Discourse provides robust support for uploads, images, and attachments, allowing users to enrich their posts and share files with others. Understanding how uploads, images, and attachments work in Discourse can help you to better manage your community and provide a better user experience.
In Discourse, users can upload files and images directly to their posts using the upload button in the post editor.
The upload button’s icon changes depending on the allowed types of uploads. If only image file types are allowed, the upload icon will appear as an image icon.
However, if other file types are allowed, the upload icon will appear as a general upload icon.
Discourse also supports uploading embedding images from other websites, and when an image is uploaded, Discourse creates multiple sizes of the image, which are used in different contexts around the site.
Every time a user uploads a new file to the forum, Discourse saves the file in the server’s
By default, Discourse allows image file types (jpg, jpeg, png, gif, heic, heif, webp, and avif).
Admins can also add more file extensions to the
authorized extensions and
authorized extensions for staff site settings to allow other types of files, such as .pdf, .docx, .mp3, etc.
Removing all file types from the list of
authorized extensionswill disable uploads on your site. If you don’t want to store uploads on your site’s server, you can disable them, tell your users to only publish uploads to external sites, and then share the links to the uploads on your site.
The default maximum size for images is set to
4096 kB (4 MB). This limit can be adjusted by changing the
max image size kb site setting based on the needs of your community.
The default maximum size for non-image uploads is set to
8192kB (8 MB). This limit can be adjusted by modifying the
max attachment size kb site setting.
The maximum kb size for both of these settings is
If you are sharing many files or very large files regularly, we recommend that you use Google Drive, Dropbox or another cloud file sharing service. You can also use a streaming service like YouTube or SoundCloud to host your large media files. You can then get a link from there and paste it into your post. Insert the link on its own line, surrounded by empty lines, to display the file in a media player if supported, or a summary preview.
There is no file management interface provided in Discourse. To remove files, delete the posts that contain them or edit the posts to remove the attachment links. Orphaned files will be removed automatically after a 48 hour grace period.
See Cleaning up Uploads and Purging Uploads from S3 for additional details about deleting uploads on your site.
The following section is only applicable for self-hosted installations and Enterprise hosted sites.
Discourse allows you to configure S3 compatible Object Storage providers to store uploads.
You can follow these guides on how to set up file and image uploads to S3 or configure an S3 compatible object storage provider for uploads: Setting up file and image uploads to S3 and Configure an S3 compatible object storage provider for uploads.
If you’re using S3 for uploads, you might want to consider how this affects your backup strategy. Discourse allows you to configure automatic backups, and you can choose to store these backups on S3. However, if you’re using S3 for uploads and backups, you might need to consider the impact on bandwidth and storage costs. For more information, check out this topic: Configure automatic backups for Discourse.
If you’re using a CDN in conjunction with S3 uploads, you’ll need to ensure that this is correctly configured. Discourse has a guide on how to enable a CDN for your Discourse, which covers the use of S3: Enable a CDN for your Discourse.
Discourse has a feature called “Secure Uploads” which restricts access to uploaded files so that only users with the necessary permissions can view or download the files. This is particularly useful for private communities or for content that should not be publicly accessible.
To use this feature, you must have S3 uploads enabled on your site and your S3 bucket should not have a public bucket policy. All existing uploads should have a public-read S3 ACL.
However, enabling secure uploads can increase the complexity of your setup, potentially impact site performance, and increase the size of your backups.
To learn more about enabling secure uploads on your site, see: Secure Uploads