1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2024-11-24 08:12:38 +02:00
Fast and secure standalone server for resizing and converting remote images
Go to file
2022-11-22 20:32:59 +06:00
.github Update golangci-lit version and increase timeout in GH Actions 2022-10-28 21:03:56 +06:00
.lefthook Versioned docs 2022-07-04 15:59:34 +06:00
bufpool Delayed download buffer grow 2022-08-01 19:48:23 +06:00
bufreader Bump version 2021-09-30 20:23:30 +06:00
config Fixed TraceIdRatioBased sampler; IMGPROXY_OPEN_TELEMETRY_TRACE_ID_GENERATOR config 2022-11-15 21:37:55 +06:00
cookies Polish cookies passthrough 2021-11-11 15:30:32 +06:00
ctxreader Wrap custom transport bodies with a context reader 2022-10-22 17:55:06 +06:00
docker Update Docker base image 2022-11-17 20:08:29 +06:00
docs Update readme; Update logo in docs 2022-11-22 20:32:59 +06:00
errorreport Bump version 2021-09-30 20:23:30 +06:00
etag Get rid of io/ioutil usage 2022-10-28 21:15:13 +06:00
examples Cleanup examples 2022-09-03 00:58:54 +06:00
gliblog GLib logger is too verbose 2022-08-01 20:26:34 +06:00
heroku Add build arg to Heroku Dockerfile 2019-06-18 20:49:26 +06:00
httprange Add ranged requests suport to transports 2022-09-07 18:03:12 +06:00
ierrors Better downloading error reporting cause 2021-11-01 18:29:26 +06:00
imagedata Get rid of io/ioutil usage 2022-10-28 21:15:13 +06:00
imagemeta Get rid of io/ioutil usage 2022-10-28 21:15:13 +06:00
imagetype Better Content-Disposition formatting for imagetype 2022-10-03 15:59:33 +06:00
imath Crop between scale-on-load and scale 2022-01-17 18:39:59 +06:00
k6 Update k6 script 2022-10-05 12:25:16 +06:00
logger feat(logger): implement structured log formatter gcp compliant (#1028) 2022-11-05 18:20:57 +06:00
memory Combine new & old build contraints format 2021-11-15 16:42:36 +06:00
metrics Fixed TraceIdRatioBased sampler; IMGPROXY_OPEN_TELEMETRY_TRACE_ID_GENERATOR config 2022-11-15 21:37:55 +06:00
options raw processing option 2022-09-07 18:03:12 +06:00
processing Remove unneeded attributes when stripping XMP 2022-11-08 20:34:04 +06:00
reuseport Combine new & old build contraints format 2021-11-15 16:42:36 +06:00
router Better error metrics 2022-07-20 16:09:07 +06:00
security Use require instead of assert in tests 2022-07-18 19:48:50 +06:00
semaphore Proper semaphore 2022-07-20 18:06:26 +06:00
structdiff format_quality processing option 2021-09-29 19:49:18 +06:00
svg Fix possible infinite loop during SVG sanitization 2022-10-28 21:00:51 +06:00
testdata Support arithmetic encoded jpeg files (#909) 2022-07-12 18:53:03 +06:00
transport Wrap custom transport bodies with a context reader 2022-10-22 17:55:06 +06:00
version Bump version 2022-11-17 20:17:10 +06:00
vips Use adaptive filter for full-color PNGs 2022-11-22 18:50:33 +06:00
.dockerignore Use native Go in Docker build 2022-02-11 18:30:46 +06:00
.gitignore Update k6 script 2022-09-15 22:12:16 +06:00
.golangci.yml Global refactoring 2021-05-07 17:10:21 +06:00
app.json Fix logo in app.json 2019-06-18 20:52:05 +06:00
BENCHMARK.md Update BENCHMARK.md (#505) 2020-11-20 10:43:59 +06:00
build-docs-sitemap.sh Add robots.txt and sitemap.txt 2022-02-16 20:54:37 +06:00
cgo_symbolizer.go Combine new & old build contraints format 2021-11-15 16:42:36 +06:00
CHANGELOG.md Bump version 2022-11-17 20:17:10 +06:00
cloudbuild.yaml Configure cloudbuild logging 2022-02-15 18:23:24 +06:00
fix_path.go Try to fix path if signature is invalid 2022-09-15 22:12:16 +06:00
go.mod Update deps 2022-11-17 20:15:59 +06:00
go.sum Update deps 2022-11-17 20:15:59 +06:00
healthcheck.go Get rid of io/ioutil usage 2022-10-28 21:15:13 +06:00
heroku.yml Add build arg to Heroku Dockerfile 2019-06-18 20:49:26 +06:00
landing.go Fix typo in response header name (#693) 2021-09-06 15:47:10 +06:00
lefthook.yml Versioned docs 2022-07-04 15:59:34 +06:00
LICENSE Initial commit 2017-06-20 17:00:17 +03:00
logo-dark.svg Update readme; Update logo in docs 2022-11-22 20:32:59 +06:00
logo-light.svg Update readme; Update logo in docs 2022-11-22 20:32:59 +06:00
logo.svg Optimize logo 2019-08-20 16:49:26 +06:00
main.go Set GLib log handler 2022-07-29 15:16:30 +06:00
netlify.toml Add robots.txt and sitemap.txt 2022-02-16 20:54:37 +06:00
NOTICE Add CGIF to NOTICE 2021-11-23 13:13:51 +06:00
pprof.go Combine new & old build contraints format 2021-11-15 16:42:36 +06:00
processing_handler_test.go Get rid of io/ioutil usage 2022-10-28 21:15:13 +06:00
processing_handler.go Fix feDropShadow SVG filter when IMGPROXY_SVG_FIX_UNSUPPORTED is true 2022-10-15 20:22:54 +06:00
README.md Update readme; Update logo in docs 2022-11-22 20:32:59 +06:00
server.go raw processing option 2022-09-07 18:03:12 +06:00
stream.go Better Content-Disposition crafting for streaming 2022-10-03 16:01:17 +06:00

