noogen · September 7, 2018 13:02 · andreapernici · Sep 7, 2018
diff --git a/image-proxy-test.conf b/image-proxy-test.conf
 proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=cdn_diskcached:10m max_size=5g inactive=45m;

 server {
    listen 81;
    listen [::]:81 ipv6only=on;

    resolver                         8.8.8.8 8.8.4.4;

    merge_slashes                    off;

    proxy_connect_timeout            30s;
    proxy_send_timeout               30s;
    proxy_read_timeout               30s;
    proxy_temp_path                  /var/cache/nginx/temp;

    proxy_ignore_headers             Vary Expires Set-Cookie Cache-Control;
    proxy_pass_header                P3P;
    proxy_pass_header                X-Real-IP;
    proxy_pass_header                X-Forwarded-For;
    proxy_set_header                 "User-Agent" "Mozilla/5.0";
    proxy_cache_min_uses             2;
    proxy_cache                      cdn_diskcached;
    proxy_ssl_server_name            on;
    proxy_intercept_errors           on;

    proxy_cache_valid                200 201 10m;
    proxy_cache_valid                403 404 500 501 502 503 5s;
    proxy_cache_key                  acme.mycachedefault$request_uri;

    location ~ /(.+) {
        set                          $image_uri "$1";          
        set_unescape_uri             $clean_uri $image_uri;
        proxy_pass                   $clean_uri;
        error_page                   301 302 307 = @handle_redirect;
    }

    location @handle_redirect {
        set                          $image_uri "$upstream_http_location";
        set_unescape_uri             $clean_uri $image_uri;
        proxy_pass                   $clean_uri;
    }
 }

 server {
    listen 80;
    listen [::]:80 ipv6only=on;

    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    ssl_certificate                  /etc/nginx/ssl/placeholder-fullchain.crt;
    ssl_certificate_key              /etc/nginx/ssl/placeholder-privkey.key;

    set $width -;
    set $height -;
    set $rotate 0;
    set $quality 96; # default to best quality in case image previously optimized
    set $sharpen 0;
    set $debugkey "empty";
    set $myhost "";
    set $ofmt "";
    set $debugcode "";

 # image_filter_crop_offset {left,center,right} {top,center,bottom};
    set $crop_offx left;
    set $crop_offy top;

    server_name                      _;
    root                             /usr/share/nginx/html;
    index                            index.html index.htm;
    error_page                       403 = @403;
    error_page                       404 = @404;
    error_page                       415 = @415;
    error_page                       500 = @500;
    error_page                       502 503 504 = @empty;

 # begin image_filter stuff
    resolver                         8.8.8.8 8.8.4.4;
    image_filter_buffer              20M;
    image_filter_interlace           on;
    proxy_redirect                   off;

 # needed to allow uri protocol slashes from being merged
    merge_slashes                    off;


    proxy_set_header                 X-Real-IP       $remote_addr;
    proxy_set_header                 X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_connect_timeout            30s;
    proxy_send_timeout               30s;
    proxy_read_timeout               30s;
    proxy_temp_path                  /var/cache/nginx/temp;


 # prevent client headers from going to origin
    proxy_pass_request_headers       off;

    proxy_ignore_headers             Vary Expires Set-Cookie Cache-Control;
    proxy_pass_header                P3P;
    proxy_ssl_server_name            on;
    proxy_intercept_errors           on;

 # only allow GET method
    proxy_method                     GET;

 # don't need to cache since cdn already handles it
    proxy_cache_bypass               1;
    proxy_no_cache                   1;

    location /healthcheck {
        default_type                 text/plain;
        return 200 "OK";
    }

    location ~* ^/rx/([^\/]+)/(.*) {
        set $myargs                  "$1";
        set $protocol                "http";
        set $image_uri               "$2";
        set $cmd                     "resize";
        set $image_path              "";
        set $clean_uri               "";


 # if no protocol in URL, add them
        if ($image_uri !~ "(http:|https:)") {
            set $image_uri "http://$image_uri";
        }

 # now process the real image url
        if ($image_uri ~ "^(http|https)+([:\/]+)([^/]*)(.*)") {
            set $protocol $1;
            set $myhost $3;
            set $image_path $4;
            set $image_uri "$protocol://$myhost$image_path";
        }



 # change this to whitelist your host       
 #        if ($myhost !~ ".*(host1.com|host2.org|host3.edu|host4.net|host5.info)$") {
 #            set $image_uri "";
 #            set $debugkey "$myhost=denied";
 #            rewrite ^ /403 last;
 #            break;
 #        }




