Renuo thumbs proxy is an app to sign images so they are processed by thumbor. You can restrict the source of the images by setting the BACKEND_IMAGES_PATH (e.g. ao3ief5j.cloudfront.com), so only images from this domain / path are processed by thumbor.
The app is ready to run on heroku. Create a new heroku app, set the env variables, and push the code to Heroku.
With the default heroku host (1 dyno for the proxy, 1 dyno for thumbor), about 20 rps are possible.
- Install pyenv and pyenv-virtualenv
pyenv install 3.6.10- Install virtualenvwrapper
Make sure that this has been added to your environment (e.g. .zshrc):
eval "$(pyenv init - zsh)"
eval "$(pyenv virtualenv-init -)"Clone the project, setup virtualenv and install dependencies:
git clone git@github.com:renuo/renuo-thumbs-proxy.git
cd renuo-thumbs-proxy
pyenv virtualenv 3.6.10 renuo-thumbs-proxy-3.6.10
pip install -r requirements.txt
pyenv rehash- cp local_server.example.sh local_server.sh
- Adjust config for local_server.sh
THUMBOR_SECURITY_KEY=UJwHAZLsRejTyLI88lAriHL7xAXa6q0umiwwpPcP \
BACKEND_ASSET_PATH=ao3ief5j.cloudfront.com \
THUMBOR_PATH=thumbor.example.com \
DEBUG=True \
python server.py- Create a backend and upload images (e.g. S3)
- Make the images accessible (e.g. Cloudfront)
- From this step, you will get the BACKEND_ASSET_PATH, e.g. ao3ief5j.cloudfront.com
- Generate a THUMBOR_SECURITY_KEY, configure thumbor
- Transform images calling the right url (/thumb/path:config/u/path:uri)
- Example: /thumb/200x300/smart/u/images/logo.png
The configuration is done by setting environment variables.
Example:
THUMBOR_SECURITY_KEY=UJwHAZLsRejTyLI88lAriHL7xAXa6q0umiwwpPcP
BACKEND_ASSET_PATH=ao3ief5j.cloudfront.com
SENTRY_DSN= http://public:secret@example.com/1
The THUMBOR_SECURITY_KEY is a shared key (proxy and thumbor app) to validate that the image can be processed by thumbor.
In thumbor this key is called SECURITY_KEY. See also: https://github.com/thumbor/thumbor/wiki/Security
Generate it randomly, and keep it secret (only shared with the thumbor app).
Example: UJwHAZLsRejTyLI88lAriHL7xAXa6q0umiwwpPcP
The BACKEND_IMAGES_PATH is the host and the path from which the assets are downloaded. E.g. if you want to resize images from the site https://www.renuo.ch, e.g. https://www.renuo.ch/images/logo.png then you can define
- the BACKEND_IMAGES_PATH to "www.renuo.ch", and then make a request to images/logo.png
- the BACKEND_IMAGES_PATH to "www.renuo.ch/images", and then make a request to logo.png
Don't leave it blank. Don't use http:// or https:// in the path.
This is the path to your thumbor server.
Example: thumbor.example.com
For monitoring the app, we use Sentry.
Example: http://public:secret@example.com/1
Optional.
Example: True
- Use HTTPS everywhere
- Have only one host to serve images which should be resized
- Have one thumbor instance which resizes images