Config Reference
Imagizer Config allows for advanced configuration of the Imagizer instance using a JSON object. The Imagizer config may be retrieved and modified through either the Admin API or User Data.
Imagizer Cloud supports most configurations though the Expert Configuration panel.
accessControl
Access to the Admin API can be restricted using the accessControl configuration. Access may either be limited using Basic Auth or completely disabled.
Enable Basic Authorization
{
"accessControl":{
"adminApi":{
"basicAuth":{
"username":"admin",
"password":"mypassword"
}
}
}
}
Completely Disable
DANGER
Access can be reactivated only through User Data.
{
"accessControl":{
"adminApi":{
"enable":false
}
}
}
allowAnimatedGifs
Allow Imagizer to convert animated GIFs. Imagizer will by default render only the first frame of an animated GIF.
WARNING
Animated GIF support is resource intensive and may produce slow response times.
{
"allowAnimatedGifs": true
}
allowDynamicOrigin
Allow Imagizer to dynamically set the backend using the origin, source_url or bucket parameters. (default: true)
Disable the origin, source_url, and bucket parameters.
{
"allowDynamicOrigin": false
}
allowOriginalImageRequest
Allow Imagizer to pass through the original image when no parameters are present. (default: true)
{
"allowOriginalImageRequest": true
}
applicationWorkers Not supported on Imagizer Cloud
The size of the application worker pools. There are two worker pools running on Imagizer. The process and fetch pools. By default, Imagizer will set a safe number of workers for each pool depending on the number of RAM the instance has available. The size of the pools may be overridden to optimize the performance of the instance.
The size of the process pool should be at least as large as the maximum number of concurrent connections the instance will ever see. The size of the fetch pool should be at least as large as the maximum number of concurrent connections to the image storage origin.
| Property | Description |
|---|---|
| autoConfig | When true Imagizer will auto configure the size of the application pools. (default: true) |
| process | The number of workers in the process pool. |
| fetch | The number of workers in the fetch pool. |
TIP
Requires a reboot.
autoQuality New!
Automatic Image Quality Adjustment: Settings and Presets
| Property | Description |
|---|---|
| method | The default value for the quality_method parameter. (ssim, mde, smallfry) |
| preset | The default value for the quality_preset parameter. |
| presets | A list of preset targets for the comparison algorithms. Supports up to 25 presets. |
| qualityMin | The default value for the quality_min parameter. |
| qualityMax | The default value for the quality_max parameter. |
{
"autoQuality": {
"method": "ssim",
"preset": "medium",
"presets": {
"ssim": {
"low": 0.999,
"medium": 0.9999,
"high": 0.99995,
"veryhigh": 0.99999
},
"mpe": {
"low": 1.5,
"medium": 1,
"high": 0.8,
"veryhigh": 0.6
},
"smallfry": {
"low": 100.75,
"medium": 102.25,
"high": 103.8,
"veryhigh": 105.5
}
},
"qualityMin": 20,
"qualityMax": 100
}
}
awsAuthorization
The name and credentials for a private S3 Bucket where your images are stored. Use this property or the backend property, but not both.
TIP
You must first create an AWS IAM Role or IAM User with a policy containing the s3:getObject permission.
| Property | Description |
|---|---|
| bucket | The S3 bucket name. |
| key | The S3 auth key which has access to the bucket. (optional) |
| prefix | A prefix to be prepended to each S3 object key. |
| secret | The S3 secret which matches the key. (optional) |
| region | The region of the S3 bucket. (optional) |
| endpoint | The custom endpoint of the S3 backend. Useful for non-AWS S3 gateways. (optional) |
Using an IAM Role.
Omit the credentials.
{
"awsAuthorization":{
"bucket":"my.s3.bucket"
}
}
Using an AWS User.
{
"awsAuthorization":{
"bucket":"my.s3.bucket",
"key":"S3_ACCESS_KEY_ID",
"secret":"S3_SECRET_KEY"
}
}
Non-AWS S3 Backends
Imagizer supports non-AWS S3 implementations. Use the endpoint property to pass custom endpoints.
Google Cloud Storage
To use Google Cloud storage, generate an HMAC key here, then use the custom endpoint https://storage.googleapis.com.
Example
{
"awsAuthorization":{
"bucket":"GOOGLE_STORAGE_BUCKET_NAME",
"key":"HMAC_KEY",
"secret":"HMAC_SECRET",
"endpoint": "https://storage.googleapis.com"
}
}
awsSystemsManager Not supported on Imagizer Cloud
Enable and configure AWS Systems Manager Parameter Store for sensitive configuration data
TIP
We strongly advise utilizing an IAM role for credential provision. However, if necessary, you can employ the optional key and secret properties. By default, the region is set to the region of the instance.
Enable AWS Systems Manager Parameter Store integration and optionally set the region.
