init
This commit is contained in:
@@ -0,0 +1,261 @@
|
||||
worker_processes 2;
|
||||
error_log /var/logs/nginx/mydomain.error.log;
|
||||
pid /var/run/nginx.pid;
|
||||
include /usr/share/nginx/modules/*.conf; # See /usr/share/doc/nginx/README.dynamic.
|
||||
|
||||
events {
|
||||
worker_connections 1024; ## Default: 1024
|
||||
use epoll; # http://nginx.org/en/docs/events.html
|
||||
multi_accept on; # http://nginx.org/en/docs/ngx_core_module.html#multi_accept
|
||||
}
|
||||
|
||||
# Core Modules Docs:
|
||||
# http://nginx.org/en/docs/http/ngx_http_core_module.html
|
||||
http {
|
||||
include '/usr/local/openresty/nginx/conf/mime.types';
|
||||
default_type application/octet-stream;
|
||||
|
||||
keepalive_timeout 65;
|
||||
keepalive_requests 100000;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
# lua_ settings
|
||||
#
|
||||
lua_package_path '/usr/local/openresty/lualib/?.lua;;/usr/local/share/lua/5.4/?.lua;;';
|
||||
lua_shared_dict discovery 1m; # cache for discovery metadata documents
|
||||
lua_shared_dict jwks 1m; # cache for JWKs
|
||||
# lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
||||
|
||||
variables_hash_max_size 2048;
|
||||
server_names_hash_bucket_size 128;
|
||||
server_tokens off;
|
||||
|
||||
resolver 8.8.8.8 valid=30s ipv6=off;
|
||||
resolver_timeout 11s;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
# No idea what this is doing
|
||||
# https://stackoverflow.com/a/5877989/1867984
|
||||
# upstream upstream_server {
|
||||
# # server 10.100.4.200:1010 max_fails=3 fail_timeout=30s;
|
||||
# server 127.0.0.1:
|
||||
# }
|
||||
|
||||
# Nginx `listener` block
|
||||
server {
|
||||
listen [::]:80 default_server;
|
||||
listen 80;
|
||||
# listen 443 ssl;
|
||||
access_log /var/logs/nginx/mydomain.access.log;
|
||||
|
||||
# Domain to protect
|
||||
server_name 127.0.0.1 localhost; # mydomain.com;
|
||||
proxy_intercept_errors off;
|
||||
# ssl_certificate /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/live/mydomain.co.uk/privkey.pem;
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript application/json image/svg+xml;
|
||||
gzip_comp_level 9;
|
||||
etag on;
|
||||
|
||||
# https://github.com/bungle/lua-resty-session/issues/15
|
||||
set $session_check_ssi off;
|
||||
lua_code_cache off;
|
||||
set $session_secret Eeko7aeb6iu5Wohch9Loo1aitha0ahd1;
|
||||
set $session_storage cookie;
|
||||
|
||||
server_tokens off; # Hides server version num
|
||||
|
||||
# [PROTECTED] Reverse Proxy for `orthanc` admin
|
||||
#
|
||||
location /pacs-admin/ {
|
||||
access_by_lua_block {
|
||||
local opts = {
|
||||
redirect_uri = "http://127.0.0.1/pacs-admin/admin",
|
||||
discovery = "http://127.0.0.1/auth/realms/ohif/.well-known/openid-configuration",
|
||||
token_endpoint_auth_method = "client_secret_basic",
|
||||
client_id = "pacs",
|
||||
client_secret = "66279641-eba6-47f5-9fdb-70c4ac74d548",
|
||||
client_jwt_assertion_expires_in = 60 * 60,
|
||||
ssl_verify = "no",
|
||||
scope = "openid email profile",
|
||||
refresh_session_interval = 900,
|
||||
redirect_uri_scheme = "http",
|
||||
redirect_after_logout_uri = "/",
|
||||
session_contents = {id_token=true}
|
||||
}
|
||||
|
||||
-- call authenticate for OpenID Connect user authentication
|
||||
local res, err = require("resty.openidc").authenticate(opts)
|
||||
|
||||
if err or not res then
|
||||
ngx.print(err)
|
||||
ngx.status = 200
|
||||
ngx.say(err and err or "no access_token provided")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
|
||||
-- Or set cookie?
|
||||
-- ngx.req.set_header("Authorization", "Bearer " .. res.access_token)
|
||||
ngx.req.set_header("X-USER", res.id_token.sub)
|
||||
}
|
||||
|
||||
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
expires 0;
|
||||
add_header Cache-Control private;
|
||||
|
||||
proxy_pass http://orthanc:8042/;
|
||||
}
|
||||
|
||||
# [PROTECTED] Reverse Proxy for `orthanc` APIs (including DICOMWeb)
|
||||
#
|
||||
location /pacs/ {
|
||||
access_by_lua_block {
|
||||
local opts = {
|
||||
discovery = "http://127.0.0.1/auth/realms/ohif/.well-known/openid-configuration",
|
||||
}
|
||||
|
||||
-- call bearer_jwt_verify for OAuth 2.0 JWT validation
|
||||
local res, err = require("resty.openidc").bearer_jwt_verify(opts)
|
||||
|
||||
if err or not res then
|
||||
ngx.status = 403
|
||||
ngx.say(err and err or "no access_token provided")
|
||||
ngx.exit(ngx.HTTP_FORBIDDEN)
|
||||
end
|
||||
}
|
||||
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
expires 0;
|
||||
add_header Cache-Control private;
|
||||
|
||||
proxy_pass http://orthanc:8042/;
