Best image proxy settings for embedding images?

[snoopy5]

XF 2.1.12

Many users want to embed images in postings from Flickr, PBase, 500px etc.

I am looking for the optimal settings, to allow big images (4MB) for embedded images of Flickr et alii, but without serverload for me.

I use https/ SSL

If users upload images directly on to my server via attachments, I want to restrict them ideally to 500kb

Which settings shall I do in the ACP options for attachments (KB and pixelsize) and in the ACP options for proxy to achieve both goals?

 

[snoopy5]

anybody?

@Brogan @Kirby

 

[TPerry]

There are not "optimal" settings. It will be entirely dependent upon your hosting environment.
Someone with 1TB of storage will be able to keep proxy images around a LOT longer than someone with 60GB.
And sorry, those "unlimited" shared hosting providers rarely are such.

 

[snoopy5]

It will be entirely dependent upon your hosting environment.

I know, this is why I listed my criteria, my goals I want to achieve.

1. For attachments uploaded to my server max. 500KB
2. For embedded images max 4MB

I use https / SSL, so I do not want to have the server cache storing those 4MB with embedded images.

The question is: What shall I enter into the appropriate fields to achieve my goals?

 

[TPerry]

1. For attachments uploaded to my server max. 500KB
2. For embedded images max 4MB

It's not so much that... you have to realize, they accumulate based upon the amount of time you want to keep them IN ADDITION to the file sizes.
If you don't want to "store" those embedded images via the image proxy, you simply need to either disable it or put the "acceptable" level at what you want. Once more, it is ENTIRELY dependent on YOUR requirements... there is not a "one size fits all" available. As an example, the lmits you impose would NOT work for my site. If you want only 4MB images kept, then THAT is the amount you need to enter.s
I mean, this is fairly clear for the Poxy image size.


You enter 4MB and anything larger than that will simply show as a link with a default placeholder image.
The other question you have has NOTHING to do with image proxy settings.. those are strictly user group settings.

 

[snoopy5]

Maybe I should explain it differently then.

There is nowhere an explanation for the ACP proxy page, what setting does what in combination with the other settings. What will influence/restrict the other. What will work and what not in combination with the other ACP attachment file settings?

Example 1


I have SSL /https: Therefore I have to enable image and link proxy, otherwise embedded images will not show up. Is this assumption correct?


Example 2



I do not understand that option. I want to allow my users to embed images in my forum from almost every photo webhoster like Flickr, Pbase, 500px etc. pp. So, what shall I enter there?


Example 3

• What does this mean to "bypass for https requests" in the real world?
• What will happen then? How do I or the user see the difference?
• Which of these 3 options should I choose, if I have https?
• What are the pro and cons of the other two options?

Example 4



As far as I understand it, I should set for my goals (save disk space) Image cache lifetime as short as possible. 1 day is the shortest. Is this correct?

If I set the image cache refresh to 0, does that mean that on the next day the embeded image disappears?

Image cache max size.

• Will this be in conflict with my ACP attachment settings?
• What rules then? The smaller number of both?
• Or is this totally independant from the settings in ACP attachment?

Because then this would be the solution to have only 500KB for uploads, but 4MB or greater for embedded images. See my ACP attachment settings screenshot below:






Example 5



Log image and link proxy referrers for x days

• Do I need this at all to be able to display the images?
• Will be the embedded images invisible otherwise?
• How much space this will take on the server?

 

[Suzanne O]

Why don't you buy the media gallery add on from xenforo instead?
It saves you from fluffing about with proxies

 

[TPerry]

Once more... the explanations are very simple if you will sit down and actually think about them.
It is really easy to understand... ALL the proxy is set for is to guarantee that you local viewers can see the image. You can turn the proxy off and the images are linked DIRECTLY to that third party site.... now, the issue you can run into is that an image of a beautiful car/motorcycle/boat/whatever can be changed on the remote end to something obscene and your site will post that image immediately when someone views it. I HAVE seen admins that got tired of outside sites linking to copyright images on their site perform a small change and end up serving up some fairly unwelcome media.

I do not understnd that option. I want to allow my users to embed images in my forum from almost every photo webhoster like Flickr, Pbase, 500px etc. pp. So, what shall I enter there?

This basically means that if a 3rd party site is linking to an image that was linked to on your site (and sucking YOUR bandwidth) you simply change that key and their link on that 3rd party site (think competitor, a site scraping yours or similar) suddenly is no longer valid. The proxied image is no longer delivered to them.

• What does this mean to "bypass for https requests" in the real world?
• What will happen then? How do I or the user see the difference?
• Which of these 3 options should I choose, if I have https?
• What are the pro and cons of the other two options?

These are pretty much self-explanatory... you can choose to NOT use the proxy for ANY site that is HTTPS (the original use of image proxy was to allow linking to a site that WAS NOT HTTPS and not get an insecure warning when viewing), you can choose to proxy ALL images, or you can choose to bypass the proxy feature for listed domains (like imgur, etc).
As for a user... they don't see a difference... if the site the image is linked to is HTTP, it proxies it and saves it locally. If the remote site is HTTPS, it links directly and pulls the image in from that third party site depending on your settings.
To keep the images present forever, you simply choose a high image cache lifetime (like 99,999) and then similar for a forced refresh. It should serve the locally cached image.