{
"awsSystemsManager": {
"enable": true,
"region": "us-east-1",
"key": "",
"secret": ""
}
}
All parameter values will be cached throughout the instance's lifespan. As a result, any modifications made to the SSM parameters will necessitate either a reconfiguration or a reboot when using user data.
Example usage
Create a parameter in the AWS Systems Manager Parameter Store.
aws ssm put-parameter --name "MySecretParam1" --value "mysecret" --type SecureString
Create an IAM policy for permission to read the SSM parameter.
{
"Action": [
"ssm:GetParameter"
],
"Resource": "arn:aws:ssm:us-east-1:ACC_NUMBER:parameter/MySecretParam*",
"Effect": "Allow"
}
Use the
SSM:prefix in sensitive configuration properties to reference a parameter store value.
{
"awsSystemsManager": {
"enable": true
},
"awsAuthorization":{
"bucket":"mybucket",
"key": "mykey",
"secret": "SSM:MySecretParam1"
}
}
Full list of supported properties
| Property |
|---|
| awsAuthorization.key |
| awsAuthorization.secret |
| backBlazeB2.keyId |
| backBlazeB2.applicationKey |
| cloudWatch.key |
| cloudWatch.secret |
| dataDog.key |
| accessControl.adminApi.basicAuth.username |
| accessControl.adminApi.basicAuth.password |
| nessusAgent.key |
backBlazeB2
The configuration for using Backblaze B2 Native as an image storage backend
| Property | Description |
|---|---|
| bucket | The name of the bucket |
| keyId | The key ID |
| applicationKey | The application key |
{
"backBlazeB2":{
"bucket":"myb2bucket",
"keyId": "XXXXXXXXXXXXXXXXXXXXXX",
"applicationKey": "XXXXXXXXXXXXXXXXXXXXXX"
}
}
backend
The base URL of the web folder where your images are stored. You may use this option for a publicly available AWS S3 bucket. (default: http://s3.amazonaws.com)
See awsAuthorization for private S3 buckets.
Set the backend to http://images.example.com.
{
"backend": "http://images.example.com"
}
Set the backend to https://images.example.com.
{
"backend": "https://images.example.com"
}
backendTimeout
The number of seconds to wait for a backend request to finish. (default: 15)
Set the backend timeout to 30 seconds.
{
"backendTimeout": 30
}
backendConnectTimeout
The number of seconds to wait while trying to connect to the backend. (default: 5)
Set the backend connect timeout to 5 seconds.
{
"backendConnectTimeout": 5
}
backendSync Not supported on Imagizer Cloud
Enable asynchronous uploads to a remote S3 backend using Amazon SQS queue and a local S3 backend for temporary storage of image files. Backend Sync allows for quick regional uploads with a central remote S3 backend.
Images are accessible for use immediately after uploading. Images will be asynchronously copied to the central S3 backend.
TIP
Requires the uploads configuration to be enabled.
TIP
You must first create an AWS IAM Role or IAM User with a policy containing the s3:getObject, s3:putObject, sqs:SendMessage, sqs:ReceiveMessage, sqs:GetQueueAttributes, sqs:ChangeMessageVisibility, and sqs:SendMessage, permissions.
| Property | Description |
|---|---|
| awsAuthorization | The regional S3 backend to temporarily store images. |
| consumer | When true Imagizer will consume and process the backend sync jobs. |
| queue.sqs.endpoint | The AWS SQS endpoint. |
| queue.sqs.region | The AWS SQS region. |
| queue.sqs.key | The AWS SQS credential key. (optional) |
| queue.sqs.secret | The AWS SQS credential secret. (optional) |
Enable backend sync for asynchronous uploads.
{
"uploads": {
"uploads": true
},
"awsAuthorization":{
"bucket":"my.central.s3.bucket",
"key":"S3_ACCESS_KEY_ID",
"secret":"S3_SECRET_KEY",
"endpoint": "http://s3-api.us-geo.objectstorage.softlayer.net"
},
"backendSync": {
"awsAuthorization": {
"bucket": "my.regional.s3.backend"
},
"consumer": true,
"queue": {
"sqs": {
"endpoint": "https://sqs.us-east-1.amazonaws.com/aws-acount-number/sqs-queue-name",
"region": "us-east-1"
}
}
}
}
bucketsAllowed
Restrict the bucket parameter to a preset list of approved buckets.
TIP
Leaving bucketsAllowed empty will allow any bucket to be used.
Limit the use of the bucket parameter to three different buckets.
{
"bucketsAllowed": [
"my.s3.bucket",
"my.s3.bucket2",
"my.s3.bucket3"
]
}
cache
Enable or disable image caching
| Property | Description |
|---|---|
| memory | Cache all images in memory. (default) |
| none | Disable all caching. |
| originOnly | Cache only the original images in memory. |
Enable disk cache.