|
||||
|
||||
# By default, this endpoint is protected by CORS (cross-origin-resource-sharing)
|
||||
# You can add headers to allow other domains to request this resource.
|
||||
# See the "Updating CORS Settings" example below
|
||||
}
|
||||
|
||||
# Keycloak
|
||||
#
|
||||
location /auth/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_pass http://keycloak:8080/auth/;
|
||||
}
|
||||
|
||||
# Do not cache sw.js, required for offline-first updates.
|
||||
location /sw.js {
|
||||
add_header Cache-Control "no-cache";
|
||||
proxy_cache_bypass $http_pragma;
|
||||
proxy_cache_revalidate on;
|
||||
expires off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Single Page App
|
||||
# Try files, fallback to index.html
|
||||
#
|
||||
location / {
|
||||
alias /var/www/html/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /index.html;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
|
||||
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
}
|
||||
|
||||
# EXAMPLE: Reverse Proxy, no auth
|
||||
# [UNPROTECTED] reverse proxy for `orthanc`
|
||||
#
|
||||
# location /pacs/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
#
|
||||
# proxy_pass http://orthanc:8042/;
|
||||
#
|
||||
# # OR
|
||||
# # rewrite ^/pacs(.*) /$1 break;
|
||||
# # proxy_pass http://orthanc:8042;
|
||||
# }
|
||||
|
||||
# EXAMPLE: Modifying headers to allow requests from other domains
|
||||
# IE. Updating CORS settings
|
||||
#
|
||||
# location / {
|
||||
# if ($request_method = 'OPTIONS') {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# #
|
||||
# # Custom headers and headers various browsers *should* be OK with but aren't
|
||||
# #
|
||||
# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
# #
|
||||
# # Tell client that this pre-flight info is valid for 20 days
|
||||
# #
|
||||
# add_header 'Access-Control-Allow-Headers' 'Authorization';
|
||||
# add_header 'Access-Control-Allow-Credentials' true;
|
||||
# add_header 'Access-Control-Max-Age' 1728000;
|
||||
# add_header 'Content-Length' 0;
|
||||
# return 204;
|
||||
# }
|
||||
# if ($request_method = 'POST') {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
||||
# }
|
||||
# if ($request_method = 'GET') {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
||||
# add_header 'Access-Control-Allow-Headers' 'Authorization';
|
||||
# add_header 'Access-Control-Allow-Credentials' true;
|
||||
# }
|
||||
#
|
||||
# # proxy_http_version 1.1;
|
||||
#
|
||||
# # proxy_set_header Host $host;
|
||||
# # proxy_set_header X-Real-IP $remote_addr;
|
||||
# # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# # proxy_set_header X-Forwarded-Proto $scheme;
|
||||
#
|
||||
# proxy_pass http://orthanc:8042;
|
||||
# }
|
||||
|
||||
# EXAMPLE: Redirect server error pages to the static page /40x.html
|
||||
#
|
||||
# error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
# }
|
||||
|
||||
# EXAMPLE: Redirect server error pages to the static page /50x.html
|
||||
#
|
||||
# error_page 500 502 503 504 /50x.html;
|
||||
# location = /50x.html {
|
||||
# }
|
||||
}
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,89 @@
|
||||
{
|
||||
"Name": "Orthanc inside Docker",
|
||||
"StorageDirectory": "/var/lib/orthanc/db",
|
||||
"IndexDirectory": "/var/lib/orthanc/db",
|
||||
"StorageCompression": false,
|
||||
"MaximumStorageSize": 0,
|
||||
"MaximumPatientCount": 0,
|
||||
"LuaScripts": [],
|
||||
"Plugins": ["/usr/share/orthanc/plugins", "/usr/local/share/orthanc/plugins"],
|
||||
"ConcurrentJobs": 2,
|
||||
"HttpServerEnabled": true,
|
||||
"HttpPort": 8042,
|
||||
"HttpDescribeErrors": true,
|
||||
"HttpCompressionEnabled": true,
|
||||
"DicomServerEnabled": true,
|
||||
"DicomAet": "ORTHANC",
|
||||
"DicomCheckCalledAet": false,
|
||||
"DicomPort": 4242,
|
||||
"DefaultEncoding": "Latin1",
|
||||
"DeflatedTransferSyntaxAccepted": true,
|
||||
"JpegTransferSyntaxAccepted": true,
|
||||
"Jpeg2000TransferSyntaxAccepted": true,
|
||||
"JpegLosslessTransferSyntaxAccepted": true,
|
||||
"JpipTransferSyntaxAccepted": true,
|
||||
"Mpeg2TransferSyntaxAccepted": true,
|
||||
"RleTransferSyntaxAccepted": true,
|
||||
"UnknownSopClassAccepted": false,
|
||||
"DicomScpTimeout": 30,
|
||||
|
||||
"RemoteAccessAllowed": true,
|
||||
"SslEnabled": false,
|
||||
"SslCertificate": "certificate.pem",
|
||||
