This version of the manual refers to an earlier version of the software.


This page gathers some miscellaneous notes on production deployment.

Temporary Directory

When running in standalone mode, the embedded Jetty server, by default, caches class files in the system temp directory, which most operating systems will periodically clean out. If this happens while Cantaloupe is running, it can lead to NoClassDefFoundErrors that can only be remedied by restarting the application. Consider either reconfiguring your OS's temp-cleaning strategy to work only at boot or shutdown, or using the temp_pathname configuration key (since version 3.4) to use a different location for temporary data.


Some image formats are inherently more efficient to serve than others. If you have control over your source image formats, please read the Images section for recommendations.



Cantaloupe uses a thread-per-request model, and maintains its own thread pool to carry out certain tasks asynchronously. Also, some processors are able to spread image decoding work across multiple threads. As the operating system will schedule different threads on different CPU cores, response times will benefit from multiple fast cores, especially as load increases.

That said, some source formats are more CPU-intensive than others. JPEG2000 via OpenJpegProcessor, for example, will strain the CPU far more than uncompressed TIFF via Java2dProcessor.


Memory requirements will vary greatly depending on source format, source image size, request image size, and the number of concurrent requests. Ideally, it's best to serve only source formats that support tiling or that can be selectively decoded (see Image Considerations).


Most source formats benefit from fast read performance—in terms of both latency and throughput—in the underlying storage system. Throughput is more important for less efficient source formats—like JPEG, PNG, and mono-resolution TIFF—especially as source image size increases. Local filesystem storage usually performs best.


A max_pixels configuration option is available to limit the maximum returned size of processed images. This is a "safety net" to prevent clients from bogging down the server. It does not affect requests for full-sized unmodified images, which do not significantly load the server because they are streamed through with no processing.

Note that the authorized? delegate script method can perform the same function as max_pixels, with more granular control.


Cantaloupe can run behind a reverse-proxy web server like Apache or nginx. The proxy should be set up to pass-through encoded URI characters without decoding them. It should also be configured to send the following headers:

Header Description Required?
X-Forwarded-Proto Protocol of the client request; either HTTP or HTTPS. If missing, HTTP will be assumed. No
X-Forwarded-Host FQDN of the client-facing reverse proxy. Yes
X-Forwarded-Port TCP port of the client-facing reverse proxy. Will default to 80 if missing. No
X-Forwarded-Path Path to use as a base path. Will default to none if missing. No
X-Forwarded-For Client IP address. If missing, any features that require a client IP address will either not work (such as IP-based authorization), or be incorrect (such as access logs). No
X-IIIF-ID Originally-requested image identifier. Should be set only when the proxy server will change the value of the identifier in the forwarded request; i.e. when the client is asking for a different identifier than the image server ends up seeing. No

If it is not possible to configure your reverse proxy to send the X-Forwarded-* headers, the base_uri configuration option can be used instead; set it to the URI of the client-facing reverse proxy including any base path.

In a reverse-proxying scenario, you might want to disable the access log, if it would be redundant.


The following example will make a Cantaloupe server running at http://image-server:8182/ available at http://apache-server/.

<VirtualHost *:80>
  # X-Forwarded-Host will be set automatically by the web server.
  RequestHeader set X-Forwarded-Proto HTTP
  RequestHeader set X-Forwarded-Port 80
  RequestHeader set X-Forwarded-Path /

  ServerName apache-server
  AllowEncodedSlashes NoDecode
  ProxyPassReverseCookiePath / /
  ErrorLog logs/image-error.log
  CustomLog logs/image-access.log combined

  ProxyPass / http://image-server:8182/ nocanon
  ProxyPassReverse / http://image-server:8182/
  ProxyPassReverseCookieDomain image-server:8182 apache-server
  ProxyPreserveHost on


The following example will make a Cantaloupe server running at http://image-server:8182/ available at http://nginx-server/.

location / {
    if ($request_uri ~* "/(.*)") {
        proxy_pass http://image-server:8182/$1;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-Path /;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect http://image-server:8182/ /;


In standalone mode, Cantaloupe supports TLS connections over HTTPS, configurable via the https.* keys in the configuration file. The general process for getting this working is to add a signed x.509 certificate to either a Java KeyStore (JKS) or PKCS#12 key store, and then refer to the key store file with the https.key_store_path configuration option.

HTTPS can also be enabled on a Servlet container or reverse-proxying web server, in which case Cantaloupe would require no special configuration.


HTTP/2 is supported since version 3.4 via the http.http2.enabled and https.http2.enabled configuration keys. H2C (unencrypted) works in Java 8 and 9, but H2S (encrypted) requires Java 9.