Libravatar was designed so that domain owners can choose to host themselves the profile pictures for their domain. For example, an organisation may want to have control over the pictures use for their employees.
Server implementations
There currently exist the following Libravatar image server implementations:
| Name | Description | Administration | Programming language | License | Support for | Default modes |
|---|---|---|---|---|---|---|
| libravatar | The software that runs libravatar.org until 2019 | web-based | Python | Affero GPLv3 | Email, OpenID | 404, mm, identicon, monsterid, wavatar, retro |
| Surrogator | very simple avatar server | command line only | PHP | Affero GPLv3 | Email, OpenID | 404, mm |
| Simple Libravatar service | Quick hack to serve static files | command line only | Shell script | None needed | none (always returns a static image) | |
| ivatar | The software that runs the current libravatar.org | web-based | Python | Affero GPLv3 | Email, OpenID | 404, mm (and its alias mp), identicon, monsterid, wavatar, retro, robohash, pagan |
| libravatar.cgi | Simple CGI implementation | none | C | ISC | 404, mm (and its alias mp), blank | |
| libravatarserv | Simple libravatar server | none | C++ | GPLv3 | 404, mm (and its alias mp), identicon (=retro), retro; optionally returns a default image instead | |
| libravatar-nginx | Simple static service with fallback to libravatar.org | none | Docker & nginx | AGPLv3 | supports size and default params (urls, 404) |
Installation
Please refer to the README or INSTALL file of the implementation you want to use.
DNS setup
Once your instance is running on a publicly-accessible server (avatars.example.com in this example), add the following records to your DNS zone file:
_avatars._tcp.example.com. IN SRV 0 0 80 avatars.example.com
_avatars-sec._tcp.example.com. IN SRV 0 0 443 avatars.example.com
The first entry (_avatars._tcp) should point to an HTTP server whereas the second one (_avatars-sec._tcp) is for an HTTPS server. Nowadays unencrypted HTTP traffic is frowned upon so feel free to redirect your HTTP endpoints to the HTTPS one.
This step is the same whatever the implementation.
TTL
XXX: Currently not true, see ivatar's issue #50.
The time-to-live (cache expiry) should be set to at least 1 day (86400 seconds).
If you choose a TTL smaller than 1 day, Libravatar clients are allowed (and encouraged) to ignore it and cache your entry for a day.
Subdomains
If you use full hostnames or subdomains in your email addresses, for example bob@foo.example.com and bob@bar.example.com, then you need to have a set of SRV records for each of them:
_avatars._tcp.foo.example.com. IN SRV 0 0 80 avatars.example.com
_avatars-sec._tcp.foo.example.com. IN SRV 0 0 443 avatars.example.com
_avatars._tcp.bar.example.com. IN SRV 0 0 80 avatars.example.com
_avatars-sec._tcp.bar.example.com. IN SRV 0 0 443 avatars.example.com
SRV weights and priorities (optional)
All SRV entries should have the same priority. Lower priority ones will be ignored by Libravatar clients.
You may however use weights to spread the load across more than one avatar server.
Testing
Once you have these records, have a look at the domain check tool to make sure everything is working.