How can a FIJI client connect to orthanc server via https?

I am trying to roll out FIJI against an orthanc server running behind an apache httpd reverse proxy using SSL/https. Unfortunately, I found no documentation on this. A test configuration in my home office network worked fine, but now I cannot get things running on the production system.
There is detailed documentation on FIJI with PET/CT plug-in, but connecting orthanc behind https is not covered.

I teach nuclear medicine to medical students at the University of Bergen. I make it a point that EVERY student has to navigate and read 5 PET/CT studies using a diagnostic client/server system as mandatory learning activity. Unfortunately, due to the COVID-19 pandemic, my students are locked out from the teaching facilities on the hospital campus including the hospital network and have to study from home. This means that I have to roll out an independent client server system in the university network, which is why I hit upon FIJI with PET/CT and nuclear medicine plugins in combination with an orthanc server.

The server https://nukit.uib.no is behind the university’s firewall; students need to log in via VPN to connect to the server.

I run orthanc-server as a docker container under Debian behind apache2 httpd as a reverse proxy:

docker run -p 4242:4242 -p 8042:8042 --name=‘MBOrthanc’ --rm -v /etc/orthanc/orthanc.json:/etc/orthanc/orthanc.json:ro -v /var/www/orthanc-db:/var/lib/orthanc/db jodogne/orthanc

Before asking my university to roll out a Linux server for me, I had tested the whole setup in the local network at my home office using self-signed certificates for SSL.

The problem is, I can no longer connect to the orthanc-server using Fiji’s menu “import/Read BI Studies…” since migrating my server solution to the university network. The orthanc’s web interface works fine under the above named address: No certificate errors, I can upload DICOM files and browse their contents.
The issue is the Fiji/Read BI study… client.

On the Setup page I typed in the following parameters:

ODBC Name: ORTHANC@nukit.uib.no:443
user & password as specified in my local orthanc.json
Data path: https://nukit.uib.no
Server type = orthanc

This configuration works perfectly well at home when I redirect the setup to my local server via an entry in my C:\Windows\System32\drivers\etc\hosts file. (I admit that I had found no documentation on this configuration; I just tried things out and I was (un)lucky enough that it worked.)

Against the real server, it fails.

I get the following java error:
java.net.ConnectException: Connection refused: connect
I substituted the URLs with the server’s IP4-address to exclude that there is a routing problem. I checked local and server firewalls and turned them on or off - no effect.

When I use port tunneling with ssh (local port 18042 routed to nukit.uib.no:8042; 14242 to 4242 - the orthanc-server ports behind the apache 2 reverse proxy) i can connect with the following settings:

ODBC Name: ORTHANC@localhost:14242
user & password as specified in my local orthanc.json
Data path: http://localhost:18042
Server type = orthanc
Everything works and I can look at PET/CT images using FIJI with PET/CT plugin.

What is the correct way of setting up FIJI to an orthanc server fortified with https? Or is this setup not supported yet?

It looks like you have seen this Orthanc documentation
https://book.orthanc-server.com/faq/https.html#https-builtin

In what we have checked on Orthanc, the emphasis has been on anonymized studies, in which case it is less important that studies leak out. There is user name, password that offers some protection but it isn’t the same level as https.

At Beth Israel the physicians would work on actual patient data from behind the hospital fire wall. They could work from anywhere, but it was the hospital fire wall which was giving the protection and the data was not exposed to the outside world.

There is another Orthanc Client available in Fiji (http://petctviewer.org/images/Orthanc_Tools_Documentation.pdf)

It support Https protocol as well.

@biermam had another problem that we solved in private.

I already have a client server system running inside the hospital network [1]. The problem is that my students are locked out during the pandemic. I needed a solution that can be run inside the university network behind the university’s firewall (with VPN access for the students). Since the system is outside the hospital, https/SSL is essential.

Reference
Gulati, Ankush; Schwarzlmüller, Thomas; du Plessis, Elsa; Softeland, Eirik; Gray Jr, Robert; Biermann, Martin. 2019. Evaluation of a new e-learning framework for teaching nuclear medicine and radiology to undergraduate medical students. Acta radiologica open. 8: 1-6. doi: 10.1177/2058460119860231

Dear Salim,
Thanks a lot for helping me setting up a safe client server system for teaching my students under the pandemic.
The take home messages from your feedback were:

  1. Fiji with PET/CT viewer plugin supports https for connection with an orthanc server.
  2. To connect via https, one has to use your “Orthanc Tools” plugin, NOT Menu “Import/Read BI Studies…”. The correct connection parameters are (all without “”):

Server address = “https://nukit.uib.no
port = “443” (can be left empty)
username and password as on the https reverse proxy or within orthanc

  1. The setup of our production server was correct; there was just a minor bug in the Orthanc Tools plugin (the client connected despite the error message to the contrary), which you already fixed.
    (The setup of my original test server was incorrect.)

Thanks a lot for your help!

I have a supplementary question to you, Salim.
I was trying to set up the apache2 httpd reverse proxy so that it would reroute a folder to the orthanc application server:
e.g.

https://myservername/orthanc

should be routed to localhost:4242.
This worked on the orthanc web interface in a web browser, but I got a “no connection” error from Orthanc Tools within Fiji. Is this a feature that is not yet supported by Orthanc Tools? The reason I request this feature is that it would allow me to have static pages with documentation for the students on the same server.