https configuration issue

Flavien · August 26, 2019, 2:15pm

Hello everyone,

I’m struggling with the https configuration. Everything is working fine in http. I’ve put the certs.pem and “SslEnabled” to “true” and I got this when I’m trying to launch the server :

$> sudo ./startOrthanc.command --verbose W0826 16:43:51.249237 main.cpp:1436] Orthanc version: 1.5.6 W0826 16:43:51.251611 OrthancConfiguration.cpp:61] Reading the configuration from: "configOSX.json" W0826 16:43:51.293371 main.cpp:700] Loading plugin(s) from: libOsimisWebViewer.dylib W0826 16:43:51.322463 PluginsManager.cpp:269] Registering plugin 'osimis-web-viewer' (version 1.2.0.0-0d4bfbd5) W0826 16:43:51.322524 PluginsManager.cpp:168] Initializing the Web viewer W0826 16:43:51.322880 PluginsManager.cpp:168] Using GDCM instead of the DICOM decoder that is built in Orthanc W0826 16:43:51.322981 OrthancInitialization.cpp:301] SQLite index directory: "OrthancStorage" W0826 16:43:51.323984 OrthancInitialization.cpp:376] Storage directory: "OrthancStorage" W0826 16:43:51.325047 HttpClient.cpp:744] HTTPS will use the CA certificates from this file: /etc/letsencrypt/live/orthanc.nutriomics.org/ W0826 16:43:51.325653 LuaContext.cpp:103] Lua says: Lua toolbox installed W0826 16:43:51.325969 LuaContext.cpp:103] Lua says: Lua toolbox installed W0826 16:43:51.326025 ServerContext.cpp:316] Disk compression is disabled W0826 16:43:51.326051 ServerIndex.cpp:1613] No limit on the number of stored patients W0826 16:43:51.326067 ServerIndex.cpp:1630] No limit on the size of the storage area W0826 16:43:51.326420 ServerContext.cpp:168] Reloading the jobs from the last execution of Orthanc W0826 16:43:51.328288 JobsEngine.cpp:283] The jobs engine has started with 2 threads W0826 16:43:51.328620 main.cpp:932] DICOM server listening with AET ORTHANC on port: 4242 W0826 16:43:51.328670 HttpServer.cpp:1155] HTTP compression is enabled W0826 16:43:51.328716 main.cpp:848] The HTTP port is privileged (443 is below 1024), make sure you run Orthanc as root/administrator W0826 16:43:52.406678 main.cpp:948] DICOM server has stopped E0826 16:43:52.406781 ServerContext.cpp:269] INTERNAL ERROR: ServerContext::Stop() should be invoked manually to avoid mess in the destruction order! W0826 16:43:52.575689 JobsEngine.cpp:324] The jobs engine has stopped W0826 16:43:52.848081 PluginsManager.cpp:219] Unregistering plugin 'osimis-web-viewer' (version 1.2.0.0-0d4bfbd5) W0826 16:43:52.848130 PluginsManager.cpp:168] Finalizing the Web viewer E0826 16:43:53.043523 main.cpp:1462] Uncaught exception, stopping now: [The TCP port of the HTTP server is privileged or already in use] (code 2003) W0826 16:43:53.043999 main.cpp:1495] Orthanc has stopped

I’m sure nothing is running on port 443, the only hint I got is this line :

E0826 16:41:08.595596 ServerContext.cpp:269] INTERNAL ERROR: ServerContext::Stop() should be invoked manually to avoid mess in the destruction order!

But I don’t understand this error, did I use the --verbose correctly ?

Thanks for your help, kind regards,
Flavien Jacques

configOSX_copy.txt (10.2 KB)

jodogne · August 26, 2019, 3:54pm

Hello,

The error about “ServerContext::Stop()” can be safely ignored.

Your issue is the following:

0826 16:43:51.328716 main.cpp:848] The HTTP port is privileged (443 is below 1024), make sure you run Orthanc as root/administrator
E0826 16:43:53.043523 main.cpp:1462] Uncaught exception, stopping now: [The TCP port of the HTTP server is privileged or already in use] (code 2003)

As written in the log, either you are not running Orthanc using an administrator account on your OS X computer, or the TCP port 443 is already in use (make sure to turn off your Web servers such as Apache or nginx).

HTH,
Sébastien-

Flavien · August 27, 2019, 7:51am

Hi,

Thanks for your answer !

The problem is that I’m running Orthanc as an administrator : my command is $> sudo ./startOrthanc.command --verbose

And nothing is running on 443 : first because $> sudo lsof -i tcp:443 returns nothing and second because without the sslenabled everything is working perfectly.

Am I missing something ?

Kind regards,

jodogne · August 27, 2019, 8:26am

Hi,

First of all, in order to uncouple issues, please give another try using a non-administrative TCP port (i.e. let “HttpPort” at its default value of “8042”), and without using sudo. Does it start?

