That's do-able if your proxy service calls the internal service over private networking to fetch the image and serve it to the public, however if I'm understanding this correctly:

for optimisation so imgproxy would just fetch the image internally which faster and doesn't count as egress

imgproxy would incur the egress cost of serving the images to public, so this sounds like it's adding a layer of abstraction for zero gains?

Thanks for your reply Ray.

For serving to public, yes, but now when it's fetching the image - if I'm thinking correctly - it reaches out from Railway's network (as I'm using the public address) so I'd like to save on this using the private network.

And I might know what was unclear in my description: imgproxy (https://github.com/imgproxy/imgproxy) is not just a proxy service it's a image processing tool, so it can for example resize images with adding "/size:500/" to the url and for that it first fetch the image from the given url.

You'd want to ensure that your Medusa service binds to :: (IPv6 equivalent of 0.0.0.0) so that it's reachable over private networking.

For serving to public, yes, but now when it's fetching the image - if I'm thinking correctly - it reaches out from Railway's network (as I'm using the public address) so I'd like to save on this using the private network.

So the data flow looks like:

Internet -->[public networking]--> Imgproxy -->[private networking]--> Your Service

When a user requests an image, you fetch it over the private network, and serve it to them, right? The last step would still incur egress cost as it's traffic that's going out (no matter where the contents of the traffic originates from).

With the resizing/optimizations that imgproxy offers, you might be able to save some amount on egress cost, however egress is still a thing if traffic is going out to the internet/end user.

Unless you're "double-fetching" the media right now?