Serving files from OpenStack Object Storage ("Swift")
imgproxy can process images from OpenStack Object Storage, also known as Swift. To use this feature, do the following:
-
Set the
IMGPROXY_USE_SWIFTenvironment variable totrue -
Configure Swift authentication with the following environment variables
IMGPROXY_SWIFT_USERNAME: the username for Swift API access. Default: blankIMGPROXY_SWIFT_API_KEY: the API key for Swift API access. Default: blankIMGPROXY_SWIFT_AUTH_URL: the Swift Auth URL. Default: blankIMGPROXY_SWIFT_AUTH_VERSION: the Swift auth version, set to 1, 2 or 3 or leave at 0 for autodetect.IMGPROXY_SWIFT_TENANT: the tenant name (optional, v2 auth only). Default: blankIMGPROXY_SWIFT_DOMAIN: the Swift domain name (optional, v3 auth only): Default: blank
-
Use
swift://%{container}/%{object_path}as the source image URL, e.g. an original object storage URL in the format of/v1/{account}/{container}/{object_path}, such ashttp://127.0.0.1:8080/v1/AUTH_test/images/flowers/rose.jpg, should be converted toswift://images/flowers/rose.jpg.
If filenames in your OpenStack Object Storage may contain ?, you may want to set IMGPROXY_SOURCE_URL_QUERY_SEPARATOR to another string that is not used in filenames or set it to blank to disable query string extraction.
Restricting container access​
Restrict which Swift containers imgproxy can access for security:
IMGPROXY_SWIFT_ALLOWED_BUCKETS: a comma-separated list of container names that imgproxy is allowed to access. When set, imgproxy will only process images from these containers. Default: blank (all containers allowed)IMGPROXY_SWIFT_DENIED_BUCKETS: a comma-separated list of container names that imgproxy is not allowed to access. When set, imgproxy will reject requests for images from these containers. Default: blank
Use IMGPROXY_SWIFT_ALLOWED_BUCKETS to allow trusted containers. Use IMGPROXY_SWIFT_DENIED_BUCKETS to block specific ones. If both are set, allowed containers override denied ones.