As far as I undertand it, I should set for my goals (save disk space) Image cache lifetime as short as possible. 1 day is the shortest. Is this correct?

If I set the image cache refresh to 0, does that mean that on the next day the embeded image disappears?

Refresh to zero does exactly what it says.. it NEVER refreshes the cache for the proxy... so it stays the same.
So if you want to keep them for a short time, set your image cache lifetime to 1 day and your cache refresh time to 0 (this should NEVER force a refresh/re-pull of the image). After one day the cached image will be deleted and they users will simply see a broken link when they view the thread.

Honestly.. if you want NO images cached... simply turn the proxy off... you probably WILL get some insecure content warnings on pages at times... but if you don't mind dealing with that, the great.

Log image and link proxy referrers for x days

All the log is is exactly that. A LOG of the currently cached images.

 

[TPerry]

Why don't you buy the media gallery add on from xenforo instead?
It saves you from fluffing about with proxies

No, it doesn't... TWO totally different processes.
Users will link in their posts to remote site images.
A gallery is primarily targeted at allowing users to upload media directly to the site OR link to outside resources... then to link to that media in a post they have to jump through an additional hoop instead of simply posting something like an imgur or YouTube link.

 

[Kirby]

I am looking for the optimal settings, to allow big images (4MB) for embedded images of Flickr et alii, but without serverload for me.

This is impossible to achive - you can't deliver smth. from your server without causing load to it.
The only option would be to not use the image proxy at all.

If users upload images directly on to my server via attachments, I want to restrict them ideally to 500kb

This is not possible with standard XenForo features - unless you want to restrict all attachments (including ZIP-Archives, Office-Documents, etc.) to 500 KB.

Therefore I have to enable image and link proxy, otherwise embedded images will not show up. Is this assumption correct?

No.

You technically don't have to enable the image proxy, but leaving it off if you run your website on HTTPS means that images embedded from HTTP servers cannot be displayed and/ or might trigger a mixed content warning (depending on your config and the used browser).
Legally it might be necessary to enable the image proxy (or disable embedding images) as embedding images from a thrid party webserver does transmit PII (=the IP address of the visitor) to this third party.

On the other hand enabling the image proxy does pose a legal risk to infringe copyright and you therefor might want to leave if off.

Link proxy is not required technically nor legally, but can help to improve privacy.

Secret Key
The secret key is used to protect your webserver fromg being abused to proxy just any image - if no secret is set a third party can procy any image through your XenForo - if a secret is set the the image procy link must be generated through your XenForo, otherwise it will not work.
If you notice abuse by a third party website (like hotlinking to your image proxy URLs) you can just change the secret and render those hotlinked images uedless; this is not possible without a secret

• What does this mean to "bypass for https requests" in the real world?

Depends on on image proxy being enabled and the chosen bypass option option:
Image proxy disabled: Image procy will never be used, not metter which bypass option is enabled.
Orherwise:

• If it is set to "Do not by bypass" the image proxy will be used for all images.
• If it is set to "Bypass all HTTPS requests" only images serverd from HTTP servers will use the image proxy
• If it is set to "Bypass only the domains listed below" images serverd from the listed domains via HTTPS will not use the image proxy

• What will happen then?

See above.

• How do I or the user see the difference?

Configure the option and test with images from various sources( HTTP, HTTPS, HTTP from a whitelisted domain, HTTPS from a whitelisted domain)

• Which of these 3 options should I choose, if I have https?

That's up to you. I would use "Do not bypass image proxy" to be on the safe side re privacy laws.

• What are the pro and cons of the other two options?

See above.

As far as I understand it, I should set for my goals (save disk space) Image cache lifetime as short as possible. 1 day is the shortest. Is this correct?

Correct.

If I set the image cache refresh to 0, does that mean that on the next day the embeded image disappears?

From the cache, yes - but it will be re-cached if it is requested again.
Setting TTL to 1 day saves disk space at the expense of IO, network traffic and latency,

Image cache max size.

• Will this be in conflict with my ACP attachment settings? [..] Or is this totally independant from the settings in ACP attachment?

The highlighted part is correct, attachment settings have nothing to do with image proxy settings

• Do I need this at all to be able to display the images?

No. But it might be usefuly for anlatics / monitoring.

• Will be the embedded images invisible otherwise?

No.

• How much space this will take on the server?

A few hundred bytes for each proxied image URL .. really ... just don't care about this unless you have virtually zillions of external images.

I would

1. Enable image proxy
2. Set maximum image size to a seasonable value
3. Do not use any bypass
4. Set cache lifetime to a reasonable value
5. Set refresh to 1 day
   This is IMHO important to not get into too much legal issues re copyright

 

[snoopy5]

Thank you for the clarification. That helped a lot.

I made my new settings and it seems to work.