I have an old Rails application that uses Paperclip to interact with AWS. I am migrating over to Cloudfront due to TLS compatibility issues, but am running into issues uploading the photos. I can fetch them just fine, and have ensured that fetching them uses the Cloudfront URL.
Here's my configuration in my model:
has_attached_file :image, :storage => :s3,
:s3_credentials => "#{RAILS_ROOT}/config/s3.yml",
:path => "images/:attachment/:id/:style.:extension",
:url => ':s3_alias_url',
:s3_host_alias => 'XXX.cloudfront.net',
:styles => {
:large => {:geometry => "3500x3500>", :processors => [:cropper]},
:medium => {:geometry => "512x512>", :processors => [:cropper]},
:thumb => {:geometry => "160x160>", :processors => [:cropper]} }
However, when I try to upload a photo I receive an error, and from the error it looks like it isn't trying to use the Cloudfront URL:
Processing Admin::ImagesController#create (for 24.154.30.187 at 2023-11-03 01:39:51) [POST]
Parameters: {"controller"=>"admin/images", "commit"=>"Upload Images", "property_id"=>"15948", "action"=>"create", "image"=>{"image"=>[#<File:/tmp/RackMultipart20231103-1151-c5g19p-0>, #<File:/tmp/RackMultipart20231103-1151-y1vfa4-0>], "caption"=>""}}
[paperclip] Saving attachments.
[paperclip] saving images/images/467324/thumb.jpg
New RightAws::S3Interface using shared connections mode
Opening new HTTPS connection to s3.amazonaws.com:443
##### RightAws::S3Interface returned an error: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidTlsVersion</Code><Message>Amazon S3 will stop supporting TLS 1.0 and TLS 1.1 connections. Please update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS suppo$
##### RightAws::S3Interface request: https://s3.amazonaws.com:443/ ####
Closing HTTPS connection to s3.amazonaws.com:443, reason: 'RightAws::AWSErrorHandler: code: 403: 'Forbidden''
RightAws::AwsError (InvalidTlsVersion: Amazon S3 will stop supporting TLS 1.0 and TLS 1.1 connections. Please update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS support.):
/home/ubuntu/.rvm/gems/ruby-1.8.7-p371@vires/gems/right_aws-3.0.4/lib/awsbase/right_awsbase.rb:562:in `request_info_impl'
/home/ubuntu/.rvm/gems/ruby-1.8.7-p371@vires/gems/right_aws-3.0.4/lib/s3/right_s3_interface.rb:203:in `request_info'
/home/ubuntu/.rvm/gems/ruby-1.8.7-p371@vires/gems/right_aws-3.0.4/lib/s3/right_s3_interface.rb:240:in `create_bucket'
/home/ubuntu/.rvm/gems/ruby-1.8.7-p371@vires/gems/right_aws-3.0.4/lib/s3/right_s3.rb:103:in `bucket'
vendor/plugins/paperclip/lib/paperclip/storage.rb:163:in `s3_bucket'
vendor/plugins/paperclip/lib/paperclip/storage.rb:199:in `flush_writes'
vendor/plugins/paperclip/lib/paperclip/storage.rb:195:in `each'
vendor/plugins/paperclip/lib/paperclip/storage.rb:195:in `flush_writes'
vendor/plugins/paperclip/lib/paperclip/attachment.rb:141:in `save'
vendor/plugins/paperclip/lib/paperclip.rb:331:in `send'
vendor/plugins/paperclip/lib/paperclip.rb:331:in `save_attached_files'
vendor/plugins/paperclip/lib/paperclip.rb:324:in `each_attachment'
vendor/plugins/paperclip/lib/paperclip.rb:323:in `each'
vendor/plugins/paperclip/lib/paperclip.rb:323:in `each_attachment'
vendor/plugins/paperclip/lib/paperclip.rb:330:in `save_attached_files'
activesupport (2.3.2) lib/active_support/callbacks.rb:178:in `send'
activesupport (2.3.2) lib/active_support/callbacks.rb:178:in `evaluate_method'
activesupport (2.3.2) lib/active_support/callbacks.rb:166:in `call'
activesupport (2.3.2) lib/active_support/callbacks.rb:93:in `run'
activesupport (2.3.2) lib/active_support/callbacks.rb:92:in `each'
activesupport (2.3.2) lib/active_support/callbacks.rb:92:in `send'
activesupport (2.3.2) lib/active_support/callbacks.rb:92:in `run'
activesupport (2.3.2) lib/active_support/callbacks.rb:276:in `run_callbacks'
activerecord (2.3.2) lib/active_record/callbacks.rb:344:in `callback'
activerecord (2.3.2) lib/active_record/callbacks.rb:251:in `create_or_update'
activerecord (2.3.2) lib/active_record/base.rb:2539:in `save_without_validation'
activerecord (2.3.2) lib/active_record/validations.rb:1009:in `save_without_dirty'
activerecord (2.3.2) lib/active_record/dirty.rb:79:in `save_without_transactions'
activerecord (2.3.2) lib/active_record/transactions.rb:229:in `send'
activerecord (2.3.2) lib/active_record/transactions.rb:229:in `with_transaction_returning_status'
activerecord (2.3.2) lib/active_record/connection_adapters/abstract/database_statements.rb:136:in `transaction'
activerecord (2.3.2) lib/active_record/transactions.rb:182:in `transaction'
activerecord (2.3.2) lib/active_record/transactions.rb:228:in `with_transaction_returning_status'
activerecord (2.3.2) lib/active_record/transactions.rb:196:in `save'
activerecord (2.3.2) lib/active_record/transactions.rb:208:in `rollback_active_record_state!'
activerecord (2.3.2) lib/active_record/transactions.rb:196:in `save'
app/controllers/admin/images_controller.rb:28:in `create'
app/controllers/admin/images_controller.rb:26:in `each'
app/controllers/admin/images_controller.rb:26:in `create'
When I view previously uploaded photos though, it shows the correct url: https://XXX.cloudfront.net/images/images/XXX/thumb.jpg?2023?1698977169
What am I missing?
The first issue was that the version of Paperclip I was stuck with uses the
right_awsgem, rather than the AWS SDK directly. Because of this, the parameters were not being set to send the responses to the Cloudfront URL. I had to manually set the server in therequestobject to the Cloudfront URL.Second, when listing objects or the buckets from S3 through Cloudfront, the information it was looking for was not being returned. I had to remove any checks to see if the objects I was trying to delete or upload already existed. After this, I was successfully able to upload to S3 using TLS 1.1!