 # width
        if ($myargs ~ "^(\d+)\D*") {
            set $width $1;
        }

        if ($myargs ~ "w([_]*)(\d+)") {
            set $width $2;
        }

        if ($arg_w) {
            set $width $arg_w;
        }

 # height
        if ($myargs ~ "x(\d+)") {
            set $height $1;
        }

        if ($myargs ~ "h([_]*)(\d+)") {
            set $height $2;
        }

        if ($arg_h) {
            set $height $arg_h;
        }

 # quality
        if ($myargs ~ "q([_]*)(\d+)") {
            set $quality $2;
        }

        if ($arg_q) {
            set $quality $arg_q;
        }

 # rotate
        if ($myargs ~ "r([_]*)(\d+)") {
            set $rotate $2;
        }

        if ($arg_r) {
            set $rotate $arg_r;
        }

 # gravity
        if ($myargs ~ "Center") {
            set $crop_offx center;
            set $crop_offy center;
        }

        if ($arg_g ~ "Center") {
            set $crop_offx center;
            set $crop_offy center;
        }

        if ($myargs ~ "South") {
            set $crop_offy bottom;
        }

        if ($arg_g ~ "South") {
            set $crop_offy bottom;
        }

        if ($myargs ~ "East") {
            set $crop_offx right;
        }

        if ($arg_g ~ "East") {
            set $crop_offx right;
        }

 # sharpen
        if ($myargs ~ "e([_]*)(\d+)") {
            set $sharpen $2;
        }

        if ($arg_e) {
            set $sharpen $arg_e;
        }

 # output format
        if ($myargs ~ "ofmt([_]*)(\w+)") {
            set $ofmt $2;
        }

        if ($arg_ofmt) {
            set $ofmt $arg_ofmt;
        }

 # crop
        if ($myargs ~ "c([_]*)1") {
            set $cmd "crop";
        }

        if ($arg_c = "1") {
            set $cmd "crop";
        }

        if ($myargs ~ "g_+") {
            set $cmd "crop";
        }

        if ($arg_g) {
            set $cmd "crop";
        }
        
        set $debugkey "$image_uri?w=$width&h=$height&q=$quality&r=$rotate&e=$sharpen&cmd=$cmd&ofmt=$ofmt";

        rewrite ^ /cmd/$cmd last;
    }

    location /cmd/resize {
        internal;

        set_unescape_uri            $clean_uri "http://127.0.0.1:81/$image_uri$is_args$args";
        proxy_pass                  $clean_uri;
        include                     /etc/nginx/sites-enabled/proxy-hide-headers.common;

        add_header                  X-ImageProxy-Cache $upstream_cache_status;
        add_header                  X-ImageProxy-Debug $debugkey;
        expires                     24h;
        add_header                  Cache-Control "public";
        
        image_filter_sharpen        $sharpen;
        image_filter_jpeg_quality   $quality;
        image_filter_webp_quality   $quality;
        image_filter_output         $ofmt;
        image_filter                rotate $rotate;

        image_filter                resize $width $height;
    }

    location /cmd/crop {
        internal;

        set_unescape_uri            $clean_uri "http://127.0.0.1:81/$image_uri$is_args$args";
        proxy_pass                  $clean_uri;
        include                     /etc/nginx/sites-enabled/proxy-hide-headers.common;

        add_header                  X-ImageProxy-Debug $debugkey;
        expires                     24h;
        add_header                  Cache-Control "public";
        
        image_filter_sharpen        $sharpen;
        image_filter_jpeg_quality   $quality;
        image_filter_webp_quality   $quality;
        image_filter_output         $ofmt;
        image_filter                rotate $rotate;

        image_filter_crop_offset    $crop_offx $crop_offy;
        image_filter                crop $width $height;
    }
    
    location @403 {
        add_header                  X-ImageProxy-Code 403 always;
        add_header                  X-ImageProxy-Debug $debugkey always;
        empty_gif;
    }

    location @404 {
        add_header                  X-ImageProxy-Code 404 always;
        add_header                  X-ImageProxy-Debug $debugkey always;
        empty_gif;
    }

    location @415 {
        add_header                  X-ImageProxy-Code 415 always;
        add_header                  X-ImageProxy-Debug $debugkey always;
        empty_gif;
    }

