Image Converter configuration guide
This document describes all the configuration options for the Image Converter application.
Core settings
| Setting | Type | Default | Description |
|---|---|---|---|
| DEBUG | boolean | false | Enables debug mode. Not recommended for production use |
| FLASK_ENV | string | production | Flask environment setting. Options: development, production |
| LOG_LEVEL | string | INFO | Logging level. Options: DEBUG, INFO, WARNING, ERROR, CRITICAL |
File handling settings
| Setting | Type | Default | Description |
|---|---|---|---|
| MAX_CONTENT_LENGTH | integer | 33554432 | Maximum allowed file size in bytes (32MB) |
| UPLOAD_FOLDER | string | /tmp/ | Temporary directory for file uploads |
Image processing settings
| Setting | Type | Default | Description |
|---|---|---|---|
| MAX_IMAGE_WIDTH | integer | 15000 | Maximum allowed image width in pixels |
| MAX_IMAGE_HEIGHT | integer | 15000 | Maximum allowed image height in pixels |
| DEFAULT_WIDTH | integer | 440 | Default width for image resizing |
| DEFAULT_HEIGHT | integer | 246 | Default height for image resizing |
| BLUR_RADIUS | integer | 2 | Gaussian blur radius for image processing |
Storage settings
| Setting | Type | Default | Description |
|---|---|---|---|
| STORAGE_TYPE | string | s3 | Storage backend type. Options: local, s3 |
AWS S3 configuration
These settings are required only when
STORAGE_TYPE=s3
| Setting | Type | Default | Description |
|---|---|---|---|
| AWS_REGION | string | eu-west-1 | AWS region for S3 bucket |
| AWS_BUCKET_NAME | string | smp-backgrounds | S3 bucket name for storing images |
| AWS_ENDPOINT_URL | string | https://s3.eu-west-1.amazonaws.com/ | S3 endpoint URL. Can be customized for S3-compatible storage |
ImportantAWS credentials (
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY) should be provided through secure environment variables or Kubernetes secrets.
S3 Bucket Configuration
Bucket Policy
To allow public read access to the images, apply the following bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::smp-backgrounds/*"
}
]
}
CORS Configuration
To enable cross-origin access to the images and prevent tainted canvas issues when processing images in web browsers, configure the following CORS policy:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
NoteThe CORS configuration is required to prevent “tainted canvas” security errors when web applications try to process images from the S3 bucket using HTML5 Canvas. Without proper CORS headers, browsers will block canvas operations on cross-origin images. For production environments, consider restricting
AllowedOriginsto specific domains.
Configuration methods
The application can be configured through multiple methods listed in order of precedence:
- Environment variables.
- Kubernetes ConfigMap/Secrets.
.envfile (development only).
Kubernetes deployment
When deploying to Kubernetes, configuration is managed through Helm values and secrets:
applicationConfig:
debug: false
flaskEnv: production
logLevel: INFO
maxContentLength: 33554432
# ... other settings
Secrets management
AWS credentials should be managed securely using one of these methods:
- External Secrets Operator (recommended)
- Sealed Secrets
- Kubernetes Secrets
- IAM roles for Service Accounts (IRSA)
Development setup
For local development:
- Copy
.env.exampleto.env. - Update settings as needed.
Never commit sensitive credentials to the version control system!
cp .env.example .env
Troubleshooting
Common configuration issues:
- Image upload fails: Check
MAX_CONTENT_LENGTHand ingress configuration. - S3 access denied: Verify the AWS credentials and bucket permissions.
- Processing timeout: Adjust the resource limits in Kubernetes deployment.