Deploy the TinyMCE Image Proxy service server-side component using Docker
Overview
The On-Premises version of Image Editing is an application that can be installed and run on the customer’s in-house servers and computing infrastructure, including a private cloud.
The only requirement to run this service On-Premises is a container runtime or orchestration tool e.g. Docker, Kubernetes, Podman.
A valid access token is required to access the Tiny Cloud Docker registry and pull the Docker image. Contact Tiny Support to request the access token.
|
Pushing this Docker image to a public container registry violates the Tiny Self-Hosted Software License Agreement, including: |
Requirements
-
The Docker Engine is installed and running.
-
The user has Administrative or Root user access to run the Docker commands.
-
The user is either:
-
Using a Unix-like operating system, such as Linux or macOS.
-
Using Windows and has access to unix command line tools using Git for Windows, Cygwin, or the Windows Subsystem for Linux.
-
Installation
| A valid access token is required in order to retrieve On-Premises services images from Tiny Cloud Docker Registry. Contact Tiny Support to request the access token. |
Retrieve Docker Image
-
Login into the Tiny Cloud Docker Registry:
docker login -u tiny -p [access-token] registry.containers.tiny.cloud -
Pull the Docker Image from the Docker registry:
docker pull registry.containers.tiny.cloud/image-proxy-tiny:<VERSION>Replace
<VERSION>withlatestor the specific version number.
| Currently, the Docker images are only supported on x86-64 (also known as AMD64) architecture processors. === Specify Configurations |
After completing the previous steps, run the Docker container from the pulled image:
docker run -p 19040:19040 registry.containers.tiny.cloud/image-proxy-tiny:<VERSION>This triggers -p 19040:19040, exposing the service on localhost:19040. The service runs on port 19040 inside the Docker container, and this maps it to the same port on your localhost.
If set up correctly, the logs should display output similar to the following:
2025-01-08 12:03:15 [io-compute-3] INFO emissary - emissary
...
2025-01-08 12:03:16 [io-compute-blocker-3] INFO emissary - -> Raw Config assembled from various sources: ConfigOrigin(merge of /ephox-image-proxy/ephox-image-proxy-docker-env.conf: 1,system properties,reference.conf @ jar:file:/ephox-image-proxy/ephox-image-proxy.jar!/reference.conf: 1)
2025-01-08 12:03:16 [io-compute-blocker-3] WARN c.e.d.config.AllowedOriginsConfig$ - No allowed-origins specified in config!
2025-01-08 12:03:16 [io-compute-blocker-3] INFO emissary - emissary config loaded successfully: EmissaryConfig(SdkHttpConfig(HttpConfig(100,10,10,3,HttpConfigTimeouts(10,10,10),JvmTrustModel()),None),OriginWhitelist(List(),OriginPrecision(true)),Some(10000000))
2025-01-08 12:03:17 [io-compute-1] INFO o.h.b.c.nio1.NIO1SocketServerGroup - Service bound to address /0:0:0:0:0:0:0:0:19040
2025-01-08 12:03:17 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder -
_ _ _ _ _
| |_| |_| |_ _ __| | | ___
| ' \\ _| _| '_ \\_ _(_-<
|_||_\\__|\\__| .__/ |_|/__/
|_|
2025-01-08 12:03:17 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder - http4s v0.23.27 on blaze v0.23.16 started at http://[::]:19040/Running this command will generate a log warning about allowed-origins not being configured. This is expected, as it will be set up in the next step.
The TinyMCE server-side components require a configuration file to function correctly. By convention, this file is named application.conf. For more information, refer to Required configuration for the server-side components.
This configuration file requires at least the following information:
-
allowed-origins - Specifies the domains allowed to communicate with server-side editor features. This is mandatory for all server-side components.
The following settings for the premium server-side components are optional and will apply to all services that make outgoing HTTP/HTTPS requests using the configuration file.
The following settings for the Image Proxy service premium server-side component are optional:
Run the Docker Container
The Docker container can also be run with docker compose. In this example, the following directory structure is assumed:
tiny-image-proxy/
└── docker-compose.yaml # Docker Compose file to define and run the service
└── application.conf # Configuration file for allowed origins and other settingsHere is an example of the application.conf file with the basic configurations:
ephox {
allowed-origins {
origins = [
"<http://example.com>",
"<http://good.com> ",
"*.my.company.org"
]
}
}Once the application configuration file is ready, proceed with the Docker Compose setup to configure and run the service.
