d.ourdomain.com (our Discourse is under a subdomain)
○ With it setup in both DO CP > Networking > Domains and in Cloudflare as an alias to ours.nyc3.digitaloceanspaces.com.
○ Error when uploading an image… Failed to open TCP connection to uploads.d.ourdomain.com:443 (getaddrinfo: Name or service not known)
But my settings do show up in the admin interface, so I think this may not we outdated and it’s just a matter of getting my setting mix correct.
I saw this…
…but the admin area does not allow me to leave “s3 upload bucket” empty, so I wasn’t sure if that was related. That also seemed to be only if you’re using AWS S3 also. I tried creating a folder in my DO Space and using that folder name. I tried using a different name of a folder that wasn’t there, in case it needs to create its own. None of that worked.
I saw this…
…but I’m far from an expert, so I shied away from that.
At this point I’m just out of ideas to try and I’m not sure if I’m close and just need the right setting configuration or if I’m wholly missing something and not even close.
No they aren’t. While you can configure the S3 endpoints in the UI, we only tested and validated using the S3 clones, like Digital Ocean offering, when configuring it on the app.yml file.
I don’t see a section in app.yml for DISCOURSE_S3 settings. Do I just create a line for each? Or is that what the sudo commands do?
I’m not entirely clear on where I run or put those sudo commands. Not clear if it’s a one-time command line item to add it or if it’s something that has to go into app.yml so that it’s always accounted for.
Do the sudo commands go in the app.yml area or just the DISCOURSE_S3 setting lines?
Do I just leave this blank with DO Spaces? DISCOURSE_S3_REGION:
Do I have to have a CDN? We have very low traffic. Small group. I’m really trying to limit the moving parts if possible.
Is there any solution for this issue? I got the same error when trying to use Oracle Cloud Storage.
I followed the wiki by setting in app.yml. I tried to use s3cmd manual for sure correct connection. But when upload an image in post, I got the same error message.
Then I got the exactly error message in s3cmd tool like Discourse show:
Please wait, attempting to list all buckets...
ERROR: Test failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'objectstorage.ap-singapore-1.oci.oraclecloud.com'. (_ssl.c:1007)
After many tries, I still get the same error message. I checked manual the certificate and the hostname, used the right format to get the right certificate by eyes, but not luck.
My endpoint: .compat.objectstorage..oraclecloud.com
The certificate’s CN: *.compat.objectstorage..oraclecloud.com
I could connect by s3cmd tool. But could not setting S3 upload for discourse with the same configuration.
This is a bad idea as it will undermine many protections that X509 certificates provide.
Can you show what your non-secret settings are here? Please note Oracle Cloud is not supported, but we’ll still take a quick look to see if anything is obviously wrong.
OK I added a binding.pry to the start of ssl_socket_connect and what I see when trying to use these settings is:
→ DISCOURSE_USE_S3=true DISCOURSE_S3_REGION=ap-singapore-1 DISCOURSE_S3_ENDPOINT=https://axhjdarc4cuy.compat.objectstorage.ap-singapore-1.oraclecloud.com DISCOURSE_S3_ACCESS_KEY_ID=foo DISCOURSE_S3_SECRET_ACCESS_KEY=bar DISCOURSE_S3_BUCKET=bucketname bin/rails c
Loading development environment (Rails 7.0.7)
[1] pry(main)> s3 = S3Helper.build_from_config; s3.list
From: /home/michael/.rvm/gems/ruby-3.2.2@discourse/gems/net-protocol-0.2.2/lib/net/protocol.rb:42 Net::Protocol#ssl_socket_connect:
40: def ssl_socket_connect(s, timeout)
41: binding.pry
=> 42: if timeout
43: while true
44: raise Net::OpenTimeout if timeout <= 0
45: start = Process.clock_gettime Process::CLOCK_MONOTONIC
46: # to_io is required because SSLSocket doesn't have wait_readable yet
47: case s.connect_nonblock(exception: false)
48: when :wait_readable; s.to_io.wait_readable(timeout)
49: when :wait_writable; s.to_io.wait_writable(timeout)
50: else; break
51: end
52: timeout -= Process.clock_gettime(Process::CLOCK_MONOTONIC) - start
53: end
54: else
55: s.connect
56: end
57: end
[1] pry(#<Net::HTTP>)> s.hostname
=> "bucketname.axhjdarc4cuy.compat.objectstorage.ap-singapore-1.oraclecloud.com"
so the actual hostname being connected to is bucketname.axhjdarc4cuy.compat.objectstorage.ap-singapore-1.oraclecloud.com, which does not match *.compat.objectstorage.ap-singapore-1.oraclecloud.com so the error is correct.
Use path-based access in your application. Virtual host-style access (accessing a bucket as {bucketnamespace}.compat.objectstorage.{region}.oraclecloud.com [sic]) is not supported.
Conversely Discourse only supports virtual host-style access ({bucketname}.{namespace}.compat.objectstorage.{region}.oraclecloud.com.)
We removed the setting that might have made it work a while back as it wasn’t well supported (see the commit message).
Getting this working is not going to be simple and will require complex development and testing to add this support.
Found what he was referring to, but then when I copy and paste text in it’s inverting the case. I give up and didn’t return to it. May try again next year.
I was hoping that someone would figure it out in the meantime and better document the setup to match my plans.
I was having this issue and fixed this, My solution was that when I set it up my mail server was not SSL verified, but my domain provider did give me a SSL verified mail server so I replaced them.