Orthanc demo server explanation

Hello again everyone

I will try to refrase/simplify my original question.

I have a local instance of Orthanc running on a intranet, but would like to publish it to the internet like the demo running at https://demo.orthanc-server.com/app/explorer.html

Therefore I would be very interested in a stepwise explantaion of how this Orthanc instance is running, and especially how it is secured.

And with some additional questions:

  • How would you implement user authentication to this setup? (e.g. 20-30 users)
    • I have thought of either keycloak, Nginx basic authentication or let Orthanc handle it.
  • How do you keep the SSL certificates up to date.
  • Is it more secure to run Orthanc in a containerized environment?
  • What happens if multiple users browse the Orthanc Explorer on the demo website at the same time, can it handle that?

I appreciate any help or clarification.

Best
Jakob

Hi Jackob,

  • How would you implement user authentication to this setup? (e.g. 20-30 users)
    • I have thought of either keycloak, Nginx basic authentication or let Orthanc handle it.
      => Its going to depend to you access criticity. All are possible options.
  • How do you keep the SSL certificates up to date.
    => Better to manage it in a reverse proxy, for example Traefik can get and update a ssl certificate from let’s encrypt.
  • Is it more secure to run Orthanc in a containerized environment?
    => Not so much, at least using container you can safely upgrade your server OS to get the latest security patches without having to worry about side effect in the application layer (which was tricky before the area of containers as the OS upgrade will come with new libraries version that may be uncompatible with the application and then make you to stay on a outdated Operating system version which known security issues).
    But then outside this advantage you have to properly configure you app to be secured, the container is simply a virtual environement to execute you are, if you expose your Orthanc with the default password to the internet, using docker or not, you are far from secured.
  • What happens if multiple users browse the Orthanc Explorer on the demo website at the same time, can it handle that?
    => yes of course it does, it will handle request even concurrent request. I made a test on the DicomWeb API with 10 users requesting 1200 slices on the same time which landed in over 10 000 HTTP request coming at the same time, Orthanc handle it without any problem had a CPU load going from 3% to 40% during few seconds, that’s all.

Best regards,

Salim