2017-07-05 09:16:11 +02:00
# imgproxy
2017-06-20 15:57:12 +02:00
2017-09-21 09:10:27 +02:00
< img align = "right" width = "200" height = "200" title = "imgproxy logo"
src="https://cdn.rawgit.com/DarthSim/imgproxy/master/logo.svg">
2017-09-28 08:33:10 +02:00
[![Build Status ](https://api.travis-ci.org/DarthSim/imgproxy.svg?branch=master )](https://travis-ci.org/DarthSim/imgproxy)
2017-09-27 21:25:51 +02:00
2017-07-05 09:16:11 +02:00
imgproxy is a fast and secure standalone server for resizing and converting remote images. The main principles of imgproxy are simplicity, speed, and security.
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
imgproxy can be used to provide a fast and secure way to replace all the image resizing code of your web application (like calling ImageMagick or GraphicsMagick, or using libraries), while also being able to resize everything on the fly, fast and easy. imgproxy is also indispensable when handling lots of image resizing, especially when images come from a remote source.
imgproxy does one thing — resizing remote images — and does it well. It works great when you need to resize multiple images on the fly to make them match your application design without preparing a ton of cached resized images or re-doing it every time the design changes.
imgproxy is a Go application, ready to be installed and used in any Unix environment — also ready to be containerized using Docker.
2017-10-20 12:33:52 +02:00
See this article for a good intro and all the juicy details! [imgproxy:
Resize your images instantly and securely](https://evilmartians.com/chronicles/introducing-imgproxy)
2017-07-05 09:16:11 +02:00
< a href = "https://evilmartians.com/?utm_source=imgproxy" >
2017-07-04 14:17:20 +02:00
< img src = "https://evilmartians.com/badges/sponsored-by-evil-martians.svg" alt = "Sponsored by Evil Martians" width = "236" height = "54" >
< / a >
2017-06-20 15:57:12 +02:00
2017-07-04 14:17:20 +02:00
#### Simplicity
2017-07-05 09:16:11 +02:00
> "No code is better than no code."
imgproxy only includes the must-have features for image processing, fine-tuning and security. Specifically,
2017-07-03 06:08:47 +02:00
2017-07-05 09:16:11 +02:00
* It would be great to be able to rotate, flip and apply masks to images, but in most of the cases, it is possible — and is much easier — to do that using CSS3.
* It may be great to have built-in HTTP caching of some kind, but it is way better to use a Content-Delivery Network or a caching proxy server for this, as you will have to do this sooner or later in the production environment.
* It might be useful to have everything built in — such as HTTPS support — but an easy way to solve that would be just to use a proxying HTTP server such as nginx.
2017-07-03 06:08:47 +02:00
#### Speed
2017-07-05 09:16:11 +02:00
imgproxy uses probably the most efficient image processing library there is, called `libvips` . It is screaming fast and has a very low memory footprint; with it, we can handle the processing for a massive amount of images on the fly.
2017-07-03 06:08:47 +02:00
2017-07-05 09:16:11 +02:00
imgproxy also uses native Go's `net/http` routing for the best HTTP networking support.
2017-07-03 06:08:47 +02:00
#### Security
2017-07-05 09:16:11 +02:00
Massive processing of remote images is a potentially dangerous thing, security-wise. There are many attack vectors, so it is a good idea to consider attack prevention measures first. Here is how imgproxy can help:
2017-07-03 06:08:47 +02:00
2017-07-05 09:16:11 +02:00
* imgproxy checks image type _and_ "real" dimensions when downloading, so the image will not be fully downloaded if it has an unknown format or the dimensions are too big (there is a setting for that). That is how imgproxy protects you from so called "image bombs" like those described at https://www.bamsoftware.com/hacks/deflate.html.
2017-07-03 06:08:47 +02:00
2017-07-05 09:16:11 +02:00
* imgproxy protects image URLs with a signature, so an attacker cannot cause a denial-of-service attack by requesting multiple image resizes.
2017-07-03 06:08:47 +02:00
2017-07-05 09:16:11 +02:00
* imgproxy supports authorization by an HTTP header. That prevents using imgproxy directly by an attacker but allows to use it through a CDN or a caching server — just by adding a header to a proxy or CDN config.
