Serving files from Azure Blob Storage
imgproxy can process images from Azure Blob Storage containers. To use this feature, do the following:
- Set
IMGPROXY_USE_ABSenvironment variable totrue - Set
IMGPROXY_ABS_NAMEto your Azure account name - Set up the necessary credentials
- (optional) Specify the Azure Blob Storage endpoint with
IMGPROXY_ABS_ENDPOINT - Use
abs://%bucket_name/%file_keyas the source image URL
Set up credentials​
Leverage Azure Managed Identity or Service Principal​
Microsoft encourages the use of a Managed Identity or Service Principal when accessing resources on an Azure Storage Account. Both of these authentication pathways are supported out of the box.
Managed Identity​
There is no additional configuration required so long as the resource that imgproxy is running on has a Managed Identity assigned to it.
Service Principal​
Please, refer to the following documentation on the creation of a service principal before proceeding.
Once that step is completed, the following environment variables must be configured depending on which option was chosen.
For secret authentication:
AZURE_CLIENT_ID: the client ID for your application registrationAZURE_TENANT_ID: the tenant ID for your application registrationAZURE_CLIENT_SECRET: the client secret for your application registration
For certificate authentication:
AZURE_CLIENT_ID: the client ID for your application registrationAZURE_TENANT_ID: the tenant ID for your application registrationAZURE_CLIENT_CERTIFICATE_PATH: the path to a PFX or PEM-encoded certificate including private keyAZURE_CLIENT_CERTIFICATE_PASSWORD: (optional) the password protecting the certificate file (PFX (PKCS12))AZURE_CLIENT_CERTIFICATE_CHAIN: (optional) send certificate chain in x5c header to support subject name / issuer-based authentication
Using Storage Account Key​
Alternatively, you can set IMGPROXY_ABS_KEY to your Azure Blob Storage account key. See the Manage storage account access keys guide for more info.