{
"cache":"disk"
}
Disable caching completely.
{
"cache":"none"
}
cacheControl
Imagizer caching is controlled by the Cache-Control header on origin images. The Browser Cache TTL and Server Cache TTL will only be applied when there is no Cache-Control header present on origin images or the override value is set to true.
| Property | Description |
|---|---|
| override | When true override the origin Cache-Control header (default: false) |
| browserCacheTtl | Specifies the maximum time in seconds that the image is cached on the client side. This is the max-age directive. (Specified in seconds, default: 10 minutes) |
| serverCacheTtl | Specifies the maximum time in seconds that the image is cached on the server side in Imagizer. This is the s-maxage directive. (Specified in seconds, default: 30 days) |
Override the cache control headers and set browser cache to 10 minutes and the Imagizer server cache to 30 days.
{
"cacheControl":{
"override": true,
"browserCacheTtl": 1800,
"serverCacheTtl": 2678400
}
}
consul Not supported on Imagizer Cloud
Register with a Consul agent on boot.
More Information
When configured, Imagizer will send a PUT request to the given endpoint with the given payload on boot. In case of failure, Imagizer will retry the request up to three times. The instance will continue to boot on failure with error log entries.
The properties of the payload can be auto-filled by Imagizer. Use one of the following variables.
| Name | Description |
|---|---|
$ip | The IP of the instance. |
$host | The hostname of the instance. |
$awsPublicIp | The AWS public IP address of the instance. |
$awsPublicHost | The AWS public hostname of the instance. |
{
"consul":{
"endpoint":"http://0.0.0.0:8500/v1/catalog/register",
"payload":{
"Datacenter":"dc1",
"Node":"$host",
"Address":"$ip",
"Service":{
"Service":"imagizer",
"Port":80
}
}
}
}
cluster Not supported on Imagizer Cloud
Enable cluster mode which uses the Consistent Hashing with the Bounded Loads algorithm to distribute the load across several Imagizer instances.
See more information on Consistent Hashing with Bounded Loads.
TIP
The cluster configuration requires nodes to freely communicate with each other through ports 80, 17001, and optionally port 17006 for cache purging. Do not open port 17001 and 17006 to the public internet.
| Property | Description |
|---|---|
| enable | When true, Imagizer will load balance requests across Imagizer instances specified in the nodes property. |
| hashBalanceFactor | Specify the balancing factor for bounded-load consistent hashing. (default: 125) |
| awsAutoScaleSync | When true, Imagizer will keep the nodes property synced with the current AWS auto-scaling group. (default: false) |
| includeQueryStringInHash | When true use the whole URL including parameters (not only the path part of the request) to build the load balancer hash. (default: false) |
| nodes | An array of Imagizer hosts (hostnames or IP addresses) of all the Imagizer nodes in the cluster. |
Aws AutoScale Sync
When enabled, Imagizer will keep the nodes property synced with the current AWS auto-scaling group.
Enable cluster mode across an AWS AutoScaling group
{
"cluster":{
"enable": true,
"awsAutoScaleSync": true
}
}
To enable the functionality, specific IAM permissions are necessary.
It is advisable to employ an instance profile that has an associated IAM role.
Example IAM Policy Document
{
"Action": [
"ec2:DescribeInstances",
"autoscaling:DescribeAutoScalingGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Resource": "*",
"Effect": "Allow"
}
Static Nodes
Alternatively, you can specify the nodes manually.
Enable cluster mode across a set list of Imagizer nodes.
{
"cluster":{
"enable": true,
"nodes": [
"10.0.0.1",
"10.0.0.2",
"10.0.0.3",
"10.0.0.4"
]
}
}
customHeaders
Add custom response headers.
{
"customHeaders":[
"X-Example-Header1: example1",
"X-Example-Header2: example2"
]
}
defaultImages
Use default image in place of missing images and/or errors.
| Property | Description |
|---|---|
| missing | Image to be used instead of 404 error code. |
| error | Image to be used instead of all other errors. |
| shouldProcess | If true process the default image using the given image parameters. (default: false) |
| return200Response | If true return a 200 response code with the default images. If false return the error code with the default image. (default: true) |
Setup default error images.
{
"defaultImages": {
"missing": "http://example.com/404image.jpg",
"error": "http://example.com/errorimage.jpg",
"shouldProcess": false,
"return200Response": true
}
}
defaultImageParameters
Imagizer allows for global image parameters to be set on every request. This feature is handy for adding Imagizer processing like compression and formatting to all images without the need to modify image URLs.
TIP
These values may be overridden from client supplied URL parameters.
Globally set quality to 75, format to auto, and limit the max image width to 1000px.