"AuthenticationEnabled": false,
|
||||
"RegisteredUsers": {
|
||||
"test": "test"
|
||||
},
|
||||
"DicomModalities": {},
|
||||
"DicomModalitiesInDatabase": false,
|
||||
"DicomAlwaysAllowEcho": true,
|
||||
"DicomAlwaysAllowStore": true,
|
||||
"DicomCheckModalityHost": false,
|
||||
"DicomScuTimeout": 10,
|
||||
"OrthancPeers": {},
|
||||
"OrthancPeersInDatabase": false,
|
||||
"HttpProxy": "",
|
||||
|
||||
"HttpVerbose": true,
|
||||
|
||||
"HttpTimeout": 10,
|
||||
"HttpsVerifyPeers": true,
|
||||
"HttpsCACertificates": "",
|
||||
"UserMetadata": {},
|
||||
"UserContentType": {},
|
||||
"StableAge": 60,
|
||||
"StrictAetComparison": false,
|
||||
"StoreMD5ForAttachments": true,
|
||||
"LimitFindResults": 0,
|
||||
"LimitFindInstances": 0,
|
||||
"LimitJobs": 10,
|
||||
"LogExportedResources": false,
|
||||
"KeepAlive": true,
|
||||
"TcpNoDelay": true,
|
||||
"HttpThreadsCount": 50,
|
||||
"StoreDicom": true,
|
||||
"DicomAssociationCloseDelay": 5,
|
||||
"QueryRetrieveSize": 10,
|
||||
"CaseSensitivePN": false,
|
||||
"LoadPrivateDictionary": true,
|
||||
"Dictionary": {},
|
||||
"SynchronousCMove": true,
|
||||
"JobsHistorySize": 10,
|
||||
"SaveJobs": true,
|
||||
"OverwriteInstances": false,
|
||||
"MediaArchiveSize": 1,
|
||||
"StorageAccessOnFind": "Always",
|
||||
"MetricsEnabled": true,
|
||||
|
||||
"DicomWeb": {
|
||||
"Enable": true,
|
||||
"Root": "/dicom-web/",
|
||||
"EnableWado": true,
|
||||
"WadoRoot": "/wado",
|
||||
"Host": "127.0.0.1",
|
||||
"Ssl": false,
|
||||
"StowMaxInstances": 10,
|
||||
"StowMaxSize": 10,
|
||||
"QidoCaseSensitive": false
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,95 @@
|
||||
# Reference:
|
||||
# - https://docs.docker.com/compose/compose-file
|
||||
# - https://eclipsesource.com/blogs/2018/01/11/authenticating-reverse-proxy-with-keycloak/
|
||||
|
||||
version: '3.5'
|
||||
|
||||
services:
|
||||
# Exposed server that's handling incoming web requests
|
||||
# Underlying image: openresty/openresty:alpine-fat
|
||||
ohif_viewer:
|
||||
build:
|
||||
# Project root
|
||||
context: ./../../../../
|
||||
# Relative to context
|
||||
dockerfile: ./platform/app/.recipes/OpenResty-Orthanc-Keycloak/dockerfile
|
||||
image: webapp:latest
|
||||
container_name: webapp
|
||||
volumes:
|
||||
# Nginx config
|
||||
- ./config/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
|
||||
# Logs
|
||||
- ./logs/nginx:/var/logs/nginx
|
||||
# Let's Encrypt
|
||||
# - letsencrypt_certificates:/etc/letsencrypt
|
||||
# - letsencrypt_challenges:/var/www/letsencrypt
|
||||
ports:
|
||||
- '443:443' # SSL
|
||||
- '80:80' # Web
|
||||
depends_on:
|
||||
- keycloak
|
||||
- orthanc
|
||||
restart: on-failure
|
||||
|
||||
# LINK: https://hub.docker.com/r/jodogne/orthanc-plugins/
|
||||
# TODO: Update to use Postgres
|
||||
# https://github.com/mrts/docker-postgresql-multiple-databases
|
||||
orthanc:
|
||||
image: jodogne/orthanc-plugins
|
||||
hostname: orthanc
|
||||
container_name: orthanc
|
||||
volumes:
|
||||
# Config
|
||||
- ./config/orthanc.json:/etc/orthanc/orthanc.json:ro
|
||||
# Persist data
|
||||
- ./volumes/orthanc-db/:/var/lib/orthanc/db/
|
||||
restart: unless-stopped
|
||||
|
||||
# LINK: https://hub.docker.com/r/jboss/keycloak
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:6.0.0
|
||||
hostname: keycloak
|
||||
container_name: keycloak
|
||||
volumes:
|
||||
# Theme: https://www.keycloak.org/docs/latest/server_development/index.html#_themes
|
||||
- ./volumes/keycloak-themes/ohif:/opt/jboss/keycloak/themes/ohif
|
||||
# Previous Realm Config
|
||||
- ./config/ohif-keycloak-realm.json:/tmp/ohif-keycloak-realm.json
|
||||
environment:
|
||||
# Database
|
||||
DB_VENDOR: postgres
|
||||
DB_ADDR: postgres
|
||||
DB_PORT: 5432
|
||||
DB_DATABASE: keycloak
|
||||
DB_SCHEMA: public
|
||||
DB_USER: keycloak
|
||||
DB_PASSWORD: password
|
||||
# Keycloak
|
||||
KEYCLOAK_USER: admin
|
||||
KEYCLOAK_PASSWORD: password
|
||||
KEYCLOAK_IMPORT: /tmp/ohif-keycloak-realm.json
|
||||
# KEYCLOAK_WELCOME_THEME: <theme-name>
|
||||
# KEYCLOAK_DEFAULT_THEME: <theme-name>
|
||||
# KEYCLOAK_HOSTNAME: (recommended in prod)
|
||||
# KEYCLOAK_LOGLEVEL: DEBUG
|
||||
PROXY_ADDRESS_FORWARDING: 'true'
|
||||
depends_on:
|
||||
- postgres
|
||||
restart: unless-stopped
|
||||
|
||||
# LINK: https://hub.docker.com/_/postgres/
|
||||
postgres:
