An image processing pipeline handles user-uploaded images: validating, resizing, compressing, and formatting them for web and mobile delivery. Instagram, Pinterest, and Shopify process billions of images — each upload may generate 10+ variants (thumbnail, mobile, desktop, retina) in multiple formats (WebP, JPEG, AVIF). The design must handle burst traffic, expensive CPU-bound processing, and efficient delivery via CDN.
Upload and Validation
Image uploads flow through a multi-stage pipeline before being available to users. Upload path: (1) Client uploads directly to object storage (S3) via pre-signed URL — bypassing the application server for the binary data. (2) S3 event notification triggers a processing job via SQS. (3) A processing worker downloads the original from S3. Validation before processing: (1) File type verification: don’t trust the Content-Type header or file extension. Parse the first few bytes (magic bytes) to verify it’s actually an image. JPEG starts with FF D8 FF; PNG starts with 89 50 4E 47. (2) Size limits: reject images larger than 50MB before parsing. (3) Image bomb detection: a 1×1 pixel PNG that decompresses to 4GB (the zip bomb equivalent for images). After parsing the header, check that decoded dimensions are within acceptable limits (e.g., max 8000×8000 pixels). (4) Content scanning: for user-generated content platforms, pass the image through a content moderation service (AWS Rekognition, Google Vision) before making it public. An image that passes technical validation but contains prohibited content should be rejected.
Resize and Format Conversion
Each uploaded image generates multiple variants for different use cases. Variant definitions (examples): thumbnail (150×150, square crop), mobile (375w), tablet (768w), desktop (1200w), original (full resolution). Format strategy: generate WebP variants (30-50% smaller than JPEG at equivalent quality) with JPEG fallback for older browsers. Modern approach: use AVIF (newer, 50% smaller than WebP) where supported, with WebP and JPEG fallbacks. Libraries: libvips (Golang/Node.js: sharp) is 4-8x faster than ImageMagick for resizing — uses a streaming pipeline that avoids loading the full image into memory. Processing a 10MB JPEG to 5 variants: ~200ms with libvips, ~1500ms with ImageMagick. Cropping strategy: smart crop (find the salient region using face detection or attention models before cropping). A portrait photo with center crop might cut off the face — smart crop detects the face and centers the crop there. Quality settings: JPEG 80-85% quality and WebP 80% quality are imperceptible from lossless at typical display sizes. Progressive JPEG: encode JPEG in progressive mode — browsers can render a blurry preview before the full image loads, improving perceived performance.
Processing Queue and Worker Scaling
Image processing is CPU-intensive and takes 100ms-2 seconds per image. With burst uploads (a viral product photo upload on e-commerce), the queue can grow rapidly. Queue design: use SQS or Kafka with a dead-letter queue for failed processing. Message visibility timeout (SQS): set to 2x the expected processing time (e.g., 60 seconds). If a worker crashes, the message becomes visible again and is picked up by another worker. Worker autoscaling: scale worker instances based on queue depth. When queue depth exceeds N messages, launch additional workers. When the queue clears, scale down. AWS: use SQS queue depth as a CloudWatch metric → Auto Scaling Group policy. Process variants in parallel: a single worker generates 5 variants by processing them concurrently (using libvips’s parallel processing or goroutines). Priority processing: profile photos and thumbnail generation are higher priority than generating all resolution variants. Publish thumbnails first (user sees immediate feedback), then generate remaining variants in the background. Storage: upload all variants to S3 with a deterministic key structure: {bucket}/images/{image_id}/{variant}.{format}.
CDN and On-Demand Resizing
Pre-generating all variants has a storage cost and processing latency. An alternative: on-demand image resizing at the CDN edge. Architecture: the URL encodes the desired dimensions and format (images.example.com/image_123/300×200.webp). The CDN checks its cache for this variant. Cache miss: a CDN edge function (Lambda@Edge, Cloudflare Worker) fetches the original from S3, runs libvips to resize, returns the resized image. The CDN caches the result with a long TTL (1 year). Subsequent requests for the same URL are served from the CDN cache. Benefits: no pre-generation storage cost, infinite flexibility in supported sizes, new sizes added without pipeline changes. Trade-offs: first request is slower (processing latency + origin fetch). Processing at the edge requires the CDN function runtime to support libvips (available via WebAssembly or Lambda layers). Imgix and Cloudinary are managed services implementing this pattern — they handle caching, resizing, format detection, and quality optimization as a SaaS. For most teams, using Imgix or Cloudinary is more cost-effective than building this infrastructure.
Serving and Browser Format Detection
Serving the right format to each browser requires detecting format support. HTML picture element: the browser selects the first source it can decode. <picture><source srcset=”image.avif” type=”image/avif”><source srcset=”image.webp” type=”image/webp”><img src=”image.jpg” alt=”…”></picture>. Modern browsers select AVIF; older browsers fall back to WebP then JPEG. Server-side detection: the browser sends an Accept header with supported MIME types (Accept: image/avif,image/webp,*/*;q=0.8). The server or CDN reads the Accept header and serves the best-supported format. CDN Vary header: Cache-Control: public + Vary: Accept ensures different cached versions are stored per Accept header value — WebP-capable browsers get WebP, others get JPEG. Responsive images: srcset=”image-375w.webp 375w, image-768w.webp 768w, image-1200w.webp 1200w” sizes=”(max-width: 375px) 375px, (max-width: 768px) 768px, 1200px” allows the browser to request the appropriate size for the viewport — avoiding downloading a 1200px image on a 375px mobile screen.