{
"defaultImageParams":{
"quality":75,
"format":"auto",
"width":1000
}
}
defaultMobileImageParameters
Similar to the Default Image Parameters, Default Mobile Image Parameters are globally set for all image requests coming from a mobile device. These parameters will override any of the Default Image Parameters.
TIP
These values may be overridden from client supplied URL parameters.
WARNING
Separate cache for mobile devices must be enabled from these parameters to work correctly.
Globally for mobile devices set quality to 65 and limit the max image width to 800px.
{
"defaultMobileImageParams":{
"quality":75,
"width":800
}
}
displayWelcomePage
When true display the Imagizer welcome page on the root path /. (default: true)
{
"displayWelcomePage": true
}
enablePostToProcess
Enable POST requests port 80. See the POST Requests guide for more information.
{
"enablePostToProcess": true
}
fallbackBackend
The fallback backend is used when the primary backend returns an error. The use of the fallback backend is optional. By default, the fallback backend is used when a 403 or 404 is received from the primary backend. See fallbackErrorCodes below to customize the error codes.
| Property | Description |
|---|---|
| backend | The backend upstream server url. |
| backendTimeout | The backend fetch timeout. (default: 30 sec) |
| backendConnectTimeout | The backend fetch connect timeout. (default: 3 sec) |
| awsAuthorization | An AWS Authorization object. (optional) |
| fallbackErrorCodes | An array of http error codes to trigger the use of the fallback backend. (default: [404, 403]) |
Use a public fallback backend.
{
"fallbackBackend": {
"backend": "http://my.backup.s3.amazomaws.com"
}
}
Use a private S3 fallback bucket.
{
"fallbackBackend": {
"awsAuthorization":{
"bucket":"my.backup",
"key":"AWS_ACCESS_KEY_ID",
"secret":"AWS_SECRET_KEY"
}
}
}
faceDetectionWidth
Determines the image width for the preprocessing of an image before applying facial detection. (default: 600)
{
"faceDetectionWidth": 600
}
healthCheck
The health check agent monitors various metrics, such as memory, CPU, and disk usage. Once specific thresholds are met, the agent will mark the instance's /health endpoint as unhealthy. Additionally, the health check agent will log the health and stats in the imagizer_health log service.
TIP
Setting any of the thresholds to 0 will disable the check.
| Property | Description |
|---|---|
| enable | Enable the health check agent. (default: true) |
| memoryThreshold | The memory threshold in percent. (default: 95) |
| cpuThreshold | The cpu threshold in percent. (default: 95) |
| rootDiskThreshold | The root disk threshold in percent. (default: 90) |
| tmpDiskThreshold | The tmp disk threshold in percent. (default: 90) |
| http5XXThreshold | The http 5XX threshold in the number of 5XX errors per minute. Note: This metric includes origin errors, which may be undesirable. (default: 0) |
| checkInterval | The health check interval in seconds. (default: 15) |
| logInterval | The log interval in seconds to log the health status and stats. (default: 60) |
| logStats | When true log the instance's stats. (default: true) |
Configure the health check agent.
{
"healthCheck": {
"enable": true,
"memoryThreshold": 95,
"cpuThreshold": 95,
"rootDiskThreshold": 90,
"tmpDiskThreshold": 90,
"http5XXThreshold": 0,
"checkInterval": 15,
"logInterval": 60,
"logStats": true
}
}
hostsAllowed
By default, the Imagizer Image API allows any origins to be passed through the origin and source_url parameter. This can be restricted to a preset list of approved backend origins.
TIP
Leaving hostsAllowed empty will allow any origin to be used.
Limit the use of the origin parameter to three different backends.
{
"hostsAllowed": [
"bucket.s3.amazonaws.com",
"bucket2.s3.amazonaws.com",
"bucket3.s3.amazonaws.com"
]
}
hostsAllowedRegex
Similar to hostsAllowed, but allows for the use of regex matching.
Limit the use of the origin parameter to match one of two regex patterns. Will allow any subdomain of amazonaws.com and any subdomain of example.com or example.org.
{
"hostsAllowedRegex": [
"amazonaws\\.com$",
"example\\.(com|org)$"
]
}
hostConfigs Not supported on Imagizer Cloud
Enable separate configurations based on the request's host header.
The hostConfigs property takes an array of hostConfig objects. The hostConfig object is as follows:
| Name | Description |
|---|---|
| extends | When true, extend the parent configuration. (default: false) |
| hostname | The hostname to which the config is mapped. |
| config | Imagizer config that will be applied to all requests with the given hostname. |
WARNING
Some system configurations, such as stats and logging, are not available inside hostConfigs.
Examples
Multiple Origins
Configure two image origins mapped to imagizer1.example.com and imagizer2.example.com.
