OroCommerce Forums

Covering OroCommerce topics, including community updates and company announcements.

Forums Forums OroCommerce S3 attachment to work with Cloudfront

This topic contains 3 replies, has 2 voices, and was last updated by  zhex900 3 years, 6 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
  • #33116



    I have successfully, configure orocommerce to use S3 to store all the attachments. After I switch to S3, Cloudfront no long cache the images. Cloudfront did cache before I switched to S3 attachments.

    This is probably, the images served by S3 did not have proper meta tags. But I did add the following tags all the images in S3
    Cache-Control max-age=1314000
    Expires 1314000

    Any ideas as to how to fix it?

    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • Author
  • #33117

    Andrey Yatsenko

    There are two types of attachments.

    First are regular attachments, that loaded using Symfony’s controller, they have ACL checks and should not be cached at all as it’s private content.

    The second type is images with previews, while the original image still should not be cached as they require ACL check, previews can be cached and they are not managed by the Symfony application.
    So if the issue with previews – it’s only about configuring the web server (Apache, Nginx etc.) and nothing to do with the application.

    Make sure images you are talking about don’t have the private cache-control and managed directly, not with Symfony.



    server {
    listen 80 default_server;
    port_in_redirect off;

    server_name _;

    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header Content-Security-Policy upgrade-insecure-requests;

    ### legacy health check
    location /health {
    access_log off;

    include fastcgi_params;
    fastcgi_param SCRIPT_NAME /ping;
    fastcgi_param SCRIPT_FILENAME /ping;
    fastcgi_pass unix:/var/run/php-fpm.sock;

    root /var/www/web;

    if ( -f /srv/orocrm.maintance ) {
    return 503 ‘Sorry, we are on maintenance, please try again after several seconds.’;

    index app.php;
    try_files $uri $uri/ @rewrite;
    location @rewrite {
    rewrite ^/(.*)$ /app.php/$1;

    access_log /dev/stdout json;
    error_log /dev/stderr info;

    location ~ ^/admin.*$ {
    return 301 https://admin.ewhale.co/admin;

    location ~ ^/products$ {
    return 301 https://$host/product;

    # deny access to .htaccess files, if Apache’s document root
    # concurs with nginx’s one
    location ~ /\.ht {
    deny all;

    location ~ /js/translation/en.js {
    # One month for javascript and css
    location ~* \.(?:css|js) {

    expires 1M;
    access_log off;
    add_header Cache-Control public;

    # Three months for media: images, fonts, icons, video, audio etc.
    location ~* \.(?:ico|tiff|woff|eot|ttif|svg|svgz|mp4|ogg|ogv|webm|swf|flvi)$ {
    expires 3M;
    access_log off;
    add_header Cache-Control “public, must-revalidate, proxy-revalidate”;

    # Set static files cache lifetime
    location ~* ^[^(\.php)]+\.(jpg|jpeg|gif|png|ico|css|pdf|ppt|txt|bmp|rtf|js)$ {
    access_log off; # disable logs
    expires 4M; # cahe 1h
    add_header Pragma public;
    add_header Cache-Control “public, must-revalidate, proxy-revalidate”;

    location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
    return 404;
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_index app.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SYMFONY_ENV prod;
    fastcgi_intercept_errors on;
    fastcgi_ignore_client_abort off;
    fastcgi_connect_timeout 30;
    fastcgi_send_timeout 3600;
    fastcgi_read_timeout 3600;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;

    # You need to add additional “location” section for Websockets requests handling
    location /ws {
    # redirect all traffic to localhost:8080;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_redirect off;
    proxy_read_timeout 86400;

    # enables WS support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection “upgrade”;

    # prevents 502 bad gateway error
    proxy_buffers 8 32k;
    proxy_buffer_size 64k;

    reset_timedout_connection on;

    error_log /var/log/nginx/oro_wss_error.log;
    access_log /var/log/nginx/oro_wss_access.log;



    https://ewhale.co is my site.

    What can you please give me an example of a preview image?

    This block should enable caching. Can you see anything wrong with it?

    # Set static files cache lifetime
    location ~* ^[^(\.php)]+\.(jpg|jpeg|gif|png|ico|css|pdf|ppt|txt|bmp|rtf|js)$ {
    access_log off; # disable logs
    expires 4M;
    add_header Pragma public;
    add_header Cache-Control “public, must-revalidate, proxy-revalidate”;

Viewing 3 replies - 1 through 3 (of 3 total)

The forum ‘OroCommerce’ is closed to new topics and replies.

You will be redirected to [title]. Would you like to continue?

Yes No