With Discourses 1RTT philosophy, I think it might be time to rewrite the Avatar image serving code.
Avatar images should be treated as any other image upload. Resized at upload, stored, and served directly from the file system/S3/CDN.
The current Discourse method uses a proxy method to serve Avatar images. This approach creates unnecessary HTTP round trips and IP address challenges.
Here is an overview of Avatar Requests:
- Initial Discourse HTML is painted.
- Browser detects an avatar image and requests an image from the Discourse server
- Discourse server acts as a proxy and requests the image from local file store/S3/CDN
- Discourse server receives image
- Discourse server sends the image to the browser.
Every custom avatar has 1 additional HTTP roundtrip and related server processing time. A typical topic or topic listing can have 30 plus custom avatar images. On my site, that results in 10K to 20K extra RTT and related server load per day that could be avoided.
Additionally, the avatar images are direct access called from the server. To do any CDN-level protection requires whitelisting the IP address. This requires whitelisting gateways versus server IP addresses. Hosting companies make changes to balance network traffic on a regular basis. My gateway IP address will change/evolve. The software should not depend on updating the IP address for basic avatar images to work. This is based on the following incident in support, Avatar Proxy and CDN Hot-Link Protection
From a performance and simplicity perspective, can we have avatar images served directly from the Discourse's designated file store?
Discuss this on our forum.