    location @500 {
        add_header                  X-ImageProxy-Code 500 always;
        add_header                  X-ImageProxy-Debug $debugkey always;
        empty_gif;
    }

    location @empty {
        add_header                  X-ImageProxy-Debug $debugkey always;
        empty_gif;
    }
 }
	proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=cdn_diskcached:10m max_size=5g inactive=45m;

	server {
	listen 81;
	listen [::]:81 ipv6only=on;

	resolver 8.8.8.8 8.8.4.4;

	merge_slashes off;

	proxy_connect_timeout 30s;
	proxy_send_timeout 30s;
	proxy_read_timeout 30s;
	proxy_temp_path /var/cache/nginx/temp;

	proxy_ignore_headers Vary Expires Set-Cookie Cache-Control;
	proxy_pass_header P3P;
	proxy_pass_header X-Real-IP;
	proxy_pass_header X-Forwarded-For;
	proxy_set_header "User-Agent" "Mozilla/5.0";
	proxy_cache_min_uses 2;
	proxy_cache cdn_diskcached;
	proxy_ssl_server_name on;
	proxy_intercept_errors on;

	proxy_cache_valid 200 201 10m;
	proxy_cache_valid 403 404 500 501 502 503 5s;
	proxy_cache_key acme.mycachedefault$request_uri;

	location ~ /(.+) {
	set $image_uri "$1";
	set_unescape_uri $clean_uri $image_uri;
	proxy_pass $clean_uri;
	error_page 301 302 307 = @handle_redirect;
	}

	location @handle_redirect {
	set $image_uri "$upstream_http_location";
	set_unescape_uri $clean_uri $image_uri;
	proxy_pass $clean_uri;
	}
	}

	server {
	listen 80;
	listen [::]:80 ipv6only=on;

	listen 443 ssl;
	listen [::]:443 ipv6only=on ssl;

	ssl_certificate /etc/nginx/ssl/placeholder-fullchain.crt;
	ssl_certificate_key /etc/nginx/ssl/placeholder-privkey.key;

	set $width -;
	set $height -;
	set $rotate 0;
	set $quality 96; # default to best quality in case image previously optimized
	set $sharpen 0;
	set $debugkey "empty";
	set $myhost "";
	set $ofmt "";
	set $debugcode "";

	# image_filter_crop_offset {left,center,right} {top,center,bottom};
	set $crop_offx left;
	set $crop_offy top;

	server_name _;
	root /usr/share/nginx/html;
	index index.html index.htm;
	error_page 403 = @403;
	error_page 404 = @404;
	error_page 415 = @415;
	error_page 500 = @500;
	error_page 502 503 504 = @empty;

	# begin image_filter stuff
	resolver 8.8.8.8 8.8.4.4;
	image_filter_buffer 20M;
	image_filter_interlace on;
	proxy_redirect off;

	# needed to allow uri protocol slashes from being merged
	merge_slashes off;


	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_connect_timeout 30s;
	proxy_send_timeout 30s;
	proxy_read_timeout 30s;
	proxy_temp_path /var/cache/nginx/temp;


	# prevent client headers from going to origin
	proxy_pass_request_headers off;

	proxy_ignore_headers Vary Expires Set-Cookie Cache-Control;
	proxy_pass_header P3P;
	proxy_ssl_server_name on;
	proxy_intercept_errors on;

	# only allow GET method
	proxy_method GET;

	# don't need to cache since cdn already handles it
	proxy_cache_bypass 1;
	proxy_no_cache 1;

	location /healthcheck {
	default_type text/plain;
	return 200 "OK";
	}

	location ~* ^/rx/([^\/]+)/(.*) {
	set $myargs "$1";
	set $protocol "http";
	set $image_uri "$2";
	set $cmd "resize";
	set $image_path "";
	set $clean_uri "";


	# if no protocol in URL, add them
	if ($image_uri !~ "(http:\|https:)") {
	set $image_uri "http://$image_uri";
	}

	# now process the real image url
	if ($image_uri ~ "^(http\|https)+([:\/]+)([^/])(.)") {
	set $protocol $1;
	set $myhost $3;
	set $image_path $4;
	set $image_uri "$protocol://$myhost$image_path";
	}



	# change this to whitelist your host
	# if ($myhost !~ ".*(host1.com\|host2.org\|host3.edu\|host4.net\|host5.info)$") {
	# set $image_uri "";
	# set $debugkey "$myhost=denied";
	# rewrite ^ /403 last;
	# break;
	# }




