Other than strip fragments and remove dots, I tend not to prep (rawurlencode or otherwise) original URLs but rather plug them in Laravel's route() helper:

$newUrl = route('imageproxy', [$hash, ($size !== '' ? "$size/" : '').$url]).((substr($url, -1) === '/') ? '/' : '');

(That last bit re-adds a trailing slash if there used to be one. route() takes it off, it seems.)

Still, some encoding happens.

So either we do this explicitly before calculating the hash, or we take it into account validating the thing.

openFile() could return null, need to check for this explicitly. Also, we might want to always fall back to IPv4, even if we can't get such a DNS record.