|
||||
image: postgres:11.2
|
||||
hostname: postgres
|
||||
container_name: postgres
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_DB: keycloak
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: password
|
||||
restart: unless-stopped
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
driver: local
|
||||
@@ -0,0 +1,85 @@
|
||||
# docker-compose
|
||||
# --------------
|
||||
# This dockerfile is used by the `docker-compose.yml` adjacent file. When
|
||||
# running `docker compose build`, this dockerfile helps build the "webapp" image.
|
||||
# All paths are relative to the `context`, which is the project root directory.
|
||||
#
|
||||
# docker build
|
||||
# --------------
|
||||
# If you would like to use this dockerfile to build and tag an image, make sure
|
||||
# you set the context to the project's root directory:
|
||||
# https://docs.docker.com/engine/reference/commandline/build/
|
||||
#
|
||||
#
|
||||
# SUMMARY
|
||||
# --------------
|
||||
# This dockerfile has two stages:
|
||||
#
|
||||
# 1. Building the React application for production
|
||||
# 2. Setting up our Nginx (OpenResty*) image w/ step one's output
|
||||
#
|
||||
# * OpenResty is functionally identical to Nginx with the addition of Lua out of
|
||||
# the box.
|
||||
|
||||
|
||||
# Stage 1: Build the application
|
||||
FROM node:18.16.1-slim as builder
|
||||
|
||||
RUN mkdir /usr/src/app
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
RUN apt-get update && apt-get install -y build-essential python3
|
||||
|
||||
ENV APP_CONFIG=config/docker_openresty-orthanc-keycloak.js
|
||||
ENV PATH /usr/src/app/node_modules/.bin:$PATH
|
||||
|
||||
# Copy all files from the root of the OHIF source and note
|
||||
# that the Docker ignore file at the root (i.e. ./dockerignore) will filter
|
||||
# out files and directories that are not needed.
|
||||
COPY ./ /usr/src/app/
|
||||
|
||||
ADD . /usr/src/app/
|
||||
RUN yarn config set workspaces-experimental true
|
||||
RUN yarn install
|
||||
RUN yarn run build
|
||||
|
||||
# Stage 2: Bundle the built application into a Docker container
|
||||
# which runs openresty (nginx) using Alpine Linux
|
||||
# LINK: https://hub.docker.com/r/openresty/openresty
|
||||
FROM openresty/openresty:1.21.4.2-0-bullseye-fat
|
||||
|
||||
RUN mkdir /var/log/nginx
|
||||
RUN apt-get update && \
|
||||
apt-get install -y openssl libssl-dev git gcc wget unzip make&& \
|
||||
apt-get clean
|
||||
|
||||
RUN apt-get install --assume-yes lua5.4 libzmq3-dev lua5.4-dev
|
||||
RUN cd /tmp && \
|
||||
wget http://luarocks.org/releases/luarocks-3.9.2.tar.gz && \
|
||||
tar zxpf luarocks-3.9.2.tar.gz && \
|
||||
cd luarocks-3.9.2 && \
|
||||
./configure && \
|
||||
make && \
|
||||
make install
|
||||
|
||||
# !!!
|
||||
RUN luarocks install lua-resty-http
|
||||
# RUN luarocks install lua-nginx-module
|
||||
RUN luarocks install lua-cjson
|
||||
RUN luarocks install lua-resty-string
|
||||
RUN luarocks install lua-resty-session
|
||||
RUN luarocks install lua-resty-jwt
|
||||
RUN luarocks install lua-resty-openidc
|
||||
|
||||
RUN apt-get clean && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
#
|
||||
RUN luarocks install lua-resty-http
|
||||
# !!!
|
||||
RUN luarocks install lua-resty-auto-ssl
|
||||
|
||||
|
||||
# Copy build output to image
|
||||
COPY --from=builder /usr/src/app/platform/app/dist /var/www/html
|
||||
|
||||
ENTRYPOINT ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"]
|
||||
@@ -0,0 +1,196 @@
|
||||
body {
|
||||
background-color: #040507;
|
||||
background-image: url('../img/background.jpg');
|
||||
background-size: cover;
|
||||
background-repeat: no-repeat;
|
||||
|
||||
width: 100vw;