	# width
	if ($myargs ~ "^(\d+)\D*") {
	set $width $1;
	}

	if ($myargs ~ "w([_]*)(\d+)") {
	set $width $2;
	}

	if ($arg_w) {
	set $width $arg_w;
	}

	# height
	if ($myargs ~ "x(\d+)") {
	set $height $1;
	}

	if ($myargs ~ "h([_]*)(\d+)") {
	set $height $2;
	}

	if ($arg_h) {
	set $height $arg_h;
	}

	# quality
	if ($myargs ~ "q([_]*)(\d+)") {
	set $quality $2;
	}

	if ($arg_q) {
	set $quality $arg_q;
	}

	# rotate
	if ($myargs ~ "r([_]*)(\d+)") {
	set $rotate $2;
	}

	if ($arg_r) {
	set $rotate $arg_r;
	}

	# gravity
	if ($myargs ~ "Center") {
	set $crop_offx center;
	set $crop_offy center;
	}

	if ($arg_g ~ "Center") {
	set $crop_offx center;
	set $crop_offy center;
	}

	if ($myargs ~ "South") {
	set $crop_offy bottom;
	}

	if ($arg_g ~ "South") {
	set $crop_offy bottom;
	}

	if ($myargs ~ "East") {
	set $crop_offx right;
	}

	if ($arg_g ~ "East") {
	set $crop_offx right;
	}

	# sharpen
	if ($myargs ~ "e([_]*)(\d+)") {
	set $sharpen $2;
	}

	if ($arg_e) {
	set $sharpen $arg_e;
	}

	# output format
	if ($myargs ~ "ofmt([_]*)(\w+)") {
	set $ofmt $2;
	}

	if ($arg_ofmt) {
	set $ofmt $arg_ofmt;
	}

	# crop
	if ($myargs ~ "c([_]*)1") {
	set $cmd "crop";
	}

	if ($arg_c = "1") {
	set $cmd "crop";
	}

	if ($myargs ~ "g_+") {
	set $cmd "crop";
	}

	if ($arg_g) {
	set $cmd "crop";
	}

	set $debugkey "$image_uri?w=$width&h=$height&q=$quality&r=$rotate&e=$sharpen&cmd=$cmd&ofmt=$ofmt";

	rewrite ^ /cmd/$cmd last;
	}

	location /cmd/resize {
	internal;

	set_unescape_uri $clean_uri "http://127.0.0.1:81/$image_uri$is_args$args";
	proxy_pass $clean_uri;
	include /etc/nginx/sites-enabled/proxy-hide-headers.common;

	add_header X-ImageProxy-Cache $upstream_cache_status;
	add_header X-ImageProxy-Debug $debugkey;
	expires 24h;
	add_header Cache-Control "public";

	image_filter_sharpen $sharpen;
	image_filter_jpeg_quality $quality;
	image_filter_webp_quality $quality;
	image_filter_output $ofmt;
	image_filter rotate $rotate;

	image_filter resize $width $height;
	}

	location /cmd/crop {
	internal;

	set_unescape_uri $clean_uri "http://127.0.0.1:81/$image_uri$is_args$args";
	proxy_pass $clean_uri;
	include /etc/nginx/sites-enabled/proxy-hide-headers.common;

	add_header X-ImageProxy-Debug $debugkey;
	expires 24h;
	add_header Cache-Control "public";

	image_filter_sharpen $sharpen;
	image_filter_jpeg_quality $quality;
	image_filter_webp_quality $quality;
	image_filter_output $ofmt;
	image_filter rotate $rotate;

	image_filter_crop_offset $crop_offx $crop_offy;
	image_filter crop $width $height;
	}

	location @403 {
	add_header X-ImageProxy-Code 403 always;
	add_header X-ImageProxy-Debug $debugkey always;
	empty_gif;
	}

	location @404 {
	add_header X-ImageProxy-Code 404 always;
	add_header X-ImageProxy-Debug $debugkey always;
	empty_gif;
	}

	location @415 {
	add_header X-ImageProxy-Code 415 always;
	add_header X-ImageProxy-Debug $debugkey always;
	empty_gif;
	}

	location @500 {
	add_header X-ImageProxy-Code 500 always;
	add_header X-ImageProxy-Debug $debugkey always;
	empty_gif;
	}

	location @empty {
	add_header X-ImageProxy-Debug $debugkey always;
	empty_gif;
	}
	}