Serving files from Azure Blob Storage
imgproxy can process images from Azure Blob Storage containers. To use this feature, do the following:
- Set
IMGPROXY_USE_ABSenvironment variable totrue - Set
IMGPROXY_ABS_NAMEto your Azure account name - Set up the necessary credentials
- (optional) Specify the Azure Blob Storage endpoint with
IMGPROXY_ABS_ENDPOINT - Use
abs://%bucket_name/%file_keyas the source image URL
Set up credentials
Leverage Azure Managed Identity or Service Principal
Microsoft encourages the use of a Managed Identity or Service Principal when accessing resources on an Azure Storage Account. Both of these authentication pathways are supported out of the box.
Managed Identity
There is no additional configuration required so long as the resource that imgproxy is running on has a Managed Identity assigned to it.
Service Principal
Please, refer to the following documentation on the creation of a service principal before proceeding.
Once that step is completed, the following environment variables must be configured depending on which option was chosen.
For secret authentication:
AZURE_CLIENT_ID: the client ID for your application registrationAZURE_TENANT_ID: the tenant ID for your application registrationAZURE_CLIENT_SECRET: the client secret for your application registration
For certificate authentication:
AZURE_CLIENT_ID: the client ID for your application registrationAZURE_TENANT_ID: the tenant ID for your application registrationAZURE_CLIENT_CERTIFICATE_PATH: the path to a PFX or PEM-encoded certificate including private keyAZURE_CLIENT_CERTIFICATE_PASSWORD: (optional) the password protecting the certificate file (PFX (PKCS12))AZURE_CLIENT_CERTIFICATE_CHAIN: (optional) send certificate chain in x5c header to support subject name / issuer-based authentication
Using Storage Account Key
Alternatively, you can set IMGPROXY_ABS_KEY to your Azure Blob Storage account key. See the Manage storage account access keys guide for more info.