Mercurial > hg > orthanc-book
annotate Sphinx/source/faq/nginx.rst @ 1113:a588960a72e5 default tip
spelling
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Mon, 28 Oct 2024 09:23:08 +0100 |
parents | 1078027a8bd0 |
children |
rev | line source |
---|---|
0 | 1 .. _nginx: |
2 | |
3 How can I run Orthanc behind nginx? | |
4 =================================== | |
5 | |
6 Similarly to :ref:`Apache <apache>`, Orthanc can run behind `nginx | |
7 <https://en.wikipedia.org/wiki/Nginx>`__ through reverse | |
8 proxying. Here is the configuration snippet for nginx:: | |
9 | |
10 server { | |
11 listen 80 default_server; | |
12 ... | |
13 location /orthanc/ { | |
261
857f4870fd7f
nginx: localhost to 127.0.0.1
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
114
diff
changeset
|
14 proxy_pass http://127.0.0.1:8042; |
0 | 15 proxy_set_header HOST $host; |
16 proxy_set_header X-Real-IP $remote_addr; | |
17 rewrite /orthanc(.*) $1 break; | |
18 } | |
19 ... | |
20 } | |
21 | |
22 *Note:* Thanks to Qaler for `submitting this information | |
23 <https://groups.google.com/d/msg/orthanc-users/oTMCM6kElfw/uj0r062mptoJ>`__. | |
24 | |
114 | 25 You might also wish to adapt the ``client_max_body_size`` |
26 `configuration option of nginx | |
27 <http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size>`__ | |
28 to allow the uploading of DICOM files larger than the default 1MB if | |
29 using the :ref:`REST API <sending-dicom-images>` of Orthanc. | |
30 | |
0 | 31 |
929
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
32 .. _nginx-demo: |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
33 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
34 Setting up a demo server using nginx |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
35 ------------------------------------ |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
36 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
37 It is often needed to setup a demo server through which users can |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
38 access DICOM images, but cannot modify the content of the Orthanc |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
39 database. The easiest solution to this scenario is to place an Orthanc |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
40 server behind a nginx proxy, with a :ref:`Lua script |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
41 <lua-filter-rest>` that only grants read-only access to external |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
42 users. |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
43 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
44 .. highlight:: json |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
45 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
46 To this end, first define two users ``admin`` and ``public`` in the |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
47 :ref:`configuration file <configuration>` of Orthanc:: |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
48 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
49 { |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
50 "RemoteAccessAllowed" : true, |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
51 "AuthenticationEnabled" : true, |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
52 "RegisteredUsers" : { |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
53 "admin" : "orthanc", |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
54 "public" : "hello" |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
55 }, |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
56 "LuaScripts" : [ "ReadOnly.lua" ] |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
57 } |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
58 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
59 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
60 .. highlight:: lua |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
61 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
62 Next, disallow POST/PUT/DELETE requests to the ``public`` using the |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
63 ``ReadOnly.lua`` script:: |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
64 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
65 function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders) |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
66 if method == 'GET' then |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
67 return true |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
68 elseif username == 'admin' then |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
69 return true |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
70 else |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
71 return false |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
72 end |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
73 end |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
74 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
75 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
76 .. highlight:: text |
930 | 77 |
929
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
78 Finally, setup the nginx reverse proxy so that it automatically adds |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
79 the `HTTP basic authentication header |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
80 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__ that is |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
81 expected by Orthanc for the ``public`` user:: |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
82 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
83 server { |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
84 listen 80 default_server; |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
85 ... |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
86 location /orthanc/ { |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
87 proxy_pass http://127.0.0.1:8042; |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
88 proxy_set_header HOST $host; |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
89 proxy_set_header X-Real-IP $remote_addr; |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
90 rewrite /orthanc(.*) $1 break; |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
91 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
92 // Use the "public" user with the "hello" password |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
93 proxy_set_header Authorization "Basic cHVibGljOmhlbGxv"; |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
94 } |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
95 ... |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
96 } |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
97 |
931 | 98 The ``cHVibGljOmhlbGxv`` string corresponds to the `Base64 encoding |
929
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
99 <https://en.wikipedia.org/wiki/Base64>`__ of the string |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
100 ``public:hello``, as can be seen using the following bash command |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
101 line:: |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
102 |
931 | 103 $ echo -n 'public:hello' | base64 |
929
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
104 cHVibGljOmhlbGxv |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
105 |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
106 Note that more fine-grained access control can be achieved using |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
107 :ref:`Python plugins <python_authorization>` or the :ref:`advanced |
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
108 authorization plugin <authorization>`. |
931 | 109 |
930 | 110 Also, note that the ``admin`` user has full access to the REST API, |
931 | 111 including POST/PUT/DELETE requests. |
930 | 112 |
929
a7ac8e5edc89
setting up a demo server using nginx
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
484
diff
changeset
|
113 |
0 | 114 .. _nginx-cors: |
115 | |
116 Enabling CORS | |
117 ------------- | |
118 | |
484 | 119 Orthanc does not feature built-in support for `cross-origin resource |
120 sharing (CORS) | |
483 | 121 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`_. It |
122 is however possible to enable it with a nginx reverse proxy. Here is a | |
123 sample configuration for nginx:: | |
0 | 124 |
125 server { | |
126 listen 80 default_server; | |
127 ... | |
128 location /orthanc/ { | |
261
857f4870fd7f
nginx: localhost to 127.0.0.1
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
114
diff
changeset
|
129 proxy_pass http://127.0.0.1:8042; |
0 | 130 proxy_set_header HOST $host; |
131 proxy_set_header X-Real-IP $remote_addr; | |
132 rewrite /orthanc(.*) $1 break; | |
133 add_header 'Access-Control-Allow-Credentials' 'true'; | |
134 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
135 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; | |
136 add_header 'Access-Control-Allow-Origin' '*'; | |
137 } | |
138 ... | |
139 } | |
140 | |
141 *Note:* Thanks to Fernando for `submitting this information | |
142 <https://groups.google.com/d/msg/orthanc-users/LH-ej_fB-dw/CmWP4jM3BgAJ>`__. | |
143 |