2017-06-26 00:20:48 +02:00
2017-07-04 14:17:20 +02:00
## Installation
2017-06-27 10:36:24 +02:00
2017-07-05 09:16:11 +02:00
There are two ways you can install imgproxy:
2017-06-27 10:36:24 +02:00
2017-07-04 14:17:20 +02:00
#### From the source
2017-09-27 21:25:51 +02:00
1. First, install [libvips ](https://github.com/jcupitt/libvips ).
2017-07-04 14:17:20 +02:00
```bash
# macOS
2017-07-03 06:08:47 +02:00
$ brew tap homebrew/science
$ brew install vips
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
# Ubuntu
2017-09-29 23:07:19 +02:00
# Ubuntu apt repository contains a pretty old version of libvips.
# It's recommended to use PPA with an up to date version.
$ sudo add-apt-repository ppa:dhor/myway
2017-09-27 01:58:28 +02:00
$ sudo apt-get install libvips-dev
2017-07-03 06:08:47 +02:00
```
2017-06-27 10:36:24 +02:00
2017-07-05 23:01:35 +02:00
**Note:** Most libvips packages come with WebP support. If you want libvips to support WebP on macOS, you need to install it this way:
```bash
$ brew tap homebrew/science
$ brew install vips --with-webp
```
2017-07-05 09:16:11 +02:00
2. Next, install imgproxy itself:
2017-06-27 10:36:24 +02:00
2017-07-04 14:17:20 +02:00
```bash
2017-07-05 09:16:11 +02:00
$ go get -f -u github.com/DarthSim/imgproxy
2017-07-03 06:08:47 +02:00
```
2017-06-27 10:36:24 +02:00
2017-07-04 14:17:20 +02:00
#### Docker
2017-07-05 09:16:11 +02:00
imgproxy can (and should) be used as a standalone application inside a Docker container. It is ready to be dockerized, plug and play:
2017-07-04 14:17:20 +02:00
```bash
$ docker build -t imgproxy .
2017-08-08 19:39:02 +02:00
$ docker run -e IMGPROXY_KEY=$YOUR_KEY -e IMGPROXY_SALT=$YOUR_SALT -p 8080:8080 -t imgproxy
```
You can also pull the image from Docker Hub:
```bash
$ docker pull darthsim/imgproxy:latest
$ docker run -e IMGPROXY_KEY=$YOUR_KEY -e IMGPROXY_SALT=$YOUR_SALT -p 8080:8080 -t darthsim/imgproxy
```
#### Heroku
imgproxy can be deployed to Heroku with the click of the button:
[![Deploy ](https://www.herokucdn.com/deploy/button.svg )](https://heroku.com/deploy)
However, you can do it manually with a few steps:
```bash
$ git clone https://github.com/DarthSim/imgproxy.git & & cd imgproxy
2017-09-30 02:33:14 +02:00
$ heroku create your-application
$ heroku buildpacks:add https://github.com/heroku/heroku-buildpack-apt
$ heroku buildpacks:add https://github.com/heroku/heroku-buildpack-go
$ heroku config:set IMGPROXY_KEY=$YOUR_KEY IMGPROXY_SALT=$YOUR_SALT
2017-08-08 19:39:02 +02:00
$ git push heroku master
2017-07-04 14:17:20 +02:00
```
## Configuration
2017-07-05 09:16:11 +02:00
imgproxy is [Twelve-Factor-App ](https://12factor.net/ )-ready and can be configured using `ENV` variables.
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
#### URL signature
2017-06-26 00:20:48 +02:00
2017-07-05 09:16:11 +02:00
imgproxy requires all URLs to be signed with a key and salt:
2017-07-04 14:17:20 +02:00
2017-07-07 10:27:47 +02:00
* `IMGPROXY_KEY` — (**required**) hex-encoded key;
* `IMGPROXY_SALT` — (**required**) hex-encoded salt;
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
You can also specify paths to files with a hex-encoded key and salt (useful in a development environment):
2017-07-04 14:17:20 +02:00
```bash
$ imgproxy -keypath /path/to/file/with/key -saltpath /path/to/file/with/salt
```
2017-07-05 09:16:11 +02:00
If you need a random key/salt pair real fast, you can quickly generate it using, for example, the following snippet:
```bash
$ xxd -g 2 -l 64 -p /dev/random | tr -d '\n'
```
2017-07-04 14:17:20 +02:00
#### Server
2017-06-26 00:20:48 +02:00
2017-07-05 09:16:11 +02:00
* `IMGPROXY_BIND` — TCP address to listen on. Default: `:8080` ;
* `IMGPROXY_READ_TIMEOUT` — the maximum duration (in seconds) for reading the entire image request, including the body. Default: `10` ;
* `IMGPROXY_WRITE_TIMEOUT` — the maximum duration (in seconds) for writing the response. Default: `10` ;
2017-07-05 14:28:22 +02:00
* `IMGPROXY_DOWNLOAD_TIMEOUT` — the maximum duration (in seconds) for downloading the source image. Default: `5` ;
2017-09-28 19:17:23 +02:00
* `IMGPROXY_CONCURRENCY` — the maximum number of image requests to be processed simultaneously. Default: double number of CPU cores;
* `IMGPROXY_MAX_CLIENTS` — the maximum number of simultaneous active connections. Default: `IMGPROXY_CONCURRENCY * 5` ;
2017-07-04 14:17:20 +02:00
#### Security
2017-10-07 01:00:31 +02:00
imgproxy protects you from so-called image bombs. Here is how you can specify maximum image dimensions and resolution which you consider reasonable:
2017-07-04 14:17:20 +02:00