|
||||
height: 100vh;
|
||||
overflow: hidden;
|
||||
|
||||
color: #fff;
|
||||
font-family: sans-serif;
|
||||
text-shadow: 0px 0px 10px #000;
|
||||
}
|
||||
|
||||
a {
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
div#kc-content {
|
||||
position: absolute;
|
||||
top: 20%;
|
||||
left: 50%;
|
||||
width: 550px;
|
||||
margin-left: -180px;
|
||||
}
|
||||
|
||||
div#kc-form {
|
||||
float: left;
|
||||
width: 350px;
|
||||
}
|
||||
|
||||
div#kc-form label {
|
||||
display: block;
|
||||
font-size: 16px;
|
||||
}
|
||||
|
||||
div#info-area {
|
||||
position: fixed;
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
margin-top: 40px;
|
||||
background-color: rgba(0, 0, 0, 0.4);
|
||||
padding: 20px;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
div#info-area p {
|
||||
margin-right: 30px;
|
||||
display: inline;
|
||||
text-shadow: none;
|
||||
}
|
||||
|
||||
input[type='text'],
|
||||
input[type='password'] {
|
||||
color: #333;
|
||||
font-size: 18px;
|
||||
margin-bottom: 20px;
|
||||
background-color: rgba(256, 256, 256, 0.7);
|
||||
border: 0px solid rgba(0, 0, 0, 0.2);
|
||||
box-shadow: inset 0 0 2px 2px rgba(0, 0, 0, 0.15);
|
||||
padding: 10px;
|
||||
width: 296px;
|
||||
}
|
||||
|
||||
input[type='text']:hover,
|
||||
input[type='password']:hover {
|
||||
background-color: rgba(256, 256, 256, 0.9);
|
||||
}
|
||||
|
||||
input[type='submit'] {
|
||||
border: none;
|
||||
|
||||
background: -webkit-linear-gradient(top, rgba(255, 255, 255, 0.8), rgba(255, 255, 255, 0.1));
|
||||
background: -moz-linear-gradient(top, rgba(255, 255, 255, 0.8), rgba(255, 255, 255, 0.1));
|
||||
background: -ms-linear-gradient(top, rgba(255, 255, 255, 0.8), rgba(255, 255, 255, 0.1));
|
||||
background: -o-linear-gradient(top, rgba(255, 255, 255, 0.8), rgba(255, 255, 255, 0.1));
|
||||
|
||||
box-shadow: 0px 0px 6px rgba(0, 0, 0, 0.5);
|
||||
|
||||
color: rgba(0, 0, 0, 0.6);
|
||||
|
||||
font-size: 14px;
|
||||
font-weight: bold;
|
||||
|
||||
padding: 10px;
|
||||
margin-top: 20px;
|
||||
margin-right: 10px;
|
||||
width: 150px;
|
||||
}
|
||||
|
||||
input[type='submit']:hover {
|
||||
background-color: rgba(255, 255, 255, 0.8);
|
||||
}
|
||||
|
||||
div#kc-form-options div {
|
||||
display: inline-block;
|
||||
margin-right: 20px;
|
||||
font-size: 12px;
|
||||
}
|
||||
|
||||
div#kc-form-options div label {
|
||||
font-size: 12px;
|
||||
}
|
||||
|
||||
div#kc-feedback {
|
||||
box-shadow: 0px 0px 6px rgba(0, 0, 0, 0.5);
|
||||
position: fixed;
|
||||
top: 0;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
div#kc-feedback-wrapper {
|
||||
padding: 1em;
|
||||
}
|
||||
|
||||
div.feedback-success {
|
||||
background-color: rgba(155, 155, 255, 0.1);
|
||||
}
|
||||
|
||||
div.feedback-warning {
|
||||
background-color: rgba(255, 175, 0, 0.1);
|
||||
}
|
||||
|
||||
div.feedback-error {
|
||||
background-color: rgba(255, 0, 0, 0.1);
|
||||
}
|
||||
|
||||
div#kc-header {
|
||||
display: none;
|
||||
}
|
||||
|
||||
div#kc-registration {
|
||||
margin-bottom: 20px;
|
||||
}
|
||||
|
||||
div#social-login {
|
||||
border-left: 1px solid rgba(255, 255, 255, 0.2);
|
||||
float: right;
|
||||
width: 150px;
|
||||
padding: 20px 0 200px 40px;
|
||||
}
|
||||
|
||||
div.social-login span {
|
||||
display: none;
|
||||
}
|
||||
|
||||
div#kc-social-providers ul {
|
||||
list-style: none;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
div#kc-social-providers ul li {
|
||||
margin-bottom: 20px;
|
||||
}
|
||||
|
||||
div#kc-social-providers ul li span {
|
||||
display: inline;
|
||||
width: 100px;
|
||||
}
|
||||
|
||||
a.zocial {
|
||||
border: none;
|
||||
background: -webkit-linear-gradient(
|
||||
top,