Sébastien-

Flavien · August 27, 2019, 8:33am

Thanks for your help. It doesn’t start :

$> ./startOrthanc.command W0827 11:09:34.011789 main.cpp:1436] Orthanc version: 1.5.6 W0827 11:09:34.013978 OrthancConfiguration.cpp:61] Reading the configuration from: "configOSX.json" W0827 11:09:34.053593 main.cpp:700] Loading plugin(s) from: libOsimisWebViewer.dylib W0827 11:09:34.074781 PluginsManager.cpp:269] Registering plugin 'osimis-web-viewer' (version 1.2.0.0-0d4bfbd5) W0827 11:09:34.074840 PluginsManager.cpp:168] Initializing the Web viewer W0827 11:09:34.075181 PluginsManager.cpp:168] Using GDCM instead of the DICOM decoder that is built in Orthanc W0827 11:09:34.075276 OrthancInitialization.cpp:301] SQLite index directory: "OrthancStorage" W0827 11:09:34.076258 OrthancInitialization.cpp:376] Storage directory: "OrthancStorage" W0827 11:09:34.077250 HttpClient.cpp:744] HTTPS will use the CA certificates from this file: /etc/letsencrypt/live/orthanc.nutriomics.org/ W0827 11:09:34.077846 LuaContext.cpp:103] Lua says: Lua toolbox installed W0827 11:09:34.078163 LuaContext.cpp:103] Lua says: Lua toolbox installed W0827 11:09:34.078218 ServerContext.cpp:316] Disk compression is disabled W0827 11:09:34.078243 ServerIndex.cpp:1613] No limit on the number of stored patients W0827 11:09:34.078260 ServerIndex.cpp:1630] No limit on the size of the storage area W0827 11:09:34.078594 ServerContext.cpp:168] Reloading the jobs from the last execution of Orthanc W0827 11:09:34.080512 JobsEngine.cpp:283] The jobs engine has started with 2 threads W0827 11:09:34.080834 main.cpp:932] DICOM server listening with AET ORTHANC on port: 4242 W0827 11:09:34.080879 HttpServer.cpp:1155] HTTP compression is enabled W0827 11:09:35.121688 main.cpp:948] DICOM server has stopped E0827 11:09:35.121788 ServerContext.cpp:269] INTERNAL ERROR: ServerContext::Stop() should be invoked manually to avoid mess in the destruction order! W0827 11:09:35.290631 JobsEngine.cpp:324] The jobs engine has stopped W0827 11:09:35.584717 PluginsManager.cpp:219] Unregistering plugin 'osimis-web-viewer' (version 1.2.0.0-0d4bfbd5) W0827 11:09:35.584767 PluginsManager.cpp:168] Finalizing the Web viewer E0827 11:09:35.762666 main.cpp:1462] Uncaught exception, stopping now: [The TCP port of the HTTP server is privileged or already in use] (code 2003) W0827 11:09:35.763134 main.cpp:1495] Orthanc has stopped

Could it be linked to the System Integrity Protection of MacOS ?

jodogne · August 27, 2019, 8:42am

Thanks for your help. It doesn’t start : […]

Could it be linked to the System Integrity Protection of MacOS ?

I don’t know, I only use GNU/Linux.

I can’t provide any further guidance by myself right now, as I don’t have access to a OS X computer.

You’ll have to wait for feedback of other users of Orthanc on OS X. In the meantime, make sure to read the Orthanc Book:
https://book.orthanc-server.com/faq/https.html#built-in-encryption

Sorry,
Sébastien-

seandoyle · August 27, 2019, 11:21am

In a terminal window - could you enter

lsof -i | grep LISTEN

on your Mac to see if there are other processes on that port?

On my machine I’m running Orthanc in a docker container - so the 8042 and 4242 ports are labeled as being controlled by docker:

com.docke 2247 SWD0 43u IPv6 0xedf3833b0e9ff633 0t0 TCP *:8042 (LISTEN)

com.docke 2247 SWD0 46u IPv6 0xedf3833b0e9ffbf3 0t0 TCP *:4242 (LISTEN)

Also - I don’t know what errors would show up if you had the firewall enabled (see System Preferences in ‘Security and Privacy’). If it’s on you might try turning it off temporarily to see if this permits the server to start.

Flavien · August 27, 2019, 1:17pm

Thanks for your concern. My firewall is off.

$> sudo lsof -i | grep LISTEN
launchd 1 root 42u IPv6 0xe1195480cd075ff1 0t0 TCP *:ftp (LISTEN)
launchd 1 root 43u IPv4 0xe1195480cd079059 0t0 TCP *:ftp (LISTEN)
launchd 1 root 45u IPv6 0xe1195480cd075ff1 0t0 TCP *:ftp (LISTEN)
launchd 1 root 46u IPv4 0xe1195480cd079059 0t0 TCP *:ftp (LISTEN)
launchd 1 root 48u IPv6 0xe1195480cd075ab1 0t0 TCP *:ssh (LISTEN)
launchd 1 root 49u IPv4 0xe1195480cd079951 0t0 TCP *:ssh (LISTEN)
launchd 1 root 50u IPv6 0xe1195480cd075ab1 0t0 TCP *:ssh (LISTEN)
launchd 1 root 51u IPv4 0xe1195480cd079951 0t0 TCP *:ssh (LISTEN)
cupsd 263 root 10u IPv6 0xe1195480cd076531 0t0 TCP *:ipp (LISTEN)
cupsd 263 root 11u IPv4 0xe1195480cd078761 0t0 TCP *:ipp (LISTEN)
TeamViewe 678 root 8u IPv4 0xe1195480d4179761 0t0 TCP localhost:5954 (LISTEN)

When Orthanc without the sslenabled is launched it’s also listed like this :

Orthanc 6170 root 7u IPv4 0xe1195480d557b059 0t0 TCP *:4242 (LISTEN)
Orthanc 6170 root 8u IPv4 0xe1195480d557d439 0t0 TCP *:http (LISTEN)