{
"hostConfigs":[
{
"hostname":"imagizer1.example.com",
"config":{
"backend":"http://mybucket1-example.s3.amazonaws.com"
}
},
{
"hostname":"imagizer2.example.com",
"config":{
"backend":"http://mybucket2-example.s3.amazonaws.com"
}
}
]
}
In the above example, we mapped two separate configurations to different hostnames
Using the hostname imagizer1.example.com will fetch the image from the mybucket1-example.s3.amazonaws.com origin.
curl -H "Host: imagizer1.example.com" http://$IMAGIZER_HOST/myimage.jpg
Using the hostname imagizer2.example.com will fetch the image from the mybucket2-example.s3.amazonaws.com origin
curl -H "Host: imagizer2.example.com" http://$IMAGIZER_HOST/myimage.jpg
Multiple Sets of Default Parameters
Configure different default image parameters per hostname and extend the parent config.
{
"backend": "http://mybucket1-example.s3.amazonaws.com",
"hostConfigs":[
{
"extends": true,
"hostname":"thumbnails.example.com",
"config":{
"defaultImageParams": {
"width": 150,
"height": 150,
"quality": 60
}
}
},
{
"extends": true,
"hostname":"banners.example.com",
"config":{
"defaultImageParams": {
"width": 1000,
"height": 300,
"quality": 80
}
}
}
]
}
In the above example, all requests will use the origin http://mybucket1-example.s3.amazonaws.com. However, depending on the hostname used, the image will be scaled differently.
Requests using the thumbnails.example.com hostname will be resized to 150px by 150x
curl -H "Host: thumbnails.example.com" http://$IMAGIZER_HOST/myimage.jpg
Requests using the banners.example.com will be scaled to 1000px by 300px.
curl -H "Host: banners.example.com" http://$IMAGIZER_HOST/myimage.jpg
hostname Not supported on Imagizer Cloud
Set the hostname of the Imagizer instance on boot
set a static hostname
{
"staticHostname": "my-imagizer-host1"
}
set a static hostname including domain
{
"staticHostname": "my-imagizer-host1.example.com"
}
preform a reverse DNS lookup to determine the hostname
{
"reverseDnsLookup": true
}
ignoreCertWarnings
When true, ignore SSL errors from the backend.
{
"ignoreCertWarnings": true
}
ignoreFormats
An array of image formats which should be ignored. No image process will take pace on these images. The original image will be passed through untouched.
{
"ignoreFormats": [
"gif",
"svg"
]
}
imageParamsAllowed
By default, the Imagizer Image API allows any combination of request parameters. Restrict the requests parameters to a preset list of combinations using the imageParamsAllowed property.
TIP
Leaving imageParamsAllowed empty will allow any number of Image API parameter combinations allowed
Limit the use of the image API to thumbnails of 120px wide and large images of 1000px wide with a watermarked logo image
{
"imageParamsAllowed": [
{
"width": 120
},
{
"width": 500,
"height": 500,
"mark": "http://example.com/watermark.png",
"mark_pos": "bottom,right",
"mark_offset": 2
}
]
}
imageParamValidations
An array of validations to be applied to the request parameters on the Image API. An error will be returned to the user if any of the validations fail.
| Property | Description |
|---|---|
| name | The name of the parameter. Any image parameters may be used. |
| required | Requires the parameter on all requests to the image API (default: false) |
| forbidden | Forbids the parameter on all requests to the image API (default: false, Takes precedence over required) |
| regex | An regex pattern for the parameter value to be matched against |
Requires a watermark to be set by requiring the mark parameter to be present and match the given regex.
{
"imageParamValidations":[
{
"name":"mark",
"required":true,
"forbidden":false,
"regex":"#^/watermarks#"
}
]
}
layers
Render text layers using the legacy render engine
| Property | Description |
|---|---|
| legacyTextRender | Legacy text rendering (default: false) |
Enable legacy text layer rendering
{
"layers": {
"legacyTextRender": true
}
}
logging Not supported on Imagizer Cloud
Logging to Syslog, AWS CloudWatch, and Datadog is supported. A variety of logging services are supported, including web access and application log.
The application log supports four logging levels (debug, info, warn, error). Info, warning and error logs will be sent by default.
| Property | Description |
|---|---|
| enable | Logging is enabled when true. (default: false) |
| appLogLevel | Defines the application level logging. (debug, info, warn, error) (default: info) |
| cloudWatch | Defines the AWS CloudWatch configuration. |
| dataDog | Defines the Datadog configuration. |
| legacy | When enabled legacy logging formats will be used. (default: false) |
| local | When true log to local disk. Local logs may be viewed at http://IMAGIZER_HOST:17006/logs. (default: false) |
| services | A list of logging services to be enabled. (default: imagizer_access, imagizer_access_err, imagizer_app, imagizer_system, imagizer_health) |
| syslog | Defines Syslog configuration. |
| trustedProxies | A list of IPs or CIDRs of trusted proxies to allow real IP address from using the X-Forwarded-For header. We recommend using 0.0.0.0/0 for AWS Load balancers. |
Access Log Format
The access logs are an extended combined format.
