If you're interesting in helping maintain the package please shoot me a message. Thanks - Jake
Plugin enabling image uploading to azure storage from strapi.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
Inside your strapi project run the following
yarn add strapi-provider-upload-azure-storage
# or
npm install strapi-provider-upload-azure-storage
To enable the provider, create or edit the file at ./config/plugins.js
.
This is an example plugins.js
file for Azure storage:
module.exports = ({ env }) => ({
upload: {
config: {
provider: "strapi-provider-upload-azure-storage",
providerOptions: {
authType: env("STORAGE_AUTH_TYPE", "default"),
account: env("STORAGE_ACCOUNT"),
accountKey: env("STORAGE_ACCOUNT_KEY"),//either account key or sas token is enough to make authentication
sasToken: env("STORAGE_ACCOUNT_SAS_TOKEN"),
serviceBaseURL: env("STORAGE_URL"), // optional
containerName: env("STORAGE_CONTAINER_NAME"),
createContainerIfNotExist: env("STORAGE_CREATE_CONTAINER_IF_NOT_EXIST", 'false'), // optional
publicAccessType: env("STORAGE_PUBLIC_ACCESS_TYPE"), // optional ('blob' | 'container')
defaultPath: "assets",
cdnBaseURL: env("STORAGE_CDN_URL"), // optional
defaultCacheControl: env("STORAGE_CACHE_CONTROL"), // optional
removeCN: env("REMOVE_CONTAINER_NAME"), // optional, if you want to remove container name from the URL
},
},
},
});
// For using azure identities, the correct authType is 'msi' or (provide it in the environment variable)
// clientId is used for Azure User-Assigned Identity access. If not provided, system-assigned managed identity is used instead
// RBAC Role Storage Blob Data Contributor required for MSI
module.exports = ({ env }) => ({
upload: {
config: {
provider: "strapi-provider-upload-azure-storage",
providerOptions: {
authType: 'msi',
account: env("STORAGE_ACCOUNT"),
clientId: env("STORAGE_AZURE_CLIENT_ID"), // optional
serviceBaseURL: env("STORAGE_URL"), // optional
containerName: env("STORAGE_CONTAINER_NAME"),
createContainerIfNotExist: env("STORAGE_CREATE_CONTAINER_IF_NOT_EXIST", 'false'), // optional
publicAccessType: env("STORAGE_PUBLIC_ACCESS_TYPE"), // optional ('blob' | 'container')
defaultPath: "assets",
cdnBaseURL: env("STORAGE_CDN_URL"), // optional
defaultCacheControl: env("STORAGE_CACHE_CONTROL"), // optional
removeCN: env("REMOVE_CONTAINER_NAME"), // optional, if you want to remove container name from the URL
},
},
},
});
Property | Required | Description |
---|---|---|
authType | true | Whether to use a SAS key ("default") or an identity ("msi") |
account | true | Azure account name |
accountKey | if 'authType 'default' | Secret access key |
clientId | false (consumed if 'authType 'msi') | Azure user-assigned identity client ID. If not provided, system-assigned managed identity ID is used |
sasToken | false | SAS Token, either accountKey or SASToken is required if 'authType is 'default' |
serviceBaseURL | false | Base service URL to be used, optional. Defaults to https://${account}.blob.core.windows.net |
containerName | true | Container name |
createContainerIfNotExist | false | Attempts to create the container if not existing. Must be one of 'true' or any string |
publicAccessType | false (param for 'createContainerIfNotExist') | Sets the public access of a newly created container to one of 'blob' or 'container' |
defaultPath | true | The path to use when there is none being specified. Defaults to assets |
cdnBaseURL | false | CDN base url |
defaultCacheControl | false | Cache-Control header value for all uploaded files |
removeCN | false | Set to true, to remove container name from azure URL |
Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy settings to properly see thumbnail previews in the Media Library. You should replace strapi::security string with the object bellow instead as explained in the middleware configuration documentation.
To allow the azure storage content to be displayed, edit the file at ./config/middlewares.js
.
You should replace the strapi::security
string with the object below instead, see the Middlewares configuration documentation for more details.
./config/middlewares.js
module.exports = [
// ...
{
name: "strapi::security",
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
"connect-src": ["'self'", "https:"],
"img-src": [
"'self'",
"data:",
"blob:",
"dl.airtable.com", // Required for Strapi < 4.10.6, you can remove it otherwise
"https://market-assets.strapi.io", // Required for Strapi >= 4.10.6, you can remove it otherwise
/**
* Note: If using a STORAGE_URL replace `https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net` w/ process.env.STORAGE_URL
* If using a CDN URL make sure to include that url in the CSP headers process.env.STORAGE_CDN_URL
*/
`https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net`,
],
"media-src": [
"'self'",
"data:",
"blob:",
"dl.airtable.com", // Required for Strapi < 4.10.6, you can remove it otherwise
/**
* Note: If using a STORAGE_URL replace `https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net` w/ process.env.STORAGE_URL
* If using a CDN URL make sure to include that url in the CSP headers process.env.STORAGE_CDN_URL
*/
`https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net`,
],
upgradeInsecureRequests: null,
},
},
},
},
// ...
];
serviceBaseURL
is optional, it is useful when connecting to Azure Storage API compatible services, like the official emulator Azurite. serviceBaseURL
would then look like http://localhost:10000/your-storage-account-key
.
When serviceBaseURL
is not provided, default https://${account}.blob.core.windows.net
will be used.
createContainerIfNotExist
can also be useful when working with Azurite as the tool provides very little by way of startup scripting.
cdnBaseURL
is optional, it is useful when using CDN in front of your storage account. Images will be returned with the CDN URL instead of the storage account URL.
defaultCacheControl
is optional. It is useful when you want to allow clients to use a cached version of the file. Azure storage will return this value in the Cache-Control
HTTP-header of the response.
removeCN
is optional. Some azure account configurations are such that they exclude 'container name' from the URL at which data is saved. It is by default set to false, if you want to remove container name from URL, set it to 'true'.
Contributions are welcome
We use SemVer for versioning. For the versions available, see the tags on this repository.
- Jake Feldman - Initial work - jakeFeldman
This project is licensed under the MIT License - see the LICENSE.md file for details
- strapi.io
- Azure