Deploy the TinyMCE Image Proxy service server-side component using Docker
Overview
The On-Premises version of Image Editing is an application that can be installed and run on the customer’s in-house servers and computing infrastructure, including a private cloud.
The only requirement to run this service On-Premises is a container runtime or orchestration tool e.g. Docker, Kubernetes, Podman.
Once your subscription is enabled for the service, an username and a password will be provided to access the Tiny Cloud Docker registry and pull the Docker image.
|
Do not push this docker image to a publicly accessible container registry. Doing so will constitute a breach of the Tiny Self-Hosted Software License Agreement, including: |
Requirements
-
The Docker Engine is installed and running.
-
The user has Administrative or Root user access to run the Docker commands.
-
The user is either:
-
Using a Linux, Unix or macOS operating system.
-
Using Windows and has access to unix command line tools using Git for Windows, Cygwin, or the Windows Subsystem for Linux.
-
Installation
| Valid credentials (username and password) are required in order to retrieve On-Premises services images from our Docker Registry. Contact us to request credentials. |
Retrieve Docker Image
-
Login into the Tiny Cloud Docker Registry:
docker login -u [username] -p [access-token] registry.containers.tiny.cloud -
Pull the Docker Image from the Docker registry:
docker pull registry.containers.tiny.cloud/image-proxy-tiny:<VERSION>Replace
<VERSION>withlatestor the specific version number.
Specify Configurations
After completing the previous steps, run the Docker container from the pulled image:
docker run -p 19040:19040 registry.containers.tiny.cloud/image-proxy-tiny:<VERSION>This triggers -p 19040:19040, exposing the service on localhost:19040. The service runs on port 19040 inside the Docker container, and this maps it to the same port on your localhost.
If set up correctly, the logs should display output similar to the following:
2025-01-08 12:03:15 [io-compute-3] INFO emissary - emissary
...
2025-01-08 12:03:16 [io-compute-blocker-3] INFO emissary - -> Raw Config assembled from various sources: ConfigOrigin(merge of /ephox-image-proxy/ephox-image-proxy-docker-env.conf: 1,system properties,reference.conf @ jar:file:/ephox-image-proxy/ephox-image-proxy.jar!/reference.conf: 1)
2025-01-08 12:03:16 [io-compute-blocker-3] WARN c.e.d.config.AllowedOriginsConfig$ - No allowed-origins specified in config!
2025-01-08 12:03:16 [io-compute-blocker-3] INFO emissary - emissary config loaded successfully: EmissaryConfig(SdkHttpConfig(HttpConfig(100,10,10,3,HttpConfigTimeouts(10,10,10),JvmTrustModel()),None),OriginWhitelist(List(),OriginPrecision(true)),Some(10000000))
2025-01-08 12:03:17 [io-compute-1] INFO o.h.b.c.nio1.NIO1SocketServerGroup - Service bound to address /0:0:0:0:0:0:0:0:19040
2025-01-08 12:03:17 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder -
_ _ _ _ _
| |_| |_| |_ _ __| | | ___
| ' \\ _| _| '_ \\_ _(_-<
|_||_\\__|\\__| .__/ |_|/__/
|_|
2025-01-08 12:03:17 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder - http4s v0.23.27 on blaze v0.23.16 started at http://[::]:19040/Running this command will generate a log warning about allowed-origins not being configured. This is expected, as it will be set up in the next step.
The TinyMCE server-side components require a configuration file to function correctly. By convention, this file is named application.conf. For more information, refer to Required configuration for the server-side components.
This configuration file requires at least the following information:
-
allowed-origins - Specifies the domains allowed to communicate with server-side editor features. This is mandatory for all server-side components.
The following settings for the premium server-side components are optional and will apply to all services that make outgoing HTTP/HTTPS requests using the configuration file.
The following settings for the Image Proxy service premium server-side component are optional:
Launch the Docker Container
Once the application configuration file is ready, proceed with the Docker Compose setup to configure and run the service.
