1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2024-12-09 09:56:01 +02:00
imgproxy/docs/serving_files_from_azure_blob_storage.md
2022-12-15 20:46:07 +06:00

2.2 KiB

Serving files from Azure Blob Storage

imgproxy can process images from Azure Blob Storage containers. To use this feature, do the following:

  1. Set IMGPROXY_USE_ABS environment variable to true
  2. Set IMGPROXY_ABS_NAME to your Azure account name
  3. Set up the necessary credentials
  4. (optional) Specify the Azure Blob Storage endpoint with IMGPROXY_ABS_ENDPOINT
  5. Use abs://%bucket_name/%file_key as the source image URL

Set up credentials

Leverage Azure Managed Identity or Service Principal

Microsoft encourages the use of a Managed Identity or Service Principal when accessing resources on an Azure Storage Account. Both of these authentication pathways are supported out of the box.

Managed Identity

There is no additional configuration required so long as the resource that imgproxy is running on has a Managed Identity assigned to it.

Service Principal

Please, refer to the following documentation on the creation of a service principal before proceeding.

Once that step is completed, the following environment variables must be configured depending on which option was chosen.

For secret authentication:

  • AZURE_CLIENT_ID: the client ID for your application registration
  • AZURE_TENANT_ID: the tenant ID for your application registration
  • AZURE_CLIENT_SECRET: the client secret for your application registration

For certificate authentication:

  • AZURE_CLIENT_ID: the client ID for your application registration
  • AZURE_TENANT_ID: the tenant ID for your application registration
  • AZURE_CLIENT_CERTIFICATE_PATH: the path to a PFX or PEM-encoded certificate including private key
  • AZURE_CLIENT_CERTIFICATE_PASSWORD: (optional) the password protecting the certificate file (PFX (PKCS12))
  • AZURE_CLIENT_CERTIFICATE_CHAIN: (optional) send certificate chain in x5c header to support subject name / issuer-based authentication

Using Storage Account Key

Alternatively, you can set IMGPROXY_ABS_KEY to your Azure Blob Storage account key. See the Manage storage account access keys guide for more info.