annotate Sphinx/source/faq/nginx.rst @ 1113:a588960a72e5 default tip

spelling
author Alain Mazy <am@orthanc.team>
date Mon, 28 Oct 2024 09:23:08 +0100
parents 1078027a8bd0
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 .. _nginx:
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 How can I run Orthanc behind nginx?
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 ===================================
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 Similarly to :ref:`Apache <apache>`, Orthanc can run behind `nginx
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 <https://en.wikipedia.org/wiki/Nginx>`__ through reverse
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 proxying. Here is the configuration snippet for nginx::
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 server {
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 listen 80 default_server;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 ...
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 location /orthanc/ {
261
857f4870fd7f nginx: localhost to 127.0.0.1
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 114
diff changeset
14 proxy_pass http://127.0.0.1:8042;
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 proxy_set_header HOST $host;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 proxy_set_header X-Real-IP $remote_addr;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 rewrite /orthanc(.*) $1 break;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 }
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 ...
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 }
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 *Note:* Thanks to Qaler for `submitting this information
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 <https://groups.google.com/d/msg/orthanc-users/oTMCM6kElfw/uj0r062mptoJ>`__.
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24
114
736d30badda0 large POST body
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
25 You might also wish to adapt the ``client_max_body_size``
736d30badda0 large POST body
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
26 `configuration option of nginx
736d30badda0 large POST body
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
27 <http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size>`__
736d30badda0 large POST body
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
28 to allow the uploading of DICOM files larger than the default 1MB if
736d30badda0 large POST body
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
29 using the :ref:`REST API <sending-dicom-images>` of Orthanc.
736d30badda0 large POST body
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
30
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31
929
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
32 .. _nginx-demo:
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
33
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
34 Setting up a demo server using nginx
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
35 ------------------------------------
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
36
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
37 It is often needed to setup a demo server through which users can
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
38 access DICOM images, but cannot modify the content of the Orthanc
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
39 database. The easiest solution to this scenario is to place an Orthanc
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
40 server behind a nginx proxy, with a :ref:`Lua script
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
41 <lua-filter-rest>` that only grants read-only access to external
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
42 users.
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
43
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
44 .. highlight:: json
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
45
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
46 To this end, first define two users ``admin`` and ``public`` in the
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
47 :ref:`configuration file <configuration>` of Orthanc::
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
48
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
49 {
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
50 "RemoteAccessAllowed" : true,
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
51 "AuthenticationEnabled" : true,
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
52 "RegisteredUsers" : {
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
53 "admin" : "orthanc",
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
54 "public" : "hello"
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
55 },
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
56 "LuaScripts" : [ "ReadOnly.lua" ]
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
57 }
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
58
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
59
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
60 .. highlight:: lua
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
61
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
62 Next, disallow POST/PUT/DELETE requests to the ``public`` using the
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
63 ``ReadOnly.lua`` script::
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
64
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
65 function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders)
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
66 if method == 'GET' then
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
67 return true
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
68 elseif username == 'admin' then
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
69 return true
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
70 else
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
71 return false
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
72 end
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
73 end
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
74
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
75
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
76 .. highlight:: text
930
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 929
diff changeset
77
929
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
78 Finally, setup the nginx reverse proxy so that it automatically adds
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
79 the `HTTP basic authentication header
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
80 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__ that is
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
81 expected by Orthanc for the ``public`` user::
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
82
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
83 server {
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
84 listen 80 default_server;
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
85 ...
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
86 location /orthanc/ {
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
87 proxy_pass http://127.0.0.1:8042;
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
88 proxy_set_header HOST $host;
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
89 proxy_set_header X-Real-IP $remote_addr;
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
90 rewrite /orthanc(.*) $1 break;
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
91
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
92 // Use the "public" user with the "hello" password
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
93 proxy_set_header Authorization "Basic cHVibGljOmhlbGxv";
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
94 }
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
95 ...
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
96 }
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
97
931
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 930
diff changeset
98 The ``cHVibGljOmhlbGxv`` string corresponds to the `Base64 encoding
929
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
99 <https://en.wikipedia.org/wiki/Base64>`__ of the string
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
100 ``public:hello``, as can be seen using the following bash command
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
101 line::
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
102
931
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 930
diff changeset
103 $ echo -n 'public:hello' | base64
929
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
104 cHVibGljOmhlbGxv
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
105
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
106 Note that more fine-grained access control can be achieved using
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
107 :ref:`Python plugins <python_authorization>` or the :ref:`advanced
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
108 authorization plugin <authorization>`.
931
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 930
diff changeset
109
930
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 929
diff changeset
110 Also, note that the ``admin`` user has full access to the REST API,
931
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 930
diff changeset
111 including POST/PUT/DELETE requests.
930
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 929
diff changeset
112
929
a7ac8e5edc89 setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 484
diff changeset
113
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
114 .. _nginx-cors:
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
115
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
116 Enabling CORS
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
117 -------------
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
118
484
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 483
diff changeset
119 Orthanc does not feature built-in support for `cross-origin resource
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 483
diff changeset
120 sharing (CORS)
483
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 261
diff changeset
121 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`_. It
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 261
diff changeset
122 is however possible to enable it with a nginx reverse proxy. Here is a
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 261
diff changeset
123 sample configuration for nginx::
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
124
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
125 server {
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
126 listen 80 default_server;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
127 ...
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
128 location /orthanc/ {
261
857f4870fd7f nginx: localhost to 127.0.0.1
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 114
diff changeset
129 proxy_pass http://127.0.0.1:8042;
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
130 proxy_set_header HOST $host;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
131 proxy_set_header X-Real-IP $remote_addr;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
132 rewrite /orthanc(.*) $1 break;
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
133 add_header 'Access-Control-Allow-Credentials' 'true';
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
134 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
135 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
136 add_header 'Access-Control-Allow-Origin' '*';
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
137 }
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
138 ...
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
139 }
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
140
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
141 *Note:* Thanks to Fernando for `submitting this information
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
142 <https://groups.google.com/d/msg/orthanc-users/LH-ej_fB-dw/CmWP4jM3BgAJ>`__.
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
143