-
Create the
docker-compose.yamlfile:services: image-proxy-tiny: image: registry.containers.tiny.cloud/image-proxy-tiny:[version] ports: - "19040:19040" restart: always init: true volumes: - type: bind source: <PATH_TO_APPLICATION_CONF_FILE_IN_HOST_MACHINE> target: /ephox-image-proxy/ephox-image-proxy-docker-env.conf read_only: true -
Run the service (within the same directory where
docker-compose.yamlwas placed):docker compose upIf the setup is correct, the initiation logs should appear as follows:
✔ Container image-proxy-tiny-image-proxy-tiny-1 Created 0.0s Attaching to image-proxy-tiny-1 image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-8] INFO emissary - emissary image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-8] INFO emissary - * External Configuration image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-8] INFO emissary - * External configuration via System Properties image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * parseConfigSources image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * looking up property: ephox.config.url image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Property not set image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * looking up property: config.url image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Property not set image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * parseConfigSources image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * looking up property: ephox.config.file image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Found value for property: /ephox-image-proxy/ephox-image-proxy-docker-env.conf image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Parsing config defined by /ephox-image-proxy/ephox-image-proxy-docker-env.conf from property: ephox.config.file image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Processing file: /ephox-image-proxy/ephox-image-proxy-docker-env.conf image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * External application.conf => /opt/ephox/application.conf image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Optional File (/opt/ephox/application.conf). Defaults to empty if file not found image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Internal Configuration image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> No extra internal configuration specified - skipping image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Default (Reference) Configuration image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - * Loading configuration files from classpath (reference.conf and integration.conf). Neither is required. image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - -> Raw Config assembled from various sources: ConfigOrigin(merge of /ephox-image-proxy/ephox-image-proxy-docker-env.conf: 1,system properties,reference.conf @ jar:file:/ephox-image-proxy/ephox-image-proxy.jar!/reference.conf: 1) image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO c.e.d.config.AllowedOriginsConfig$ - Read allowed-origins config (ignoring ports = true) as: image-proxy-tiny-1 | - good.com image-proxy-tiny-1 | - example.com image-proxy-tiny-1 | 2025-01-08 15:02:36 [io-compute-blocker-8] INFO emissary - emissary config loaded successfully: EmissaryConfig(SdkHttpConfig(HttpConfig(100,10,10,3,HttpConfigTimeouts(10,10,10),JvmTrustModel()),None),OriginWhitelist(List(good.com, example.com),OriginPrecision(true)),Some(10000000)) image-proxy-tiny-1 | 2025-01-08 15:02:37 [io-compute-1] INFO o.h.b.c.nio1.NIO1SocketServerGroup - Service bound to address /0:0:0:0:0:0:0:0:19040 image-proxy-tiny-1 | 2025-01-08 15:02:37 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder - image-proxy-tiny-1 | _ _ _ _ _ image-proxy-tiny-1 | | |_| |_| |_ _ __| | | ___ image-proxy-tiny-1 | | ' \\ _| _| '_ \\_ _(_-< image-proxy-tiny-1 | |_||_\\__|\\__| .__/ |_|/__/ image-proxy-tiny-1 | |_| image-proxy-tiny-1 | 2025-01-08 15:02:37 [io-compute-1] INFO o.h.blaze.server.BlazeServerBuilder - http4s v0.23.27 on blaze v0.23.16 started at http://[::]:19040/
Next Steps
-
Test the service via cURL command
To verify that the Image Proxy service is set up and functioning correctly within the container, ensure the service is running on port 19040. Once active, it should be ready to receive requests. The expected outputs below confirm proper configuration, assuming http://good.com is in the allowed origins and http://bad.com is not.
To check the service is running use:
curl http://localhost:19040/versionAn example output is: 2.111.1
To confirm that a request is being sent to the Image Proxy service, use:
curl --location 'http://localhost:19040/2/image?url=https%3A%2F%2Fraw.githubusercontent.com%2Fsrikomm%2FBMP-EDITING%2Frefs%2Fheads%2Fmaster%2Fsrc%2FInputs%2Ffish.bmp' \\ --header 'Origin: http://good.com'Finally, to verify if a request is unauthorized and originates from an incorrect origin, use:
curl --location 'http://localhost:19040/2/image?url=https%3A%2F%2Fraw.githubusercontent.com%2Fsrikomm%2FBMP-EDITING%2Frefs%2Fheads%2Fmaster%2Fsrc%2FInputs%2Ffish.bmp' \\ --header 'Origin: http://bad.com'If an error occurs, the expected message is:
{ "message": "The supplied authentication is not authorized to access this resource" }. -
Test directly in TinyMCE
Before deploying, it is recommended to test this service within the TinyMCE editor itself.
To do this, configure the Image Editing feature in the editor and call it via
tinymce.init. If running locally on the default port19040, use the following settings:tinymce.init({ …, editimage_cors_hosts: [ 'example.com', 'good.com' ], editimage_proxy_service_url: "http://localhost:19040" });