diff --git a/sources/nginx/Dockerfile.orthanc-nginx-cerbot b/sources/nginx/Dockerfile.orthanc-nginx-cerbot new file mode 100644 index 0000000..fad2588 --- /dev/null +++ b/sources/nginx/Dockerfile.orthanc-nginx-cerbot @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL +# +# SPDX-License-Identifier: CC0-1.0 + +FROM jonasal/nginx-certbot + +RUN mkdir /etc/nginx/enabled-reverse-proxies +RUN mkdir /scripts-ot + +ADD nginx/reverse-proxy.* /etc/nginx/disabled-reverse-proxies/ + +ADD nginx/orthanc-nginx-https-certbot.conf /etc/nginx/user_conf.d/ + +COPY nginx/copy-conf-files.sh /scripts-ot/ + +RUN ls -al /etc/nginx/disabled-reverse-proxies/ + +CMD ["/bin/bash", "-c", "/scripts-ot/copy-conf-files.sh && /scripts/start_nginx_certbot.sh" ] diff --git a/sources/nginx/copy-conf-files.sh b/sources/nginx/copy-conf-files.sh new file mode 100755 index 0000000..e6c668d --- /dev/null +++ b/sources/nginx/copy-conf-files.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL +# +# SPDX-License-Identifier: CC0-1.0 + +# set -o xtrace +set -o errexit + +enableOrthanc="${ENABLE_ORTHANC:-false}" +enableOrthancForApi="${ENABLE_ORTHANC_FOR_API:-false}" +enableOrthancForShares="${ENABLE_ORTHANC_FOR_SHARES:-false}" +enableKeycloak="${ENABLE_KEYCLOAK:-false}" +enableOrthancTokenService="${ENABLE_ORTHANC_TOKEN_SERVICE:-false}" +enableOhif="${ENABLE_OHIF:-false}" +enableMedDream="${ENABLE_MEDDREAM:-false}" + +ls -al /etc/nginx/disabled-reverse-proxies/ + +if [[ $enableOrthanc == "true" ]]; then + echo "ENABLE_ORTHANC is true -> enable /orthanc/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.orthanc.conf /etc/nginx/enabled-reverse-proxies/ +fi + +if [[ $enableOrthancForApi == "true" ]]; then + echo "ENABLE_ORTHANC_FOR_API is true -> enable /orthanc-api/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.orthanc-api.conf /etc/nginx/enabled-reverse-proxies/ +fi + +if [[ $enableOrthancForShares == "true" ]]; then + echo "ENABLE_ORTHANC_FOR_SHARES is true -> enable /shares/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.shares.conf /etc/nginx/enabled-reverse-proxies/ +fi + +if [[ $enableKeycloak == "true" ]]; then + echo "ENABLE_KEYCLOAK is true -> enable /keycloak/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.keycloak-https.conf /etc/nginx/enabled-reverse-proxies/ +fi + +if [[ $enableOrthancTokenService == "true" ]]; then + echo "ENABLE_ORTHANC_TOKEN_SERVICE is true -> enable /token-service/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.token-service.conf /etc/nginx/enabled-reverse-proxies/ +fi + +if [[ $enableMedDream == "true" ]]; then + echo "ENABLE_MEDDREAM is true -> enable /meddream/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.meddream.conf /etc/nginx/enabled-reverse-proxies/ +fi + +if [[ $enableOhif == "true" ]]; then + echo "ENABLE_OHIF is true -> enable /ohif/ reverse proxy" + cp -f /etc/nginx/disabled-reverse-proxies/reverse-proxy.ohif.conf /etc/nginx/enabled-reverse-proxies/ +fi \ No newline at end of file diff --git a/sources/nginx/orthanc-nginx-https-certbot.conf b/sources/nginx/orthanc-nginx-https-certbot.conf new file mode 100644 index 0000000..d3d9d36 --- /dev/null +++ b/sources/nginx/orthanc-nginx-https-certbot.conf @@ -0,0 +1,42 @@ +# SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL +# +# SPDX-License-Identifier: CC0-1.0 + +server { + + listen 443 ssl; + + server_name orthanc-con-2023.orthanc.team; + + # Load the certificate files. + ssl_certificate /etc/letsencrypt/live/orthanc-con-2023.orthanc.team/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/orthanc-con-2023.orthanc.team/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/orthanc-con-2023.orthanc.team/chain.pem; + + + # To avoid 504 error + proxy_read_timeout 120s; + + # To avoid "too big header... / 502 Bad Gateway" error (inspired from https://www.getpagespeed.com/server-setup/nginx/tuning-proxy_buffer_size-in-nginx) + proxy_buffer_size 32k; + proxy_buffers 64 8k; + proxy_busy_buffers_size 48k; + + # To avoid "414 Request-URI Too Large" whant opening 15(!) studies in OHIF + large_client_header_buffers 8 16k; + + # include all reverse proxies that have been enabled through env var (check docker-entrypoint.sh) + include /etc/nginx/enabled-reverse-proxies/*.conf; +} + +server { + + listen 80 default_server; + + + server_name orthanc-con-2023.orthanc.team; + + + return 301 https://$host$request_uri; + +} \ No newline at end of file