-
-
Notifications
You must be signed in to change notification settings - Fork 34
/
imgproxy.conf
216 lines (177 loc) 路 7.11 KB
/
imgproxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
################################################################################
# Ultra Image Server
# A production grade image processing server setup powered by `imgproxy` and nginx
#
# Author: Mai Nhut Tan <shin@shin.company>
# Copyright: 2021 AppSeeds https://code.shin.company/
# URL: https://shinsenter.github.io/docker-imgproxy/
################################################################################
# ======================================================================== #
# Block access from some bad IPs
# See: http://nginx.org/en/docs/http/ngx_http_access_module.html#deny
# Add your bad client IPs here. E.g.
deny 134.119.219.93;
# ======================================================================== #
# This upstream links to `imgproxy` container outside.
# Do not change this upstream
# unless you are going to change `imgproxy`'s container name.
upstream upstream_imgproxy {
server imgproxy:8080;
keepalive 16;
}
# ======================================================================== #
# Cache zone
# See: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path
#
# Let's assume average file size is ~20kb
# max_size: 1mb of keys_zone can store 7,000 keys * 20kb = ~140mb
# 4mb of keys_zone can store ~28,000 keys = ~560mb
# 32mb of keys_zone can store ~224,000 keys = ~4.8gb
#
proxy_cache_path
/var/cache/nginx/imgproxy levels=1:2 use_temp_path=off
keys_zone=IMAGE_CACHE:32m max_size=5G min_free=32m inactive=7d;
# ======================================================================== #
# Temporary variables
##! **`$uri_omitted_origin`**
## Get the URI after omitting origin server.
## This setup assumes that an origin server starts with an `@` symbol.
map $uri $uri_omitted_origin
{
default '$uri';
~^(/@[^/]+)?(?<parsed_path>/.+)$ '$parsed_path';
}
##! **`$uri_omitted_origin_preset`**
## Get the URI after omitting origin server and preset name.
## This setup assumes that preset name starts with an underscore (`_`) symbol.
map $uri_omitted_origin $uri_omitted_origin_preset
{
default '$uri';
~*^(/_[a-z0-9_-]+)?(?<parsed_path>/.+)$ '$parsed_path';
}
# ======================================================================== #
# Variables for `imgproxy`
## **`$use_imgproxy`**
## This flag indicates that the request will be proceeded by `imgproxy`.
map $uri $use_imgproxy
{
default 0;
# Add any rules that you want to skip image processing.
#> E.g. this line excludes files under "hq-cactus" folder.
~^/hq-cactus/ 0;
# Else, process all image files with these file extensions
~*\.(jpe?g|png|gif|tiff?|bmp)$ 1;
}
##! **`$imgproxy_cache`**
## Default cache zone for `imgproxy`.
map $use_imgproxy $imgproxy_cache
{
default off;
1 IMAGE_CACHE;
}
## **`$origin_server`**
## Define origin base URL from the request.
## This setup assumes that an origin server starts with an `@` symbol (such as `@nasa`, `@pinterest`, etc.).
## You can also add your own origin servers using [regular expressions](https://www.nginx.com/blog/regular-expression-tester-nginx/).
map $uri $origin_server
{
default 'local://';
# Put your rewrite rules for origin servers from here.
#> E.g.
~^/@mybucket/ 's3://my-bucket';
~^/@myhost/ 'http://myhost.com';
~^/@nasa/ 'https://www.nasa.gov/sites/default/files/thumbnails/image';
~^/@pinterest/ 'https://i.pinimg.com/originals';
}
## **`$origin_uri`**
## Parse real origin URI of the file.
## This setup just omits origin server and preset name in the URI if they exist,
## but you can also rewrite requested URI using [regular expressions](https://www.nginx.com/blog/regular-expression-tester-nginx/).
map $uri_omitted_origin_preset $origin_uri
{
default '$uri_omitted_origin_preset';
# Put your rewrite rules for origin URI from here.
#> E.g. this line rewrites cactus.jpg to the real path cacti.jpg.
