How to customize ImageMagick configuration

Say you want to support large images or different image formats. These are defined in configuration files listed here. You can override the defaults set by by providing one or more of these files and placing them in a custom path stored in MAGICK_CONFIGURE_PATH variable.

For example, if you have a custom policy.xml file defining how to process large files:

  1. Place the policy.xml in a location which is not publicly accessible (for example, in /app/imagemagick directory).

  2. Create an environment variable env:MAGICK_CONFIGURE_PATH with the value of /app/your_policy_directory as the location. In

        MAGICK_CONFIGURE_PATH: "/app/imagemagick"

Afterwards, your custom settings should override the defaults.

Thank you for sharing this!

I just tried to enable PDF thumbnail generation in my PHP 8.0 app (which runs ImageMagick 6.9.10-23).

    <policy domain="coder" rights="read|write" pattern="PDF" />

Turns out the custom policy file gets picked up correctly, by running “convert -list policy”.
But you can’t allow stuff that is disabled globally as it’s stated here

So, any ideas how to enable PDF thumbnails in PHP 8.0 apps?
(PHP 7.4 with ImageMagick 6.9.7-4 worked perfectly)

SOLVED: for PDF thumbnail generation you only need read access, which seems to be accepted

    <policy domain="coder" rights="read" pattern="PDF" />

For PHP 8.0 I was able to get this to work via the following changes.

The big change is re-including the default policy path to set the order of policy preferences correctly.

Still waiting on the maintainers to reactive these settings by default.

        MAGICK_CONFIGURE_PATH: "/app/.magick/:/etc/ImageMagick-6/"

        - imagick
    <policy domain="coder" rights="read | write" pattern="PDF" />

Interesting. Based on the claim that it’s not allowed to override this for security reasons from the global defaults, being able to override by specifying the default directory explicitly feels like a (security) bug that might break again in the future as everyone can change the environment variable like this?

Is this approach still working for those on this thread?

I tried the above along with some variations and although the custom policy shows up in “convert -list policy” an attempt to generate a jpg from a pdf get the same error →

“convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF’ @ error/constitute.c/IsCoderAuthorized/408.”

We found that given ImageMagick has an automatic directory lookup as follows:

<client path>/etc/ImageMagick
<current directory>

… we didn’t need to add an environment variable in the platform config. Instead we put a policy.xml file in the $HOME/.config/ImageMagick/ directory i.e. /app/.config/ImageMagick/policy.xml that includes:

  <policy domain="coder" rights="read" pattern="PDF" />

This allowed us to get our PHP 8.1 Drupal 9.4 site working with the media_pdf_thumnail module functionality.


1 Like

I can confirm, this is working. Thank you for sharing!

1 Like

I applied the same thing. but I’m using php8.1.
When i pushed the work to PSH i faced this issue

Hi, please open a ticket so we can look further.

Sorry for asking a dumb question, but can someone help me out with exact steps to enable this for PHP8.1?

Where exactly can i add my policymap?