|
||||
rgba(255, 255, 255, 0.8),
|
||||
rgba(255, 255, 255, 0.1)
|
||||
) !important;
|
||||
background: -moz-linear-gradient(
|
||||
top,
|
||||
rgba(255, 255, 255, 0.8),
|
||||
rgba(255, 255, 255, 0.1)
|
||||
) !important;
|
||||
background: -ms-linear-gradient(
|
||||
top,
|
||||
rgba(255, 255, 255, 0.8),
|
||||
rgba(255, 255, 255, 0.1)
|
||||
) !important;
|
||||
background: -o-linear-gradient(
|
||||
top,
|
||||
rgba(255, 255, 255, 0.8),
|
||||
rgba(255, 255, 255, 0.1)
|
||||
) !important;
|
||||
box-shadow: 0px 0px 6px rgba(0, 0, 0, 0.5);
|
||||
color: rgba(0, 0, 0, 0.6);
|
||||
width: 130px;
|
||||
text-shadow: none;
|
||||
-webkit-border-radius: 0;
|
||||
-moz-border-radius: 0;
|
||||
border-radius: 0;
|
||||
padding-top: 0.2em;
|
||||
padding-bottom: 0.2em;
|
||||
}
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 3.0 MiB |
@@ -0,0 +1,3 @@
|
||||
parent=base
|
||||
import=common/keycloak
|
||||
styles=lib/zocial/zocial.css css/styles.css
|
||||
@@ -0,0 +1,2 @@
|
||||
*
|
||||
!.gitignore
|
||||
@@ -0,0 +1,137 @@
|
||||
worker_processes 2;
|
||||
error_log /var/logs/nginx/mydomain.error.log;
|
||||
pid /var/run/nginx.pid;
|
||||
include /usr/share/nginx/modules/*.conf; # See /usr/share/doc/nginx/README.dynamic.
|
||||
|
||||
events {
|
||||
worker_connections 1024; ## Default: 1024
|
||||
use epoll; # http://nginx.org/en/docs/events.html
|
||||
multi_accept on; # http://nginx.org/en/docs/ngx_core_module.html#multi_accept
|
||||
}
|
||||
|
||||
# Core Modules Docs:
|
||||
# http://nginx.org/en/docs/http/ngx_http_core_module.html
|
||||
http {
|
||||
include '/usr/local/openresty/nginx/conf/mime.types';
|
||||
default_type application/octet-stream;
|
||||
|
||||
keepalive_timeout 65;
|
||||
keepalive_requests 100000;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
# lua_ settings
|
||||
#
|
||||
lua_package_path '/usr/local/openresty/lualib/?.lua;;';
|
||||
lua_shared_dict discovery 1m; # cache for discovery metadata documents
|
||||
lua_shared_dict jwks 1m; # cache for JWKs
|
||||
# lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
||||
|
||||
variables_hash_max_size 2048;
|
||||
server_names_hash_bucket_size 128;
|
||||
server_tokens off;
|
||||
|
||||
resolver 8.8.8.8 valid=30s ipv6=off;
|
||||
resolver_timeout 11s;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
# Nginx `listener` block
|
||||
server {
|
||||
listen [::]:80 default_server;
|
||||
listen 80;
|
||||
# listen 443 ssl;
|
||||
access_log /var/logs/nginx/mydomain.access.log;
|
||||
|
||||
# Domain to protect
|
||||
server_name 127.0.0.1 localhost; # mydomain.com;
|
||||
proxy_intercept_errors off;
|
||||
# ssl_certificate /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/live/mydomain.co.uk/privkey.pem;
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript application/json image/svg+xml;
|
||||
gzip_comp_level 9;
|
||||
etag on;
|
||||
|
||||
# https://github.com/bungle/lua-resty-session/issues/15
|
||||
set $session_check_ssi off;
|
||||
lua_code_cache off;
|
||||
set $session_secret Eeko7aeb6iu5Wohch9Loo1aitha0ahd1;
|
||||
set $session_storage cookie;
|
||||
|
||||
server_tokens off; # Hides server version num
|
||||
|
||||
# Reverse Proxy for `orthanc` admin
|
||||
#
|
||||
location /pacs-admin/ {
|
||||
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
expires 0;
|
||||
add_header Cache-Control private;
|
||||
|
||||
proxy_pass http://orthanc:8042/;
|
||||
}
|
||||
|
||||
# Reverse Proxy for `orthanc` APIs (including DICOMWeb)
|
||||
#
|
||||
location /pacs/ {
|
||||
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
expires 0;
|
||||
add_header Cache-Control private;
|
||||
|
||||
proxy_pass http://orthanc:8042/;