imgproxy logo

Website | Blog | Documentation | imgproxy Pro | Docker | Chat

GH Test GH Lint Docker Pulls


imgproxy is a fast and secure standalone server for resizing and converting remote images. The guiding principles behind imgproxy are security, speed, and simplicity.

imgproxy is able to quickly and easily resize images on the fly, and it's well-equipped to handle a large amount of image resizing. imgproxy is a fast, secure replacement for all the image resizing code inside your web application (such as resizing libraries, or code that calls ImageMagick or GraphicsMagic). It's also an indispensable tool for processing images from a remote source. With imgproxy, you don’t need to repeatedly prepare images to fit your design every time it changes.

To get an even better introduction, and to dive deeper into the nitty gritty details, check out this article: imgproxy: Resize your images instantly and securely

Sponsored by Evil Martians

Simplicity

"No code is better than no code."

imgproxy only includes the must-have features for image processing, fine-tuning and security. Specifically,

  • It would be great to be able to rotate, flip and apply masks to images, but in most of the cases, it is possible — and is much easier — to do that using CSS3.
  • It may be great to have built-in HTTP caching of some kind, but it is way better to use a Content-Delivery Network or a caching proxy server for this, as you will have to do this sooner or later in the production environment.
  • It might be useful to have everything built in — such as HTTPS support — but an easy way to solve that would be just to use a proxying HTTP server such as nginx.

Speed

imgproxy takes advantage of probably the most efficient image processing library out there – libvips. It’s scary fast and comes with a very low memory footprint. Thanks to libvips, we can readily and extemporaneously process a massive amount of images.

imgproxy uses Go’s raw (no wrappers) native net/http package to omit any overhead while processing requests and provides the best possible HTTP support.

You can take a look at some benchmarking results and compare imgproxy with some well-known alternatives in our benchmark report.

Security

In terms of security, the massive processing of remote images is a potentially dangerous endeavor. There are a number of possible attack vectors, so it’s a good idea to take an approach that considers attack prevention measures as a priority. Here’s how imgproxy does this:

  • imgproxy checks the image type and its “real” dimensions when downloading. The image will not be fully downloaded if it has an unknown format or if the dimensions are too big (you can set the max allowed dimensions). This is how imgproxy protects from so called "image bombs”, like those described in this doc.

  • imgproxy protects image URLs with a signature, so an attacker cannot enact a denial-of-service attack by requesting multiple image resizes.

  • imgproxy supports authorization by HTTP header. This prevents imgproxy from being used directly by an attacker, but allows it to be used via a CDN or a caching server — simply by adding a header to a proxy or CDN config.

Usage

Check out our 📑 Documentation.

Author

Sergey "DarthSim" Alexandrovich

Special thanks

Many thanks to:

License

imgproxy is licensed under the MIT license.

See LICENSE for the full license text.

Security Contact

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.