imgproxy icon indicating copy to clipboard operation
imgproxy copied to clipboard
verified publisher icon imgproxy

Source image is unreachable

Open UserFengFeng opened this issue 3 years ago • 4 comments

I tried to access the MINIO image path through imgproxy, and this problem appeared

ubuntu18.04 minio port: 6090 imgproxy port: 8080 minio img url path : http://10.0.0.174:6090/test1/xxx.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=95QP6GGLJ54PHPGCFJWJ%2F20220425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220425T053524Z&X-Amz-Expires=604800&X-Amz-Security-Token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI5NVFQNkdHTEo1NFBIUEdDRkpXSiIsImV4cCI6MTY1MDg2NzU4NSwicGFyZW50IjoiYWRtaW4ifQ.J-zChUGFx4wF7RmEYoBhgVJ3vXPIx5FAltvnKPNEaMBx_-qIDhB64zr4d6HqrPaJs_2UCwXq8sXMPP5AaM-2XA&X-Amz-SignedHeaders=host&versionId=null&X-Amz-Signature=6e03e37e3ea86fdb0acb9aa52f27b0ee5a1c80da4bec75a72a80f48bdb38a74f

docker-compose.yml config file

version: '3.1' services:
minio:
image: minio/minio
restart: always
environment: MINIO_ACCESS_KEY: admin
MINIO_SECRET_KEY: admin123
MINIO_REGION: us-east-1
ports:
- "8081:6090"
volumes:
- "./minio/storage:/data"
command: server /data
imgproxy:
image: darthsim/imgproxy
restart: always
environment:
IMGPROXY_LOCAL_FILESYSTEM_ROOT: /data # you can link to minio volume to imgproxy and use as a local filesystem.
IMGPROXY_USE_S3: 'true'
IMGPROXY_S3_ENDPOINT: http://10.0.0.174:6090
AWS_ACCESS_KEY_ID: admin
AWS_SECRET_ACCESS_KEY: admin123
AWS_REGION: us-east-1
ports:
- "8082:8080"
links:
- minio # it doesn't matter actually by default all containers can reach each other with their service name.
volumes:
- "./minio/storage:/data" # link to minio volume to imgproxy's /opt folder for local filesystem.

Final visit path http://10.0.0.174:8082/resize:fill:1000:1000:0/plain/http://10.0.0.174:6090/test1/xxx.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=95QP6GGLJ54PHPGCFJWJ%252F20220425%252Fus-east-1%252Fs3%252Faws4_request&X-Amz-Date=20220425T051958Z&X-Amz-Expires=604800&X-Amz-Security-Token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI5NVFQNkdHTEo1NFBIUEdDRkpXSiIsImV4cCI6MTY1MDg2NzU4NSwicGFyZW50IjoiYWRtaW4ifQ.J-zChUGFx4wF7RmEYoBhgVJ3vXPIx5FAltvnKPNEaMBx_-qIDhB64zr4d6HqrPaJs_2UCwXq8sXMPP5AaM-2XA&X-Amz-SignedHeaders=host&versionId=null&X-Amz-Signature=76773fb8ce096f96e15dd412ed6e9f44085f030102b944d330539c014573acb1 image

UserFengFeng avatar Apr 26 '22 01:04 UserFengFeng

Minio container listens on port 9000 by default.

docker-compose file

version: '3.7'
services:
  minio1:
    image: quay.io/minio/minio
    command: server /data --console-address ":9001"
    ports:
      - "43003:9000"
      - "43004:9001"
    environment:
      MINIO_ROOT_USER: admin
      MINIO_ROOT_PASSWORD: miniorofl
      MINIO_SITE_REGION: us-east-1
    volumes:
      - ./data:/data
  imgproxy1:
    image: darthsim/imgproxy
    environment:
      IMGPROXY_USE_S3: 'true'
      IMGPROXY_S3_ENDPOINT: "http://minio1:9000"
      AWS_ACCESS_KEY_ID: admin
      AWS_SECRET_ACCESS_KEY: miniorofl
      AWS_REGION: us-east-1
    ports:
      - "43005:8080"

Create a bucket website & upload any image.

Open imgproxy in browser

http://localhost:43005/unsafe/w:500/plain/s3://website/blah.jpg

wwwdepot avatar Apr 29 '22 21:04 wwwdepot

Hey @UserFengFeng!

Sorry for the delay. I tried your docker-compose.yml, and it works perfectly. Is this issue still actual?

DarthSim avatar Jun 08 '22 14:06 DarthSim

@UserFengFeng I think you just need to URL encode the URL before you pass it to imgproxy. Try that!

jeremyhaile avatar Sep 02 '22 18:09 jeremyhaile

Ugh, how I could possibly miss that?

http://10.0.0.174:8082/resize:fill:1000:1000:0/plain/http://10.0.0.174:6090/test1/xxx.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=95QP6GGLJ54PHPGCFJWJ%252F20220425%252Fus-east-1%252Fs3%252Faws4_request&X-Amz-Date=20220425T051958Z&X-Amz-Expires=604800&X-Amz-Security-Token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI5NVFQNkdHTEo1NFBIUEdDRkpXSiIsImV4cCI6MTY1MDg2NzU4NSwicGFyZW50IjoiYWRtaW4ifQ.J-zChUGFx4wF7RmEYoBhgVJ3vXPIx5FAltvnKPNEaMBx_-qIDhB64zr4d6HqrPaJs_2UCwXq8sXMPP5AaM-2XA&X-Amz-SignedHeaders=host&versionId=null&X-Amz-Signature=76773fb8ce096f96e15dd412ed6e9f44085f030102b944d330539c014573acb1

@UserFengFeng your source URL contains a query string (the part after ?), so the whole URL should be escaped. Otherwise, imgproxy will think this is its URL query string, not the source URL's one. Also, you;ve missed the signature part which is mandatory even if the URL signatures are disables. So your URL should look like this:

http://10.0.0.174:8082/unsafe/resize:fill:1000:1000:0/plain/http%3A%2F%2F10.0.0.174%3A6090%2Ftest1%2Fxxx.jpg%3FX-Amz-Algorithm%3DAWS4-HMAC-SHA256%26X-Amz-Credential%3D95QP6GGLJ54PHPGCFJWJ%25252F20220425%25252Fus-east-1%25252Fs3%25252Faws4_request%26X-Amz-Date%3D20220425T051958Z%26X-Amz-Expires%3D604800%26X-Amz-Security-Token%3DeyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI5NVFQNkdHTEo1NFBIUEdDRkpXSiIsImV4cCI6MTY1MDg2NzU4NSwicGFyZW50IjoiYWRtaW4ifQ.J-zChUGFx4wF7RmEYoBhgVJ3vXPIx5FAltvnKPNEaMBx_-qIDhB64zr4d6HqrPaJs_2UCwXq8sXMPP5AaM-2XA%26X-Amz-SignedHeaders%3Dhost%26versionId%3Dnull%26X-Amz-Signature%3D76773fb8ce096f96e15dd412ed6e9f44085f030102b944d330539c014573acb1

Also, you configured the support for s3://... URLs, so your imgproxy URL may look like this:

http://10.0.0.174:8082/resize:fill:1000:1000:0/plain/s3://test1/xxx.jpg

DarthSim avatar Sep 05 '22 10:09 DarthSim