System upload not using s3 cdn url

Version v2.2.0.beta3 +153

I am using minio as a S3 gateway internal. However, when upload a image, it does not using the CDN url.

For example, uploading a avatar and it uses a internal IP instead of cdn url. This make the avatar fail to display.

Does the IP discourse presents as the CDN match the IP you’re using for Minio? Does the public DNS name for Minio have a certificate?

I am using minio on internal upload only. For example, discourse on 192.168.1.5 and minio on 192.168.1.6:9000. When I browse in Chrome, it tries to request 192.168.1.6:9000 which will not work.
I expect it to load from cdn.example.com which like image in post.

So you’ve followed the official guide for configuring Minio with Discourse?

How does your setup differ?

Yes, I followed the guide. It works on images upload in posts but not system upload. For example avatar, logo and icon.

All the images in posts use cdn.example.com but system upload use 192.168.1.6:9000.

Here is my config.

Actually, the preview also link to IP instead of CDN. Only the image being in post (original and optimized) are using CDN url.

This problem seems to happen here as well. If you upload an image, the one you see in preview is discourse-meta.s3.dualstack.us-west-1.amazonaws.com instead of meta-s3-cdn.freetls.fastly.net.

Yeah this is indeed the case, preview does not use CDN, hiding the S3 origin from clients is an unsupported setup atm, longer term I expect even more trouble when we support direct to s3 uploads

1 Like

I also found out the images uploaded are allowed to view by public. If there are future updates on this, please do not set it if CDN is set. This is because it bypass the bucket policy to enforce all objects must go through CDN.

So I’m still confused here…even with my cloudfront url in the “s3 cdn url”, all uploaded images (in the preview or not) are using the s3.dualstack url and not my cloudfront/cdn url.

What am I missing?

Here are my settings:

Preformatted text

This seems like a bug, not a feature, as it requires you to have public ACLs for your s3 bucket. Looks like it has been reported here years ago, but not fixed: S3 CDN URL ignored when uploading into posts