-
Create the
docker-compose.yamlfile:services: image-proxy-tiny: image: registry.containers.tiny.cloud/image-proxy-tiny:[version] ports: - "19040:19040" restart: always init: true volumes: - type: bind source: ./application.conf #change this to the path on your local machine target: /ephox-image-proxy/ephox-image-proxy-docker-env.conf read_only: true -
Run the service (within the same directory where
docker-compose.yamlwas placed):docker compose upIf the setup is correct, the initiation logs should appear as follows:
✔ Container image-proxy-tiny-image-proxy-tiny-1 Created 0.0s Attaching to image-proxy-tiny-1 image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-8] INFO emissary - emissary image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-8] INFO emissary - * External Configuration image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-8] INFO emissary - * External configuration via System Properties image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * parseConfigSources image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * looking up property: ephox.config.url image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Property not set image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * looking up property: config.url image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Property not set image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * parseConfigSources image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * looking up property: ephox.config.file image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Found value for property: /ephox-image-proxy/ephox-image-proxy-docker-env.conf image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Parsing config defined by /ephox-image-proxy/ephox-image-proxy-docker-env.conf from property: ephox.config.file image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Processing file: /ephox-image-proxy/ephox-image-proxy-docker-env.conf image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * External application.conf => /opt/ephox/application.conf image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Optional File (/opt/ephox/application.conf). Defaults to empty if file not found image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Internal Configuration image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> No extra internal configuration specified - skipping image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Default (Reference) Configuration image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Loading configuration files from classpath (reference.conf and integration.conf). Neither is required. image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Raw Config assembled from various sources: ConfigOrigin(merge of /ephox-image-proxy/ephox-image-proxy-docker-env.conf: 1,system properties,reference.conf @ jar:file:/ephox-image-proxy/ephox-image-proxy.jar!/reference.conf: 1) image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO c.e.d.config.AllowedOriginsConfig$ - Read allowed-origins config (ignoring ports = true) as: image-proxy-tiny-1 | - good.com image-proxy-tiny-1 | - example.com image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - emissary config loaded successfully: EmissaryConfig(SdkHttpConfig(HttpConfig(100,10,10,3,HttpConfigTimeouts(10,10,10),JvmTrustModel()),None),OriginWhitelist(List(good.com, example.com),OriginPrecision(true)),Some(10000000)) image-proxy-tiny-1 | 2025-01-08 15:02:37 [io-compute-1] INFO o.h.b.c.nio1.NIO1SocketServerGroup - Service bound to address /0:0:0:0:0:0:0:0:19040 image-proxy-tiny-1 | 2025-01-08 15:02:37 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder - image-proxy-tiny-1 | _ _ _ _ _ image-proxy-tiny-1 | | |_| |_| |_ _ __| | | ___ image-proxy-tiny-1 | | ' \\ _| _| '_ \\_ _(_-< image-proxy-tiny-1 | |_||_\\__|\\__| .__/ |_|/__/ image-proxy-tiny-1 | |_| image-proxy-tiny-1 | 2025-01-08 15:02:37 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder - http4s v0.23.27 on blaze v0.23.16 started at http://[::]:19040/
Next Steps
-
Test the service via cURL command
To verify that the Image Proxy service is set up and functioning correctly within the container, ensure the service is running on port
19040. Once active, it should be ready to receive requests. The expected outputs below confirm proper configuration, assuminghttp://good.comis in the allowed origins andhttp://bad.comis not.To check the service is running use:
curl http://localhost:19040/versionAn example output is:
2.111.1To confirm that a request is being sent to the Image Proxy service, use:
curl --location 'http://localhost:19040/2/image?url=https%3A%2F%2Fraw.githubusercontent.com%2Fsrikomm%2FBMP-EDITING%2Frefs%2Fheads%2Fmaster%2Fsrc%2FInputs%2Ffish.bmp' \\ --header 'Origin: http://good.com'Finally, to verify if a request is unauthorized and originates from an incorrect origin, use:
curl --location 'http://localhost:19040/2/image?url=https%3A%2F%2Fraw.githubusercontent.com%2Fsrikomm%2FBMP-EDITING%2Frefs%2Fheads%2Fmaster%2Fsrc%2FInputs%2Ffish.bmp' \\ --header 'Origin: http://bad.com'If an error occurs, the expected message is:
{ "message": "The supplied authentication is not authorized to access this resource" }. -
Test directly in TinyMCE
Before deploying, it is recommended to test this service within the TinyMCE editor itself.
To do this, configure the Image Editing feature in the editor and call it via
tinymce.init. If running locally on the default port19040, use the following settings:tinymce.init({ selector: 'textarea', // change this value according to your HTML toolbar: 'image', plugins: 'image editimage', editimage_cors_hosts: [ 'example.com', 'good.com' ], editimage_proxy_service_url: "http://localhost:19040" });