Nginx Log Format
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$host $request_time '
'$upstream_http_x_original_filesize $upstream_http_x_original_resolution '
'$upstream_http_x_origin_fetch_time $upstream_http_x_original_response_code';```
Example Log Entry
127.0.0.1 user-identifier user [05/Aug/2021:17:44:17 +0000] "GET /image.jpg?width=200 HTTP/1.1" 200 24000 "https://example.com" "Mozilla/5.0..." "127.0.0.1, 127.0.0.2, 127.0.0.3" xxxxx.imagizer.com 0.320 988376 2000x2000 292 200
A "-" in a field indicates missing data.
127.0.0.1is the IP address of the client (remote host) which made the request to the server.user-identifieris the RFC 1413 identity of the client. Usually "-".useris the userid of the person requesting the document. Usually "-" unless .htaccess has requested authentication.[05/Aug/2021:17:44:17 +0000]is the date, time, and time zone that the request was received, by default in strftime format %d/%b/%Y:%H:%M:%S %z."GET /image.jpg?width=200 HTTP/1.1"is the request line from the client. The method GET, /image.jpg?width=200 the resource requested, and HTTP/1.1 the HTTP protocol.200is the HTTP status code returned to the client. 2xx is a successful response, 3xx a redirection, 4xx a client error, and 5xx a server error.24000is the size of the object returned to the client, measured in bytes.https://example.comis the HTTP Referrer URL."Mozilla/5.0..."is the user agent from the client."127.0.0.1, 127.0.0.2, 127.0.0.3"is the X-Forwarded-For header chain of IP addresses.xxxxx.imagizer.comis the hostname of the request.0.320is the total time spent processing the request.988376is the file size of the origin image before processing.2000x2000is the resolution of the origin image before processing.292is the fetch time in milliseconds from the origin image storage.200is the http status code from the image origin fetch.
Services
imagizer_accessThe access logs in the combined format.imagizer_access_errThe access error log. Formatted as a standard Nginx error log.imagizer_appThe Imagizer application log.imagizer_systemThe Imagizer system log.imagizer_stats_collectorThe Imagizer stats collection log.nginx_varnAn internal access log. Used for debugging purposes. (default: disabled)nginx_varn_errAn internal access error log. Used for debugging purposes. (default: disabled)imagizer_admin_accessThe admin access logs (from port 17006) in the combined format.imagizer_admin_access_errThe admin access error log. Formatted as a standard Nginx error log.imagizer_healthThe health check agent logs.imagizer_health_acessThe access logs for/healthchecks. (default: disabled)
syslog
| Property | Description |
|---|---|
| facility | Sets facility of syslog messages, as defined in RFC 3164. (Default: local7) |
| server | Defines the address of a syslog server. The address can be specified as an IP address or hostname. |
| port | Defines the port of a syslog server. (default: 514) |
| protocol | Specifies the protocol for syslog. Valid options include udp and tcp. (default: udp) |
Enable Syslog Logging
{
"logging":{
"enable": true,
"appLogLevel": "info",
"syslog": {
"server": "syslog-server.example.com",
"facility": "local7",
"port": 514,
"protocol": "tcp"
}
}
}
cloudWatch
CloudWatch Logging may be enable and authorized using either an IAM role attached to your Imagizer instance or AWS user credentials.
| Property | Description |
|---|---|
| enable | Enables web server and application logging to Cloud Watch. (default: false) |
| region | The AWS Cloud Watch region to send logs to. |
| key | The AWS auth key which has access to the Cloud Watch. (optional) |
| secret | The AWS secret which matches the key. (optional) |
TIP
You must first create an AWS IAM Role or IAM User with a policy containing the logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents, and logs:DescribeLogStreams permissions.
Enable CloudWatch Logging using IAM Role
{
"logging":{
"enable": true,
"appLogLevel": "info",
"cloudWatch": {
"enable":true
}
}
}
Enable CloudWatch Logging using AWS credentials
{
"logging":{
"enable": true,
"appLogLevel": "info",
"cloudWatch": {
"enable":true,
"key": "XXXXXXXXXXXXXXXXX",
"secret": "XXXXXXXXXXXXXXXXX"
}
}
}
datadog
| Property | Description |
|---|---|
| enable | When true Imagizer will send logs to Datadog. (default: false) |
| key | Your Datadog API key. |
Enable DataDog Logging
{
"logging":{
"enable": true,
"appLogLevel": "warn",
"dataDog": {
"enable":true,
"key": "XXXXXXXXXXXXXXXXX"
}
}
}
maxImageDimensions
Limit the maximum dimensions allowed for images. This limits the original image as well as any processed images. By default, Imagizer will limit the dimensions of images to 5000px by 5000px.
