In the configuration file, there’s an option
DicomCheckModalityHost which checks the address of the remote modality that’s initiating a DICOM connection.
But what if the modality is in a network without a static IP? What are the options? Should I use a reverse proxy service? Can you suggest one?
Thanks in advance.
I’m not very familiar with this option but, if you use hostnames instead of IP addresses, this might work. Please report the results of your tests.
I’m using Horos to test the connection. In Listener configuration, I can set the AET, Port, IP and Hostname. But IP and Hostname are related to my local environment, not worldwide.
I did some tests and Orthanc is not allowing the request. Perhaps I need to setup a DNS so that I can have a host related to an IP?
That, or if you have control of DHCP, you can reserve an IP for your Horos server so it gets the same address all the time.
I’m thinking about https://www.noip.com, but I’m not sure if it will work well.
I was able to setup NoIP and get a static hostname.
But still Orthanc looks for the IP of the incoming request, not the hostname
W0222 20:19:13.469939 OrthancConfiguration.cpp:723] Forbidding access from AET “MyAET” given its hostname (xxxxxxxxxxxx) does not match the “DicomModalities” configuration option (xxxxxxxxxxxx.net was expected)
W0222 20:19:13.469979 CommandDispatcher.cpp:669] Rejected association for remote AET tregis on IP xxxxxxxxxxxx
I changed the IP and Hostname to xxxxxxxxxxx.
The DICOM network protocol should only by used in Intranet scenarios.
To exchange images worldwide (i.e. over Internet), use DICOMweb or Orthanc peers over HTTPS.
If you want more control over DICOM associations (such as calling an external script of your own to determine whether some allowed hostname maps to the IP address of the DICOM SCU - client), modify the class “OrthancApplicationEntityFilter” in the source code of Orthanc:
I’m sorry, Sebastien. But can you explain why I should not use DICOM protocol over the internet? Is not this a well known, secure and validated protocol?
Besides, is there a method to update peers via webservice as we are able to do for Modalities?
Thanks in advance.
DICOM is only secure with the TLS implementation of DICOM which Orthanc currently does not support. Peering is the secure method you should do over HTTPS with Orthanc. You can do anything you need to over Peering as DICOM, and more honestly. You can also use domain names no problem. It is also recommended to use a proxy and extra layer of security. I myself use Apache proxy along with certificate based authentication.
Forum Post: https://groups.google.com/forum/#!msg/orthanc-users/8qh_OjDjSck/P2U3UHyDAgAJ
HTTPS Encryption with Orthanc: http://book.orthanc-server.com/faq/https.html
Is it possible to dynamically add Peers or Servers (in DICOM Web) as I am able to do with Modalities?
Yes, you can GET/PUT on /dicom-web/servers as you do for the DicomModalities (or for Orthanc peers - http://book.orthanc-server.com/users/rest.html?highlight=rest#sending-resources-to-remote-orthanc-over-http-https-through-orthanc-peering). However, dicom-web servers can not be saved in database and the only way to edit them persistently is to edit the configuration file and relaunch orthanc.
The directive “OrthancPeersInDatabase” may work for me.
This is a follow-up to this old thread.
I have just added a new configuration option “ServersInDatabase” in the “DicomWeb” section:
If this option is set to “true”, the DICOMweb servers will be read/written from/into the Orthanc database (inside a global property). Additional information is available in the Orthanc Book:
This feature is pending in the mainline of the DICOMweb plugin, and will be available in forthcoming release 1.5 of the plugin.