2017-10-07 01:00:31 +02:00
* `IMGPROXY_MAX_SRC_DIMENSION` — the maximum dimensions of the source image, in pixels, for both width and height. Images with larger real size will be rejected. Default: `8192` ;
* `IMGPROXY_MAX_SRC_RESOLUTION` — the maximum resolution of the source image, in megapixels. Images with larger real size will be rejected. Default: `16.8` ;
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
You can also specify a secret to enable authorization with the HTTP `Authorization` header:
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
* `IMGPROXY_SECRET` — the authorization token. If specified, request should contain the `Authorization: Bearer %secret%` header;
2017-07-04 14:17:20 +02:00
#### Compression
2017-07-05 09:16:11 +02:00
* `IMGPROXY_QUALITY` — quality of the resulting image, percentage. Default: `80` ;
* `IMGPROXY_GZIP_COMPRESSION` — GZip compression level. Default: `5` ;
2017-06-26 00:20:48 +02:00
2017-07-05 09:16:11 +02:00
## Generating the URL
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
The URL should contain the signature and resize parameters, like this:
2017-06-26 00:20:48 +02:00
```
2017-07-04 14:17:20 +02:00
/%signature/%resizing_type/%width/%height/%gravity/%enlarge/%encoded_url.%extension
2017-06-26 00:20:48 +02:00
```
2017-07-05 09:16:11 +02:00
#### Resizing types
2017-06-20 15:57:12 +02:00
2017-07-05 09:16:11 +02:00
imgproxy supports the following resizing types:
2017-06-20 15:57:12 +02:00
2017-07-05 09:16:11 +02:00
* `fit` — resizes the image while keeping aspect ratio to fit given size;
* `fill` — resizes the image while keeping aspect ratio to fill given size and cropping projecting parts;
2017-09-29 11:48:46 +02:00
* `crop` — crops the image to a given size.
2017-06-20 15:57:12 +02:00
2017-07-04 14:17:20 +02:00
#### Width and height
2017-06-20 15:57:12 +02:00
2017-07-05 09:16:11 +02:00
Width and height parameters define the size of the resulting image. Depending on the resizing type applied, the dimensions may differ from the requested ones.
2017-06-20 15:57:12 +02:00
2017-07-04 14:17:20 +02:00
#### Gravity
2017-06-20 15:57:12 +02:00
2017-07-05 09:16:11 +02:00
When imgproxy needs to cut some parts of the image, it is guided by the gravity. The following values are supported:
2017-06-20 15:57:12 +02:00
2017-07-05 09:16:11 +02:00
* `no` — north (top edge);
* `so` — south (bottom edge);
* `ea` — east (right edge);
* `we` — west (left edge);
* `ce` — center;
2017-09-29 11:48:46 +02:00
* `sm` — smart. `libvips` detects the most "interesting" section of the image and considers it as the center of the resulting image.
2017-06-20 15:57:12 +02:00
2017-07-04 14:17:20 +02:00
#### Enlarge
2017-06-20 15:57:12 +02:00
2017-07-05 09:16:11 +02:00
If set to `0` , imgproxy will not enlarge the image if it is smaller than the given size. With any other value, imgproxy will enlarge the image.
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
#### Encoded URL
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
The source URL should be encoded with URL-safe Base64. The encoded URL can be split with `/` for your needs.
2017-07-04 14:17:20 +02:00
#### Extension
2017-07-05 23:01:35 +02:00
Extension specifies the format of the resulting image. At the moment, imgproxy supports only `jpg` , `png` and `webp` , them being the most popular and useful web image formats.
2017-07-04 14:17:20 +02:00
#### Signature
2017-07-05 09:16:11 +02:00
Signature is a URL-safe Base64-encoded HMAC digest of the rest of the path including the leading `/` . Here's how it is calculated:
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
* Take the path after the signature — `/%resizing_type/%width/%height/%gravity/%enlarge/%encoded_url.%extension` ;
2017-07-04 14:17:20 +02:00
* Add salt to the beginning;
2017-07-05 09:16:11 +02:00
* Calculate the HMAC digest using SHA256;
2017-10-07 12:45:49 +02:00
* Encode the result with URL-safe Base64.
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
You can find helpful code snippets in the `examples` folder.
2017-07-04 14:17:20 +02:00
2017-07-05 09:16:11 +02:00
## Source image formats support
2017-07-04 14:17:20 +02:00
2017-07-07 10:27:47 +02:00
imgproxy supports only the most popular image formats of the moment: PNG, JPEG, GIF and WebP.
2017-07-04 14:17:20 +02:00
## Author
Sergey "DarthSim" Aleksandrovich
2017-09-27 21:25:51 +02:00
Many thanks to @romashamin for the awesome logo.
2017-07-04 14:17:20 +02:00
## License
2017-07-05 09:16:11 +02:00
imgproxy is licensed under the MIT license.
2017-07-04 14:17:20 +02:00
See LICENSE for the full license text.