| Parameter | Description |
|---|---|
| enable | When true enable the Max Image Dimensions limit. |
| width | The max allowed width of an image. |
| height | The max allowed height of an image. |
Limit the max dimensions of images to 3500px by 3500px
{
"maxImageDimensions":{
"enable":true,
"width":3500,
"height":3500
}
}
nessusAgent
Set up the Nessus Agent configuration
The Nessus Agent will be linked when configured and on boot.
| Parameter | Description |
|---|---|
| key | The Nessus key. (Required) |
| flags | A list of flags to pass to the agent link command. |
Enable the Nessus Agent using Tenable Cloud
{
"nessusAgent": {
"key": "XXXXXXXXXXXXXXXXXXXXXXXXX",
"flags": [
"--cloud"
]
}
}
Enable the Nessus Agent using Nessus Manager with groups
{
"nessusAgent": {
"key": "XXXXXXXXXXXXXXXXXXXXXXXXX",
"flags": [
"--host=nessus-manager.example.com",
"--port=8834",
"--groups=group1,group2"
]
}
}
Disable and unlink the Nessus Agent
{
"nessusAgent": {
"enable": false
}
}
TIP
See awsSystemsManager for more information on how to use the Nessus Agent with AWS Systems Manager.
network
Set up a static IP network configuration.
WARNING
Network configuration is supported only on Imagizer Enterprise.
TIP
Network configuration is supported only through a config loader on bootup.
TIP
Imagizer will try and determine the correct network interface if one is not supplied.
Set static IP address.
{
"static": true,
"interface": "ens3",
"ip": "192.168.2.86",
"netmask": "255.255.255.0",
"gateway": "192.168.2.1",
"dnsServers": [
"75.75.75.75",
"75.75.76.76"
]
}
passThroughRequestHeaders
Imagizer will pass through request headers to the origin image only when specified in the config. Use the passThroughHeaders parameter to specify an array of headers to be use on each origin image request. Wildcards (*) are supported to match multiple headers.
Pass the Host, Origin, and X-My-Custom-Header headers through to the origin.
{
"passThroughRequestHeaders":[
"Host",
"Origin",
"X-My-Custom-Header"
]
}
Pass all request headers
{
"passThroughRequestHeaders":[
"*"
]
}
passNonImagizerParamsToOrigin
When true, allow passing non-Imagizer HTTP parameters to the image origin. (default: true)
Disable sending any HTTP parameters to the image origin
{
"passNonImagizerParamsToOrigin": false
}
presetColors
Defines a list of custom colors that may be used by the colorize API.
{
"presetColors":[
{
"name":"sepia",
"value":"235,95,25"
},
{
"name":"lush",
"value":"0,128,0"
},
{
"name":"citron",
"value":"128,128,0"
},
{
"name":"wave",
"value":"0,128,128"
},
{
"name":"berg",
"value":"100,128,180"
}
]
}
sentinelOne
Sentinel One Agent configuration
Imagizer will register the agent when configured and on boot.
{
"sentinelOne": {
"token": "this.should be.your.token.string"
}
}
stats Not supported on Imagizer Cloud
Imagizer collects and stores system and application stats. These stats are available through the Admin API at any time. Optionally, support for Ganglia, Datadog, and cloudWatch are available.
ganglia
Send all stats to Ganglia. Stats are sent once a minute.
WARNING
AWS EC2 does not support multicast. Use the default udp protocol.
| Property | Description |
|---|---|
| enable | If true send all stats to ganglia. |
| host | The ganglia host. |
| port | The ganglia port (default: 8649). |
| protocol | The protocol to use when sending stats to ganglia. (udp or multicast) (default: udp) |
Enable Ganglia Stats
{
"stats":{
"ganglia":{
"host":"ganglia.example.com",
"port":8649,
"protocol":"udp"
}
}
}
cloudWatch
Send all stats to AWS CloudWatch. Stats are sent once a minute.
CloudWatch stats may be authorized using either an IAM role attached to your Imagizer instance or AWS user credentials.
| Property | Description |
|---|---|
| enable | Enables Cloud Watch stats. (default: false) |
| region | The AWS Cloud Watch region to send stats to. |
| key | The AWS auth key which has access to the Cloud Watch. (optional) |
| secret | The AWS secret which matches the key. (optional) |
TIP
You must first create an AWS IAM Role or IAM User with a policy containing the cloudwatch:PutMetricData permission.
Enable CloudWatch using IAM Role.
{
"stats":{
"cloudWatch":{
"enable":"true",
"region":"us-east-1"
}
}
}
Enable CloudWatch Metrics using AWS credentials.