|
||||
|
||||
# By default, this endpoint is protected by CORS (cross-origin-resource-sharing)
|
||||
# You can add headers to allow other domains to request this resource.
|
||||
# See the "Updating CORS Settings" example below
|
||||
}
|
||||
|
||||
# Do not cache sw.js, required for offline-first updates.
|
||||
location /sw.js {
|
||||
add_header Cache-Control "no-cache";
|
||||
proxy_cache_bypass $http_pragma;
|
||||
proxy_cache_revalidate on;
|
||||
expires off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Single Page App
|
||||
# Try files, fallback to index.html
|
||||
#
|
||||
location / {
|
||||
alias /var/www/html/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /index.html;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
|
||||
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
}
|
||||
|
||||
# EXAMPLE: Redirect server error pages to the static page /40x.html
|
||||
#
|
||||
# error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
# }
|
||||
|
||||
# EXAMPLE: Redirect server error pages to the static page /50x.html
|
||||
#
|
||||
# error_page 500 502 503 504 /50x.html;
|
||||
# location = /50x.html {
|
||||
# }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,89 @@
|
||||
{
|
||||
"Name": "Orthanc inside Docker",
|
||||
"StorageDirectory": "/var/lib/orthanc/db",
|
||||
"IndexDirectory": "/var/lib/orthanc/db",
|
||||
"StorageCompression": false,
|
||||
"MaximumStorageSize": 0,
|
||||
"MaximumPatientCount": 0,
|
||||
"LuaScripts": [],
|
||||
"Plugins": ["/usr/share/orthanc/plugins", "/usr/local/share/orthanc/plugins"],
|
||||
"ConcurrentJobs": 2,
|
||||
"HttpServerEnabled": true,
|
||||
"HttpPort": 8042,
|
||||
"HttpDescribeErrors": true,
|
||||
"HttpCompressionEnabled": true,
|
||||
"DicomServerEnabled": true,
|
||||
"DicomAet": "ORTHANC",
|
||||
"DicomCheckCalledAet": false,
|
||||
"DicomPort": 4242,
|
||||
"DefaultEncoding": "Latin1",
|
||||
"DeflatedTransferSyntaxAccepted": true,
|
||||
"JpegTransferSyntaxAccepted": true,
|
||||
"Jpeg2000TransferSyntaxAccepted": true,
|
||||
"JpegLosslessTransferSyntaxAccepted": true,
|
||||
"JpipTransferSyntaxAccepted": true,
|
||||
"Mpeg2TransferSyntaxAccepted": true,
|
||||
"RleTransferSyntaxAccepted": true,
|
||||
"UnknownSopClassAccepted": false,
|
||||
"DicomScpTimeout": 30,
|
||||
|
||||
"RemoteAccessAllowed": true,
|
||||
"SslEnabled": false,
|
||||
"SslCertificate": "certificate.pem",
|
||||
"AuthenticationEnabled": false,
|
||||
"RegisteredUsers": {
|
||||
"test": "test"
|
||||
},
|
||||
"DicomModalities": {},
|
||||
"DicomModalitiesInDatabase": false,
|
||||
"DicomAlwaysAllowEcho": true,
|
||||
"DicomAlwaysAllowStore": true,
|
||||
"DicomCheckModalityHost": false,
|
||||
"DicomScuTimeout": 10,
|
||||
"OrthancPeers": {},
|
||||
"OrthancPeersInDatabase": false,
|
||||
"HttpProxy": "",
|
||||
|
||||
"HttpVerbose": true,
|
||||
|
||||
"HttpTimeout": 10,
|
||||
"HttpsVerifyPeers": true,
|
||||
"HttpsCACertificates": "",
|
||||
"UserMetadata": {},
|
||||
"UserContentType": {},
|
||||
"StableAge": 60,
|
||||
"StrictAetComparison": false,
|
||||
"StoreMD5ForAttachments": true,
|
||||
"LimitFindResults": 0,
|
||||
"LimitFindInstances": 0,
|
||||
"LimitJobs": 10,
|
||||
"LogExportedResources": false,
|
||||
"KeepAlive": true,
|
||||
"TcpNoDelay": true,
|
||||
"HttpThreadsCount": 50,
|
||||
"StoreDicom": true,
|
||||
"DicomAssociationCloseDelay": 5,
|
||||
"QueryRetrieveSize": 10,
|
||||
"CaseSensitivePN": false,
|
||||
"LoadPrivateDictionary": true,
|
||||
"Dictionary": {},
|
||||
"SynchronousCMove": true,
|
||||
"JobsHistorySize": 10,
|
||||
"SaveJobs": true,
|
||||
"OverwriteInstances": false,
|
||||
"MediaArchiveSize": 1,
|
||||
"StorageAccessOnFind": "Always",
|
||||
"MetricsEnabled": true,
|
||||
|
||||
"DicomWeb": {
|
||||
"Enable": true,
|
||||
"Root": "/dicom-web/",
|
||||
"EnableWado": true,
|
||||
"WadoRoot": "/wado",
|
||||
"Host": "127.0.0.1",
|
||||
"Ssl": false,
|
||||
"StowMaxInstances": 10,
|
||||
"StowMaxSize": 10,
|
||||
"QidoCaseSensitive": false
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,47 @@
|
||||
# Reference:
|
||||
# - https://docs.docker.com/compose/compose-file
|
||||
# - https://eclipsesource.com/blogs/2018/01/11/authenticating-reverse-proxy-with-keycloak/
|
||||
|
||||
version: '3.5'
|
||||
|
||||
services:
|
||||
# Exposed server that's handling incoming web requests
|
||||
# Underlying image: openresty/openresty:alpine-fat
|
