othanc not working over remote connection
holakunle opened this issue · 4 comments
please orthanc is not working over remote connection using NUMERIC IP, please note i specified all the fields required as regards documentation. please review.. devtools shows it keeps pointing back to
<iframe src="http://localhost/keycloak/realms/orthanc/protocol/openid-connect/3p-cookies/step1.html" title="keycloak-3p-check-iframe" style="display: none;"></iframe>any help
I'm having the exact same issue.
I also have enabled https and tried with https://my.domain.com/orthanc/ui/app/ and I'm getting the same result. Blank page.
I figured it out. The answer is found here:
Accessing this demo from a remote client
If you wish to access this demo from a remote computer, you must configure the domain on which this setup is accessible (in this sample: mydomain.com). Update these settings:orthanc: ORTHANC_JSON -> OrthancExplorer2 -> Keycloak -> "Url": "http://mydomain.com/keycloak/"
keycloak: KC_HOSTNAME_URL: "http://mydomain.com/keycloak"
keycloak: KC_HOSTNAME_ADMIN_URL: "http://mydomain.com/keycloak"
You have to enable https (or it won't work), as shown in the json file. Uncomment this:
# KC_HOSTNAME_URL: "https://mydomain.com/keycloak"
# KC_HOSTNAME_ADMIN_URL: "https://mydomain.com/keycloak"
Then change to your actual domain. I'm not sure why the docs show http://mydomain.com/keycloak/ as an example. It should be https://mydomain.com/keycloak/.
Also, the proper cert files can be mounted like this in docker in the nginx container (I used certbot standalone, and I also use the OHIF plugin):
nginx:
image: orthancteam/orthanc-nginx:24.2.0
depends_on: [orthanc, orthanc-auth-service, keycloak]
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /etc/letsencrypt/live/mydomain.com/fullchain.pem:/etc/nginx/tls/crt.pem
- /etc/letsencrypt/live/mydomain.com/privkey.pem:/etc/nginx/tls/key.pem
environment:
ENABLE_ORTHANC: "true"
ENABLE_KEYCLOAK: "true"
ENABLE_ORTHANC_TOKEN_SERVICE: "true"
ENABLE_HTTPS: "true"
# to use OHIF-plugin: you don't need the OHIF reverse proxy
ENABLE_OHIF: "false"
I also create a file, permissions.jsonc:
{
"roles" : {
"admin-role": {
"permissions": ["all"],
"authorized_labels": ["*"]
},
"doctor-role": {
"permissions":["view", "download", "share", "send"],
"authorized_labels": ["*"]
},
"external-role": {
"permissions":["view", "download"],
"authorized_labels": ["external"]
}
}
}
Then mount it accordingly to the orthanc-auth-service container. When I check the logs, I see:
be patient, Keycloak may need more than 1 min to start
This is important because it does need several minutes to start. Then I can navigate to https://mydomain.com/orthanc/ui/app/ without issues and log in with admin
and change-me
. However, my problem now is that there is no way to upload studies (no upload button), and no way for me to change my admin password. The keycloak admin login (https://mydomain.com/keycloak/admin/master/console/) is a completely separate admin login with its own password.
Ok. Thanks 😊
closing issue due to inactivity