Skip to content

Instantly share code, notes, and snippets.

@noogen

noogen/server.conf

Last active April 25, 2019 21:32
Show Gist options
  • Save noogen/57bf47e4cd227f584b6ed8c4c9eb3eb6 to your computer and use it in GitHub Desktop.
Save noogen/57bf47e4cd227f584b6ed8c4c9eb3eb6 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. noogen revised this gist Apr 25, 2019. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions server.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -246,7 +246,7 @@ server {

    #image_filter_water_image /app/logo.png;
    #image_filter_water_pos center;
    # image_filter_ratio_max 3;
    image_filter_scale_max 3;

    image_filter_sharpen $sharpen;
    image_filter_jpeg_quality $quality;
    @@ -271,16 +271,15 @@ server {

    image_filter_water_image /app/logo.png;
    #image_filter_water_pos center;
    image_filter_ratio_max 3;
    image_filter_scale_max 3;

    image_filter_sharpen $sharpen;
    image_filter_jpeg_quality $quality;
    image_filter_webp_quality $quality;
    image_filter_output $ofmt;
    image_filter rotate $rotate;

    # image_filter scale $width $height;
    image_filter scale $width $height;
    image_filter resize $width $height;
    }

    location /cmd/crop {
    @@ -296,6 +295,7 @@ server {

    #image_filter_water_image /app/logo.png;
    #image_filter_water_pos center;
    image_filter_scale_max 3;

    image_filter_sharpen $sharpen;
    image_filter_jpeg_quality $quality;
  2. noogen created this gist Apr 24, 2019.
    351 changes: 351 additions & 0 deletions server.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,351 @@
    proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=remoteimages:10m max_size=1g inactive=45m;

    server {
    listen 80;
    listen [::]:80 ipv6only=on;

    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    ssl_certificate /etc/nginx/ssl/placeholder-fullchain.crt;
    ssl_certificate_key /etc/nginx/ssl/placeholder-privkey.key;

    set $width -;
    set $height -;
    set $rotate 0;
    set $quality 96; # default to best quality in case image previously optimized
    set $sharpen 0;
    set $debugkey "empty";
    set $myhost "";
    set $ofmt "";
    set $debugcode "";

    # image_filter_crop_offset {left,center,right} {top,center,bottom};
    set $crop_offx left;
    set $crop_offy top;

    server_name _;
    root /usr/share/nginx/html;
    index index.html index.htm;

    # error should simply return as error so user can use image onerror handler
    # error_page 403 = @403;
    # error_page 404 = @404;
    # error_page 415 = @415;
    # error_page 500 = @500;
    # error_page 502 503 504 = @empty;
    error_page 301 302 307 = @handle_redirect;

    # begin image_filter stuff
    resolver 8.8.8.8 8.8.4.4;
    image_filter_buffer 20M;
    image_filter_interlace on;

    # needed to allow uri protocol slashes from being merged
    merge_slashes off;


    # proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header User-Agent "$http_user_agent";

    proxy_connect_timeout 30s;
    proxy_send_timeout 30s;
    proxy_read_timeout 30s;
    proxy_temp_path /var/cache/nginx/temp;


    # prevent client headers from going to origin
    proxy_pass_request_headers off;

    proxy_ignore_headers Vary Expires Set-Cookie Cache-Control;
    proxy_pass_header P3P;
    proxy_cache_min_uses 2;
    proxy_cache remoteimages;
    proxy_ssl_server_name on;
    proxy_intercept_errors on;
    proxy_cache_use_stale updating error timeout http_500 http_502 http_503 http_504;
    proxy_cache_background_update on;

    # valid for "any" http status within 10 minutes
    proxy_cache_valid any 10m;
    proxy_cache_valid 301 302 307 0s;
    proxy_cache_key $request_uri;

    # only allow GET method
    proxy_method GET;

    location /healthcheck {
    default_type text/plain;
    return 200 "OK";
    }

    location ~* ^/rx/([^\/]+)/(.*) {
    set $myargs "$1";
    set $protocol "http";
    set $image_uri "$2";
    set $cmd "resize";
    set $image_path "";
    set $clean_uri "";


    # if no protocol in URL, add them
    if ($image_uri !~ "(http:|https:)") {
    set $image_uri "http://$image_uri";
    }

    # now process the real image url
    if ($image_uri ~ "^(http|https)+([:\/]+)([^/]*)(.*)") {
    set $protocol $1;
    set $myhost $3;
    set $image_path $4;
    set $image_uri "$protocol://$myhost$image_path";
    }



    # change this to whitelist your host
    # if ($myhost !~ ".*(host1.com|host2.org|host3.edu|host4.net|host5.info)$") {
    # set $image_uri "";
    # set $debugkey "$myhost=denied";
    # return 403;
    # break;
    # }