~*^/cactus\.jpe?g$ '/cacti.jpg';
}
## **`$preset_name`**
## Parse preset name from requested URI.
## This setup assumes that preset name starts with an underscore (`_`) symbol (such as `_thumb` or `_w200`).
## You can define your own presets using [regular expressions](https://www.nginx.com/blog/regular-expression-tester-nginx/).
map $uri_omitted_origin $preset_name
{
default '';
# You can define dynamic presets,
#> but beware that dynamic presets are able to cause a denial-of-service attack
#> by allowing an attacker to request multiple different image resizes.
#> E.g. a dynamic preset with a variable $width.
# ~^/_w(?<parsed_width>[0-9_-]+)/ 'max_w:${parsed_width}';
# This is a better version for above dynamic preset.
#> It allows only certain image sizes,
#> and fallbacks other undefined image sizes to max_w:200
~^/_w(?<parsed_width>(200|640|800|1200|1600))/ 'max_w:${parsed_width}';
~^/_w(?<parsed_width>([0-9_-]+))/ 'max_w:200';
# Get static preset name from the URI
~^/_(?<parsed_name>[a-z0-9_-]+)/ '$parsed_name';
}
## **`$imgproxy_preset`**
## Define `imgproxy` options for each preset name.
map $preset_name $imgproxy_preset
{
default 'size:1600:0:0:0/preset:logo';
# Dynamic preset
~^max_w:(?<width>[0-9]+)$ 'size:${width}:0:0:0/preset:logo';
# Static presets
blurry 'size:320:320:1:0/blur:10/quality:50';
small 'size:320:320:0:0/sharpen:0.3/preset:logo';
medium 'size:640:640:0:0/preset:logo';
thumb 'size:160:160:1:1/bg:ffffff/resizing_type:fill/sharpen:0.3';
square 'size:500:500:0:1/bg:ffffff/resizing_type:fill/preset:center_logo';
}
## **`$imgproxy_extension`**
## Detect WebP or AVIF supports from the request header `Accept`.
map $http_accept $imgproxy_extension
{
default '';
~*webp '@webp';
~*avif '@avif';
}
## **`$imgproxy_options`**
## Generate final URL for `imgproxy` following [their documentation](https://docs.imgproxy.net/generating_the_url).
## When URL query `?skip=1` is set, use another rule to skip `imgproxy` processing.
map $arg_skip $imgproxy_options
{
default '/unsafe/${imgproxy_preset}/plain/${origin_server}${origin_uri}${imgproxy_extension}';
~.+ '/unsafe/plain/${origin_server}${origin_uri}';
}
##! **`$imgproxy_rewrite`**
## Generate final URL for `imgproxy` following [their documentation](https://docs.imgproxy.net/generating_the_url).
map $use_imgproxy $imgproxy_rewrite
{
default '';
1 '$imgproxy_options';
}
##! **`$debug_imgproxy_rewrite`**
## For debugging the value of `$imgproxy_rewrite`.
map $arg_debug $debug_imgproxy_rewrite
{
default '';
~.+ '$imgproxy_rewrite';
}
## **`$fallback_uri`**
## Define fallback file to serve when the requested file is unavailable.
## E.g. `/noimage.jpg` or `/noimage_thumb.jpg`, which is stored in the folder `www/`.
map $preset_name $fallback_uri
{
default '/noimage.jpg';
thumb '/noimage_thumb.jpg';
# small '/noimage_small.jpg';
# medium '/noimage_medium.jpg';
# square '/noimage_square.jpg';
}
# Extra: You also can set `$fallback_uri` using value of `$origin_uri`.
# map $origin_uri $fallback_uri
# {
# default '/noimage.jpg';
# ~^/products/ '/default_product_image.jpg';
# }