Proxying and inserting images in TinyMCE

We have CM1 running behind an nginx proxy, with CM1 listening on port 9992 and nginx listening on 443, doing SSL, and proxying to CM1. We wanted to serve CM1 on the standard HTTPS port with SSL, and from looking around here and talking to our coach, it seemed proxying was the way to go. Proxying also integrates well with our overall web server system.

So far, proxying has been dead-easy to set up. Almost everything in CM1 plays nice with the proxy with very little work on our end. However, we have one issue, that we believe is linked to proxying. We mainly believe it’s linked to proxying because connecting to CM1 directly on 9992 doesn’t have this problem.

When a user inserts an image into a rich text widget using the “Insert/edit image” button in TinyMCE, the link appears in the TinyMCE editor window as a broken image. When the changes to the widget are saved, the image shows up fine in the CM1 preview–but if the widget is edited again, the image is broken again. So the image is broken in the TinyMCE editor.

The protocol and host for the image’s src attribute is always , which explains why the image is broken. If you change the image src to an https:// protocol and CM1’s host on the default port, it works fine. So for some reason, CM1 is not putting the proper protocol and host in the TinyMCE image reference, although the rest of CM1 seems to work fine behind the proxy.

At first glance, it seems like this is an issue with our proxy config. is the address nginx is proxying to. Here’s the relevant portion of our nginx config:

listen 443 ssl;   
location / {   
# Other stuff   
} ```   
As you can see, we're not explicitly adding a host header to the proxy request, and perhaps that's confusing CM1. However, if we do add a host header, like so...   
``` location / {   
proxy\_set\_header Host;   
} ```   
...CM1's login breaks. You can get to the login page fine, but once you submit, you end up at ``` /Rhythmyx/sys_welcome/rxlogin.html#nocache=v1 ``` with a "Select a Community" form with one option. If you submit that form, you get sent to ``` ``` again, which, of course, breaks.   
Anyway, many words to describe a simple problem. I'm unsure if this is a problem with our proxy config, or a problem with CM1. On one hand, everything in CM1 seems to work fine behind the proxy except for this, so it seems to suggest an issue within CM1. On the other hand, there could easily be something wrong with our config, especially since I'm not passing any extra headers. What headers is CM1 looking for, and is there anything wrong with my config? How can we get this fixed?   
Thanks for taking the time to read!

Hi Richard,

You could try to set the localhost name in /etc/hosts aliased to the proxied host: localhost

and then modify your proxy_pass url to use the hostname instead of ip:



Jon, great suggestion! I hadn’t thought of that.

I did it, and it fixed half the problem. Now an image’s src is The protocol and port are still wrong.

Out of curiosity, is there a reason CM1 is specifying the full URL, with protocol and host, in the src here, as opposed to just specifying the web path like it does in most other places?

Hi Richard,

We’re looking at additional options on this. I’ll keep you posted on any progress.


Hi Richard,

Tying off this community post. The issue has been submitted to engineering and will be reviewed.

Hi Richard,

I’m the engineer working on your issue. I’ve been able to make changes to ensure we are returning relative urls for the links and images for the content in TinyMCE and elsewhere (mobile preview was also rendering with absolute urls).

I’ve noticed that when editing assets, when I click on the save button, the server sends back a 302 redirect to the browser, but the location of the redirect is an absolute url using the cm1 server’s host/port. However, in your testing, you reported that everything except the image urls in TinyMCE was working. I’m assuming your nginx proxy setup results in those redirect urls being rewritten to use the correct protocol, host and port?

Can you confirm that it’s a sufficient fix to ensure that no absolute urls are returned as part of the content of a page in CM1 (including what’s rendered inside TinyMCE), and that the proxy is handling re-writing any absolute redirect urls being returned?


Hi, Jay. Thanks for your work.

When I click the save button while editing a shared asset, I get one 302 at /Rhythmyx/psx_cepercRichTextAsset/percRichTextAsset.html It redirects me to the same location, but with some stuff added in the query string (i.e. “sys_revision” and “sys_contentid”). It doesn’t have the CM1 port added to it. As far as I can tell, that’s the only 302 that shows up in the ~127 requests that happen after clicking the save button. Is that the 302 you’re refering to?

Ha, looking at the nginx proxy docs, it appears that nginx’s default behavior is to rewrite HTTP redirect locations. Learn something new every day.

So with that, yeah, it’s probably sufficient to ensure that there are no absolute URLs used in the content. HTTP redirects should be handled by the nginxx.


Richard -

Yes, that’s the redirect I was asking about. Thanks for the quick turnaround.