Home

Awesome

camo Build Status

Camo is all about making insecure assets look secure. This is an SSL image proxy to prevent mixed content warnings on secure pages served from GitHub.

camo

We want to allow people to keep embedding images in comments/issues/READMEs.

There's more info on the GitHub blog.

Using a shared key, proxy URLs are authenticated with hmac so we can bust caches/ban/rate limit if needed.

Camo currently runs on node version 0.10.29 at GitHub on heroku.

Deploy to Heroku

Features

At GitHub we render markdown and replace all of the src attributes on the img tags with the appropriate URL to hit the proxies. There's example code for creating URLs in the tests.

URL Formats

Camo supports two distinct URL formats:

http://example.org/<digest>?url=<image-url>
http://example.org/<digest>/<image-url>

The <digest> is a 40 character hex encoded HMAC digest generated with a shared secret key and the unescaped <image-url> value. The <image-url> is the absolute URL locating an image. In the first format, the <image-url> should be URL escaped aggressively to ensure the original value isn't mangled in transit. In the second format, each byte of the <image-url> should be hex encoded such that the resulting value includes only characters [0-9a-f].

Configuration

Camo is configured through environment variables.

Testing Functionality

Bundle Everything

% rake bundle

Start the server

% coffee server.coffee

In another shell

% rake

Debugging

To see the full URL restclient is hitting etc, try this.

% RESTCLIENT_LOG=stdout rake

Deployment

You should run this on heroku.

To enable useful line numbers in stacktraces you probably want to compile the server.coffee file to native javascript when deploying.

% coffee -c server.coffee
% /usr/bin/env PORT=9090 CAMO_KEY="<my application key>" node server.js

Docker

A Dockerfile is included, you can build and run it with:

docker build -t camo .
docker run --env CAMO_KEY=YOUR_KEY -t camo

Examples