Orthanc won't start with "SslEnabled" : true

[Anat Tal Gagnon]

Hi everyone, 

When I enable SSL on Orthanc version: 1.11.0

Service will not start and error: 

E0703 02:57:41.262924 main.cpp:2063] Uncaught exception, stopping now: [The TCP port of the HTTP server is privileged or already in use] (code 2003)
W0703 02:57:41.262924 main.cpp:2094] Orthanc has stopped

Confirmed that nothing else is using port 8042

plus Orthanc working great with SslEnabled false.

I saw some old posts that there was a bug that fixed long time ago... so why is it happening on latest version??

Help!

anat

[Anat Tal Gagnon]

PS - The version I installed is latest Windows 64 BIT by Osimis 

[Alain Mazy]

Hi,

I've just tested Orthanc with the attached configuration files and a self-signed certificate.  Started it with this command:

C:\Program Files\Orthanc Server>Orthanc.exe --verbose C:\Users\Alain\Downloads\test-tls-orthanc\orthanc.json

Note that, at that time, my Orthanc running as a Windows Service is stopped -> it works fine.

If my Orthanc Service is running, I get an error stating that the TCP port is already in use (which is expected).

You may also try with another "HttpPort" in your configuration file to check if it helps or not...

HTH,

Alain.

--
You received this message because you are subscribed to the Google Groups "Orthanc Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orthanc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orthanc-users/3327edff-bd80-4839-b1b6-47c076e97c66n%40googlegroups.com.

[BNOEAFK]

Alain,

I'm getting this same error. I'm not doing anything special other than enabling "SslEnabled" from false -> true. I've created the private.key, public.crt and combined.pem files as outlined in The Book. It's as if Orthanc loads up it's HTTP service on the default "HttpPort" of 8042, sees that it's config should be using https and not http, therefore restarts as HTTPS, but doesn't shut down the HTTP port beforehand. I've even changed the HttpPort from 8042 to 8443 and restarted Orthanc to see if it's specific to a port, but I get the error The TCP port of the HTTP server is privileged or already in use:  (port = 8443).

If it helps, I'm using Version 1.10.0, ApiVersion 16 (as shown in the /system endpoint)

Thoughts?

[BNOEAFK]

(this was running under Ubuntu 22.04)

[BNOEAFK]

Using the docker container (version 1.11.0) this works...

[Sébastien Jodogne]

Hello,

I have just run the exact instructions from the Orthanc Book:

https://book.orthanc-server.com/faq/https.html#examples

Everything works properly on Ubuntu 20.04, using the mainline of Orthanc, dynamically linked against the system-wide OpenSSL libraries.

Please share a minimal working example:

https://book.orthanc-server.com/users/support.html#discussing-a-minimal-working-example

Regards,

Sébastien-

[BNOEAFK]

Sebastien,

I hope everything is here. I've completely rebuilt my test VM this morning to get you everything you need:

====================================================================================================================================================

Host : Ubuntu 22.04 / 32GB RAM / 4 coresHost : Ubuntu 22.04 / 32GB RAM / 4 cores

Fresh VirtualBox VM (6.1.38) with 2GB RAM, 2 x CPU, Audio disabled, NAT and bridged NIC
Ubuntu 22.04.1 Live CD
  Fresh install (using new subiquity installer)
 
# install from https://book.orthanc-server.com/users/debian-packages.html
sudo apt update
sudo apt upgrade
sudo apt install -y orthanc orthanc-dicomweb orthanc-gdcm orthanc-imagej orthanc-mysql orthanc-python orthanc-webviewer orthanc-wsi

# configured for authentication
  credentials.json
    "RegisteredUsers" : { "orthanc" : "orthanc" }
  orthanc.json
    "RemoteAccessAllowed" : true
    "AuthenticationEnabled" : true

# create self-signed cert
  openssl version
    OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
  sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./private.key -out ./public.crt
  sudo su
  cat private.key public.crt > combined.pem
  exit
 
# enable orthanc https
  orthanc.json
    "SslEnabled" : true
    "SslCertificate" : "/etc/orthanc/combined.pem"
  sudo systemctl restart orthanc
  tail -n 20 /var/log/orthanc/Orthanc.log
    W1220 17:26:02.211032 OrthancInitialization.cpp:347] SQLite index directory: "/var/lib/orthanc/db-v6"
    W1220 17:26:02.211144 OrthancInitialization.cpp:446] Storage directory: "/var/lib/orthanc/db-v6"
    W1220 17:26:02.211891 HttpClient.cpp:1177] HTTPS will use the CA certificates from this file: /etc/orthanc
    W1220 17:26:02.212603 LuaContext.cpp:94] Lua says: Lua toolbox installed
    W1220 17:26:02.212851 LuaContext.cpp:94] Lua says: Lua toolbox installed
    W1220 17:26:02.213104 ServerContext.cpp:476] Disk compression is disabled
    W1220 17:26:02.213119 ServerIndex.cpp:380] No limit on the number of stored patients
    W1220 17:26:02.213126 ServerIndex.cpp:400] No limit on the size of the storage area
    W1220 17:26:02.213541 ServerContext.cpp:218] Reloading the jobs from the last execution of Orthanc
    W1220 17:26:02.213644 JobsEngine.cpp:272] The jobs engine has started with 2 threads
    W1220 17:26:02.213963 main.cpp:1271] DICOM server listening with AET ORTHANC on port: 4242
    W1220 17:26:02.213989 HttpServer.cpp:1998] HTTP compression is enabled
    W1220 17:26:02.213999 main.cpp:1031] Remote access is allowed but "AuthenticationEnabled" is not in the configuration, automatically enabling HTTP authentication for security
    W1220 17:26:02.214020 main.cpp:1145] Remote LUA script execution is disabled
    E1220 17:26:02.214269 OrthancException.cpp:58] The TCP port of the HTTP server is privileged or already in use:  (port = 8042)
    W1220 17:26:03.268439 main.cpp:1287]     DICOM server has stopped
    E1220 17:26:03.268580 ServerContext.cpp:429] INTERNAL ERROR: ServerContext::Stop() should be invoked manually to avoid mess in the destruction order!