    # width
    if ($myargs ~ "^(\d+)\D*") {
    set $width $1;
    }

    if ($myargs ~ "w([_]*)(\d+)") {
    set $width $2;
    }

    if ($arg_w) {
    set $width $arg_w;
    }

    # height
    if ($myargs ~ "x(\d+)") {
    set $height $1;
    }

    if ($myargs ~ "h([_]*)(\d+)") {
    set $height $2;
    }

    if ($arg_h) {
    set $height $arg_h;
    }

    # quality
    if ($myargs ~ "q([_]*)(\d+)") {
    set $quality $2;
    }

    if ($arg_q) {
    set $quality $arg_q;
    }

    # rotate
    if ($myargs ~ "r([_]*)(\d+)") {
    set $rotate $2;
    }

    if ($arg_r) {
    set $rotate $arg_r;
    }

    # gravity
    if ($myargs ~ "Center") {
    set $crop_offx center;
    set $crop_offy center;
    }

    if ($arg_g ~ "Center") {
    set $crop_offx center;
    set $crop_offy center;
    }

    if ($myargs ~ "South") {
    set $crop_offy bottom;
    }

    if ($arg_g ~ "South") {
    set $crop_offy bottom;
    }

    if ($myargs ~ "East") {
    set $crop_offx right;
    }

    if ($arg_g ~ "East") {
    set $crop_offx right;
    }

    # sharpen
    if ($myargs ~ "e([_]*)(\d+)") {
    set $sharpen $2;
    }

    if ($arg_e) {
    set $sharpen $arg_e;
    }

    # output format
    if ($myargs ~ "ofmt([_]*)(\w+)") {
    set $ofmt $2;
    }

    if ($arg_ofmt) {
    set $ofmt $arg_ofmt;
    }

    # crop
    if ($myargs ~ "c([_]*)1") {
    set $cmd "crop";
    }

    if ($arg_c = "1") {
    set $cmd "crop";
    }

    if ($myargs ~ "g_+") {
    set $cmd "crop";
    }

    if ($arg_g) {
    set $cmd "crop";
    }

    # watermark
    if ($myargs ~ "water([_]*)1") {
    set $cmd "water";
    }

    set $debugkey "$image_uri?w=$width&h=$height&q=$quality&r=$rotate&e=$sharpen&cmd=$cmd&ofmt=$ofmt";

    set_unescape_uri $clean_uri "$image_uri$is_args$args";
    rewrite ^ /cmd/$cmd last;
    }

    location /cmd/resize {
    internal;

    proxy_pass $clean_uri;
    include /etc/nginx/sites-enabled/proxy-hide-headers.common;

    add_header X-ImageProxy-Cache $upstream_cache_status;
    add_header X-ImageProxy-Debug $debugkey;
    expires 24h;
    add_header Cache-Control "public";

    #image_filter_water_image /app/logo.png;
    #image_filter_water_pos center;
    # image_filter_ratio_max 3;

    image_filter_sharpen $sharpen;
    image_filter_jpeg_quality $quality;
    image_filter_webp_quality $quality;
    image_filter_output $ofmt;
    image_filter rotate $rotate;

    # image_filter resize $width $height;
    image_filter resize $width $height;
    }

    location /cmd/water {
    internal;

    proxy_pass $clean_uri;
    include /etc/nginx/sites-enabled/proxy-hide-headers.common;

    add_header X-ImageProxy-Cache $upstream_cache_status;
    add_header X-ImageProxy-Debug $debugkey;
    expires 24h;
    add_header Cache-Control "public";

    image_filter_water_image /app/logo.png;
    #image_filter_water_pos center;
    image_filter_ratio_max 3;

    image_filter_sharpen $sharpen;
    image_filter_jpeg_quality $quality;
    image_filter_webp_quality $quality;
    image_filter_output $ofmt;
    image_filter rotate $rotate;

    # image_filter scale $width $height;
    image_filter scale $width $height;
    }

    location /cmd/crop {
    internal;

    proxy_pass $clean_uri;
    include /etc/nginx/sites-enabled/proxy-hide-headers.common;

    add_header X-ImageProxy-Cache $upstream_cache_status;
    add_header X-ImageProxy-Debug $debugkey;
    expires 24h;
    add_header Cache-Control "public";

    #image_filter_water_image /app/logo.png;
    #image_filter_water_pos center;

    image_filter_sharpen $sharpen;
    image_filter_jpeg_quality $quality;
    image_filter_webp_quality $quality;
    image_filter_output $ofmt;
    image_filter rotate $rotate;

    image_filter_crop_offset $crop_offx $crop_offy;
    image_filter crop $width $height;
    }

    location @handle_redirect {
    set $image_uri "$upstream_http_location";

    # if relative url, append base path
    if ($image_uri !~ "(http:|https:)") {
    set $image_uri "$protocol://$myhost$image_uri";
    }

    set_unescape_uri $clean_uri "http://127.0.0.1/rx/$myargs/$image_uri";
    proxy_cache_bypass 1;
    proxy_pass $clean_uri;
    }

    location @403 {
    add_header X-ImageProxy-Code 403 always;
    add_header X-ImageProxy-Debug $debugkey always;
    empty_gif;
    }

    location @404 {
    add_header X-ImageProxy-Code 404 always;
    add_header X-ImageProxy-Debug $debugkey always;
    empty_gif;
    }

    location @415 {
    add_header X-ImageProxy-Code 415 always;
    add_header X-ImageProxy-Debug $debugkey always;
    empty_gif;
    }

    location @500 {
    add_header X-ImageProxy-Code 500 always;
    add_header X-ImageProxy-Debug $debugkey always;
    empty_gif;
    }

    location @empty {
    add_header X-ImageProxy-Debug $debugkey always;
    empty_gif;
    }
    }