||||
ohif_viewer:
|
||||
build:
|
||||
# Project root
|
||||
context: ./../../../../
|
||||
# Relative to context
|
||||
dockerfile: ./platform/app/.recipes/OpenResty-Orthanc/dockerfile
|
||||
image: webapp:latest
|
||||
container_name: webapp
|
||||
volumes:
|
||||
# Nginx config
|
||||
- ./config/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
|
||||
# Logs
|
||||
- ./logs/nginx:/var/logs/nginx
|
||||
# Let's Encrypt
|
||||
# - letsencrypt_certificates:/etc/letsencrypt
|
||||
# - letsencrypt_challenges:/var/www/letsencrypt
|
||||
ports:
|
||||
- '443:443' # SSL
|
||||
- '80:80' # Web
|
||||
depends_on:
|
||||
- orthanc
|
||||
restart: on-failure
|
||||
|
||||
# LINK: https://hub.docker.com/r/jodogne/orthanc-plugins/
|
||||
# TODO: Update to use Postgres
|
||||
# https://github.com/mrts/docker-postgresql-multiple-databases
|
||||
orthanc:
|
||||
image: jodogne/orthanc-plugins
|
||||
hostname: orthanc
|
||||
container_name: orthanc
|
||||
volumes:
|
||||
# Config
|
||||
- ./config/orthanc.json:/etc/orthanc/orthanc.json:ro
|
||||
# Persist data
|
||||
- ./volumes/orthanc-db/:/var/lib/orthanc/db/
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '4242:4242' # DIMSE
|
||||
@@ -0,0 +1,79 @@
|
||||
# docker-compose
|
||||
# --------------
|
||||
# This dockerfile is used by the `docker-compose.yml` adjacent file. When
|
||||
# running `docker compose build`, this dockerfile helps build the "webapp" image.
|
||||
# All paths are relative to the `context`, which is the project root directory.
|
||||
#
|
||||
# docker build
|
||||
# --------------
|
||||
# If you would like to use this dockerfile to build and tag an image, make sure
|
||||
# you set the context to the project's root directory:
|
||||
# https://docs.docker.com/engine/reference/commandline/build/
|
||||
#
|
||||
#
|
||||
# SUMMARY
|
||||
# --------------
|
||||
# This dockerfile has two stages:
|
||||
#
|
||||
# 1. Building the React application for production
|
||||
# 2. Setting up our Nginx (OpenResty*) image w/ step one's output
|
||||
#
|
||||
# * OpenResty is functionally identical to Nginx with the addition of Lua out of
|
||||
# the box.
|
||||
|
||||
|
||||
# Stage 1: Build the application
|
||||
FROM node:18.16.1-slim as builder
|
||||
|
||||
RUN mkdir /usr/src/app
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
# Copy all files from the root of the OHIF source and note
|
||||
# that the Docker ignore file at the root (i.e. ./dockerignore) will filter
|
||||
# out files and directories that are not needed.
|
||||
COPY ./ /usr/src/app/
|
||||
|
||||
# For arm builds since parcel doesn't have prebuilt binaries for arm yet
|
||||
RUN apt-get update && apt-get install -y build-essential python3
|
||||
|
||||
|
||||
# ADD . /usr/src/app/
|
||||
RUN yarn config set workspaces-experimental true
|
||||
RUN yarn install
|
||||
|
||||
ENV APP_CONFIG=config/docker_openresty-orthanc.js
|
||||
ENV PATH /usr/src/app/node_modules/.bin:$PATH
|
||||
|
||||
ENV QUICK_BUILD true
|
||||
RUN yarn run build
|
||||
|
||||
# ADD . /usr/src/app/
|
||||
# RUN yarn install
|
||||
# RUN yarn run build:web
|
||||
|
||||
|
||||
# Stage 2: Bundle the built application into a Docker container
|
||||
# which runs openresty (nginx) using Alpine Linux
|
||||
# LINK: https://hub.docker.com/r/openresty/openresty
|
||||
FROM openresty/openresty:1.15.8.1rc1-0-alpine-fat
|
||||
|
||||
RUN mkdir /var/log/nginx
|
||||
RUN apk add --no-cache openssl
|
||||
RUN apk add --no-cache openssl-dev
|
||||
RUN apk add --no-cache git
|
||||
RUN apk add --no-cache gcc
|
||||
# !!!
|
||||
RUN luarocks install lua-resty-openidc
|
||||
|
||||
#
|
||||
RUN luarocks install lua-resty-jwt
|
||||
RUN luarocks install lua-resty-session
|
||||
RUN luarocks install lua-resty-http
|
||||
# !!!
|
||||
RUN luarocks install lua-resty-openidc
|
||||
RUN luarocks install luacrypto
|
||||
|
||||
# Copy build output to image
|
||||
COPY --from=builder /usr/src/app/platform/app/dist /var/www/html
|
||||
|
||||
ENTRYPOINT ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"]
|
||||
2
platform/app/.recipes/deprecated-recipes/OpenResty-Orthanc/volumes/orthanc-db/.gitignore
vendored
Normal file
2
platform/app/.recipes/deprecated-recipes/OpenResty-Orthanc/volumes/orthanc-db/.gitignore
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
*
|
||||
!.gitignore
|
||||
Reference in New Issue
Block a user