared for settings). I think I will probably add some more info to the s3 instructions as a reply to help make this easier for others to follow. Also the permission policy listed in that help thread did not exist, and I ended up finding a “*” solution from another website. I’ll try to help clarify this on that thread. It worked, but work and tweaks to the instructions.

These actions did not work… I used * instead.

"Action": [
           "s3:ListAllMyBuckets",
           "s3:HeadBucket"
       ],

The thread I used to configure and follow the instructions is here

It too also has enable s3 uploads marked as checked… Seems like making things too complex for the average user.
On the otherhand, I’m hoping my backups are working fine with out it.

Why did you use * instead?

I found it somewhere while googling, just to make it accept the code. If you look at my post you quote, I provided the link. I just google and cut and paste most of the time.
However, I noticed later that image uploads were not necessary to make backups work. I still don’t know why one would use it. You really only need the backup. You do not need two buckets. I unchecked that part in the settings because I still had upload errors and images were not allowed by the users. unchecking that item fixed it. We have a small server group, so we should be fine for a long time.