Hi Jyotirmay,
No need for apologies, these are all valid questions, albeit not related to Orthanc: you’ll probably get far better answers on a discussion forum specifically tailored for beginner networking questions, but I’ll do my best (I still advise you to post the same question, for instance on Reddit r/HomeNetworking or r/networking)
Is port forwarding only required in the scenario I first described? (two localhost orthanc servers on different machines which are different networks)
Port forwarding is required when two machines are not on the same network and, for instance, the destination IP to reach Orthanc A is not really the machine it runs on, but a router nearby that owns the IP.
Port forwarding is not always required : for instance, if you use a VPN connection on both Orthanc, then they will belong to the same network and they’ll be able to directly talk to each other. A VPN is interesting in your case because it would provide you with far better security than directly exposing Orthanc on the Internet (HTTPS makes it better, of course, but opening a machine on the public Internet always comes with risks)
If I host an Orthanc server on cloud, how does it work there? Can I do any sort of configuration where a localhost orthanc server can become a peer of this orthanc server on cloud? Is port forwarding something that happens in this scenario as well?
The same occurs when Orthanc is hosted on cloud: depending on the cloud provider, you can either get its public IP, where it’ll be directly reachable (provided the firewall lets you in) or you can configure your cloud firewall/routing parameters so that the right ports are forwarded.
In regards to HTTPS/HTTP, supposing I had a public IP and did the required port forwarding to interact with a remote machine from my machine. The security (SSH or something else) will come after all the required port forwarding right? Essentially, I necessarily need to expose that port for two remote Orthanc peers to be able to communicate, right?
You are correct. Making sure the right ports are exposed on the Internet and protecting them with HTTPS are distinct matters. Both are required. Securing Orthanc with HTTPS is explained here: HTTPS encryption with Orthanc.
If my main Orthanc server is on cloud and i need to interact with it via a localhost orthanc server, how does secure communication work there? I read somewhere that a reverse proxy takes care of all of the encryption but I am not too sure about it.
The same applies: from each Orthanc, there needs to be an IP address (on the public internet or a shared network) where this Orthanc is able to reach the other Orthanc on its HTTP(S) port (usually 8042). The fact that one Orthanc runs in the cloud or in your home network do not make it any different.
Since your ISP does not supply you with a public IP, I would say that your best bet is either to use two cloud machines, either on the internet or a private network.
Another option, if you’re only running a single cloud Orthanc is to use SSH that allows to create a secure “tunnel” to allows for bidirectional communication.
Let’s assume you have home-pc
(not an internet IP) with Orthanc running on port 8042 and cloud-server
(with an internet IP) with Orthanc also running on port 8042. Provided cloud-server
runs sshd
(the SSH server), as all Linux (and some Windows) boxes do, and that you’re able to change its configuration, you can do the following (I am assuming cloud-server
runs Linux and home-pc
runs either Linux or macOS or a recent Windows with an ssh client:
Edit the SSH configuration file on cloud-machine
(/etc/ssh/sshd_config
) and
ensure the following lines are present and uncommented:
AllowTcpForwarding yes
GatewayPorts yes
Restart the SSH service on cloud-machine
:
sudo systemctl restart sshd
Execute the following command on home-pc
:
ssh -L 8043:localhost:8042 -R 8042:localhost:8043 myuser@cloud-server
Once you’ve done that:
-
on home-pc
, the local Orthanc will (obviously) be reachable on localhost:8042
and the cloud Orthanc will be reachable on localhost:8043
(that’s the magic of SSH tunnels)
-
on cloud-server
, the local Orthanc will (also obviously) be reachable on localhost:8042
and the Orthanc running on your home PC will also be reachable on localhost:8043
Set the configuration of both Orthancs accordingly and you should be good to go.
Please note that, if the 8042 ports are not exposed on the Internet (configure the cloud firewall accordingly), you don’t even need HTTPS since all communication will take place inside the secure SSH tunnel.
Hope this helps!