{
"stats":{
"enable": true,
"cloudWatch": {
"enable":true,
"key": "XXXXXXXXXXXXXXXXX",
"secret": "XXXXXXXXXXXXXXXXX"
}
}
}
datadog
Imagizer supports Datadog metrics. Datadog will receive system stats on categories such as CPU, memory, disk, and processes, along with all the Imagizer application stats.
| Property | Description |
|---|---|
| enable | When true Imagizer will send stats to Datadog (default: false). |
| key | Your Datadog API key. |
| namespace | Prepend all stats with this namespace string. |
| tags | An array of tags which will be applied to all Datadog metrics and logs. Data Dog Tagging |
Enable DataDog Stats
{
"stats":{
"enable": true,
"appLogLevel": "warn",
"dataDog": {
"enable":true,
"key": "XXXXXXXXXXXXXXXXX",
"namespace": "imagizer",
"tags": [
"region:us-east1",
"env:production"
]
}
}
}
prometheus
Imagizer supports Prometheus metrics using Node Exporter. Node Exporter will receive system stats on categories such as CPU, memory, disk, and processes, along with all the Imagizer application stats.
Metrics will be available at http://$IMAGIZER_HOST:9100/metrics when enabled.
| Property | Description |
|---|---|
| enable | When true Node Exporter will collect stats. |
| namespace | Prepend all stats with this namespace string. |
secureWebProxy
Using a secure web proxy will send all secure (https) origin image requests to a specified proxy.
TIP
For non-https traffic, see webProxy.
All https traffic will pass through my-proxy-example.com on port 8282.
{
"secureWebProxy":{
"host":"my-proxy-example.com",
"port":"8282"
}
}
separateMobileCache
This will allow for the caching of two different objects for each image url, one for the mobile version and one for the desktop version. Separate mobile cache allows for features such as Default Mobile Image Parameters.
Enable Separate Mobile Cache
{
"separateMobileCache": true
}
WARNING
Always enabled on Imagizer Cloud.
separateWebpCache
This will allow for the caching of two different objects for each image url, one for clients which support webp and one for clients that do not support webp. Webp support is detected based on the Accept header. Separate Webp cache allows for features such as Auto Format.
Enable Webp Cache
{
"separateWebpCache": true
}
WARNING
Always enabled on Imagizer Cloud.
separateHostCache
Enable Host Cache
Use separate cache zones for each hostname used. (default: false)
{
"separateHostCache": true
}
svgSanitize
Configure Imagizer to sanitize SVG images to prevent XSS attacks. (default: strip)
| Value | Description |
|---|---|
| strip | Strip dangerous tags, such as <script>. (default) |
| error | Return a 400 error when dangerous tags detected. |
| none | Do not sanitize SVG images. |
Example JSON configuration to return a 400 error when dangerous tags are detected:
{
"svgSanitize": "error"
}
uploads
Allow image uploads with an S3 backend using POST Requests.
TIP
Requires a S3 Backend to be configured.
TIP
You must first create an AWS IAM Role or IAM User with a policy containing the s3:putObject permission.
| Property | Description |
|---|---|
| enable | Enables unloads on port 17005. |
| enablePort80 | Enables unloads on port 80. (default: false) |
{
"uploads":{
"enable":true
},
"awsAuthorization":{
"bucket":"my.s3.bucket"
}
}
upscaleAllowed
Allow Imagizer to upscale images beyond their original dimensions. (default: false)
Allow upscaling of images.
{
"upscaleAllowed": true
}
urlRewrites
Url rewrites will perform search and replace on the request url before preceding to image processing. This will allow for changes to both the path and the query parameters on all requests passed to Imagizer.
Url Rewrites allow for both string and regex(PCRE) search and replace. Multiple rewrites are allowed.
| Property | Description |
|---|---|
| search | The value being searched for, otherwise known as the needle. |
| replace | The replacement value that replaces found search values. |
| includeQueryString | If true include the query string in the search and replace. (default: false) |
| isRegex | If true treat the search string as a regex. (default: false) |
Modify the image path of all requests. Replace "is/image" with "product/published".
/is/image/myimage1.jpg?width=400 => /product/published/myimage1.jpg?width=400
{
"urlRewrites":[
{
"search":"is/image",
"replace":"product/published"
}
]
}
Migrate previously used image optimizer URLs to Imagizer formatted API
/images/myimage1.jpg?resize=300x400 => /images/myimage1.jpg?width=300&height=400
{
"urlRewrites":[
{
"search":"/resize=([0-9]+)x([0-9]+)/",
"replace":"width=$1&height=$2",
"includeQueryString":true,
"isRegex":true
}
]
}
webProxy
Using a web proxy will send all origin image requests to a specified proxy.
TIP
For https traffic, see secureWebProxy.
All http traffic will pass through my-proxy-example.com on port 8281.
{
"webProxy":{
"host":"my-proxy-example.com",
"port":"8181"
}
}