版本 v2.2.0.beta3 +153
我内部使用 MinIO 作为 S3 网关。然而,在上传图片时,它并未使用 CDN 链接。
例如,上传头像时使用的是内部 IP 地址而非 CDN 链接,导致头像无法显示。
Does the IP discourse presents as the CDN match the IP you’re using for Minio? Does the public DNS name for Minio have a certificate?
I am using minio on internal upload only. For example, discourse on 192.168.1.5 and minio on 192.168.1.6:9000. When I browse in Chrome, it tries to request 192.168.1.6:9000 which will not work.
I expect it to load from cdn.example.com which like image in post.
So you’ve followed the official guide for configuring Minio with Discourse?
How does your setup differ?
Yes, I followed the guide. It works on images upload in posts but not system upload. For example avatar, logo and icon.
All the images in posts use cdn.example.com but system upload use 192.168.1.6:9000.
This problem seems to happen here as well. If you upload an image, the one you see in preview is discourse-meta.s3.dualstack.us-west-1.amazonaws.com instead of meta-s3-cdn.freetls.fastly.net.
Yeah this is indeed the case, preview does not use CDN, hiding the S3 origin from clients is an unsupported setup atm, longer term I expect even more trouble when we support direct to s3 uploads
I also found out the images uploaded are allowed to view by public. If there are future updates on this, please do not set it if CDN is set. This is because it bypass the bucket policy to enforce all objects must go through CDN.
所以我仍然很困惑……即使我在“S3 CDN URL”中填入了我的 CloudFront 网址,所有上传的图片(无论是预览还是其他)都使用了 s3.dualstack 网址,而不是我的 CloudFront/CDN 网址。
我漏掉了什么?
以下是我的设置:
预格式化文本
这看起来像是一个漏洞,而不是一个功能,因为它_要求_你的 S3 存储桶具有公共 ACL。看来这个问题几年前就有人报告过,但尚未修复:S3 CDN URL ignored when uploading into posts