# disable orthanc https
  orthanc.json
    "SslEnabled" : false
  sudo systemctl restart orthanc
  tail -n 20 /var/log/orthanc/Orthanc.log
    W1220 17:33:44.856773 PluginsManager.cpp:258] Registering plugin 'mysql-storage' (version 4.3)
    W1220 17:33:44.857473 PluginsManager.cpp:157] The MySQL storage area is currently disabled, set "EnableStorage" to "true" in the "MySQL" section of the configuration file of Orthanc
    W1220 17:33:44.858209 PluginsManager.cpp:258] Registering plugin 'wsi' (version 1.1)
    W1220 17:33:44.858256 PluginsManager.cpp:157] The whole-slide imaging plugin will use at most 2 threads to transcode the tiles
    W1220 17:33:44.858321 OrthancInitialization.cpp:347] SQLite index directory: "/var/lib/orthanc/db-v6"
    W1220 17:33:44.858422 OrthancInitialization.cpp:446] Storage directory: "/var/lib/orthanc/db-v6"
    W1220 17:33:44.859019 HttpClient.cpp:1177] HTTPS will use the CA certificates from this file: /etc/orthanc
    W1220 17:33:44.859634 LuaContext.cpp:94] Lua says: Lua toolbox installed
    W1220 17:33:44.859888 LuaContext.cpp:94] Lua says: Lua toolbox installed
    W1220 17:33:44.860152 ServerContext.cpp:476] Disk compression is disabled
    W1220 17:33:44.860166 ServerIndex.cpp:380] No limit on the number of stored patients
    W1220 17:33:44.860173 ServerIndex.cpp:400] No limit on the size of the storage area
    W1220 17:33:44.860588 ServerContext.cpp:218] Reloading the jobs from the last execution of Orthanc
    W1220 17:33:44.860693 JobsEngine.cpp:272] The jobs engine has started with 2 threads
    W1220 17:33:44.861082 main.cpp:1271] DICOM server listening with AET ORTHANC on port: 4242
    W1220 17:33:44.861105 HttpServer.cpp:1998] HTTP compression is enabled
    W1220 17:33:44.861115 main.cpp:1031] Remote access is allowed but "AuthenticationEnabled" is not in the configuration, automatically enabling HTTP authentication for security
    W1220 17:33:44.861127 main.cpp:1145] Remote LUA script execution is disabled
    W1220 17:33:44.862433 HttpServer.cpp:1775] HTTP server listening on port: 8042 (HTTPS encryption is disabled, remote access is allowed)
    W1220 17:33:44.862448 main.cpp:897] Orthanc has started

====================================================================================================================================================

The attached JSON file obviously has the SslEnabled: false setting as I took it from the working version. In production I will be using a FIPS-enabled kernel (and with it an alternative OpenSSL implementation too) but at the moment, I'm just trying to get it working with the default one supplied with Ubuntu.

I can easily provide screenshots too, but I'm not sure that'll give any more information at this point?

[BNOEAFK]

(and the version reported in the log file which wasn't included in the copy is 1.10.0)

[Sébastien Jodogne]

Hello,

I have found the culprit using the "strace" tool.

The embedded Web server of Orthanc (i.e. civetweb) requires "/usr/lib/x86_64-linux-gnu/libcrypto.so" to be present on the system, but this symbolic link is part of the "libssl-dev" package, which is not a dependency of the "orthanc" package:

https://packages.ubuntu.com/jammy/amd64/libssl-dev/filelist

You can simply solve the issue by running:

$ sudo apt install -y libssl-dev

HTH,

Sébastien-

[Sébastien Jodogne]

For further reference, I have just added the dependency in the source code of the Debian package:

https://salsa.debian.org/med-team/orthanc/-/commit/f7caa5d2511188cf23e092a6d48ce712c0d0e607

This modification will be part of future versions of the package.

[BNOEAFK]

Sebastien,

Thanks for working so diligently on this and for finding that little nugget of information.

Merry Christmas to you and the team!