Serving files from OpenStack Object Storage ("Swift")
imgproxy can process images from OpenStack Object Storage, also known as Swift. To use this feature, do the following:
-
Set the
IMGPROXY_USE_SWIFTenvironment variable totrue -
Configure Swift authentication with the following environment variables
IMGPROXY_SWIFT_USERNAME: the username for Swift API access. Default: blankIMGPROXY_SWIFT_API_KEY: the API key for Swift API access. Default: blankIMGPROXY_SWIFT_AUTH_URL: the Swift Auth URL. Default: blankIMGPROXY_SWIFT_AUTH_VERSION: the Swift auth version, set to 1, 2 or 3 or leave at 0 for autodetect.IMGPROXY_SWIFT_TENANT: the tenant name (optional, v2 auth only). Default: blankIMGPROXY_SWIFT_DOMAIN: the Swift domain name (optional, v3 auth only): Default: blank
-
Use
swift://%{container}/%{object_path}as the source image URL, e.g. an original object storage URL in the format of/v1/{account}/{container}/{object_path}, such ashttp://127.0.0.1:8080/v1/AUTH_test/images/flowers/rose.jpg, should be converted toswift://images/flowers/rose.jpg.
If filenames in your OpenStack Object Storage may contain ?, you may want to set IMGPROXY_SOURCE_URL_QUERY_SEPARATOR to another string that is not used in filenames or set it to blank to disable query string extraction.
Restricting container access
Restrict which Swift containers imgproxy can access for security:
IMGPROXY_SWIFT_ALLOWED_BUCKETS: a comma-separated list of container names that imgproxy is allowed to access. When set, imgproxy will only process images from these containers. Default: blank (all containers allowed)IMGPROXY_SWIFT_DENIED_BUCKETS: a comma-separated list of container names that imgproxy is not allowed to access. When set, imgproxy will reject requests for images from these containers. Default: blank
Use IMGPROXY_SWIFT_ALLOWED_BUCKETS to allow trusted containers. Use IMGPROXY_SWIFT_DENIED_BUCKETS to block specific ones. If both are set, allowed containers override denied ones.