Created by James Hurrell, last modified on Jan 09, 2023

Edit nginx.conf

CAST Imaging front end runs by default on port 80 in ≤ 2.0.0-beta5 or port 8083 (or the first free port available after 8083) in ≥ 2.0.0-beta6. To reconfigure the service to run over a secure connection (for example port 443), edit the following file:

Microsoft Windows traditional installer:
%APPDATA%\CAST\ImagingSystem\nginx\nginx.conf
    
Docker Installer extension (located in the folder created when unzipping the extension):
server\nginx\conf\nginx.conf

Microsoft Windows via traditional installer

This file is located in the protected %APPDATA% location, therefore you must open the file with elevated permission (this is usually achieved by right clicking your text editor in the Windows start menu and selecting Run as administrator):

Linux

You may need to use elevated permissions to edit this file (for example use sudo).

Locate the "server {" block:

server {

	# Running port
	listen 8083;

Add/modify as follows - using settings to suit your environment:

server {

	# Running port
    listen              443 ssl;
    server_name         imaging.company.com;
    ssl_certificate     path/to/file.crt;
    ssl_certificate_key path/to/file.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...

Save the file and ensure that you restart the CAST Imaging System - imaging-fe Windows service or the nginx Docker container in order for the new configuration to be taken into account. 

  • You can find out more information here: http://nginx.org/en/docs/http/configuring_https_servers.html
  • If you are configuring a secure connection using self-signed certificates as opposed to trusted certificates, you must ensure that any workstations which will be accessing CAST Imaging also have the self-signed certificates installed on them. If they do not, the browser will display a warning to state that the connection is insecure.

Dealing with encrypted SSL keys

You can tell an SSL key is encrypted if you open the key using a text editor and either:

  • the first line says BEGIN ENCRYPTED PRIVATE KEY; or
  • one of the next lines says Proc-Type: 4,ENCRYPTED

If your organization is using encrypted SSL keys (this is unusual but does occur), the Nginx web server used by the CAST Imaging front end does not know how to deal with them and therefore the SSL configuration will not function as intended. In this situation there are two choices:

Convert the key

If you do not need to use an encrypted you can convert it to unencrypted using openssl via the following command (see https://serverpilot.io/docs/how-to-fix-an-encrypted-ssl-private-key/) - replace ssl.key.encrypted with the path and name of your own SSL key:

openssl rsa -in ssl.key.encrypted -out ssl.key.decrypted

Use the ssl_password_file parameter

If you must use an encrypted key, then you can make use of the Nginx ssl_password_file parameter to define a path to a file containing the passcode for the encrypted key, for example, where the file global.pass contains the passcode:

server {

	# Running port
    listen              443 ssl;
    server_name         imaging.company.com;
    ssl_certificate     path/to/file.crt;
    ssl_certificate_key path/to/file.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
	ssl_password_file   path/to/global.pass;
    ...

Edit imagingetl.bat or etl/app.config - 2.8.0-funcrel only

This step is required in CAST Imaging 2.8.0-funcrel only (not required in subsequent or previous releases). Please read below and ensure you perform any required actions.

Edit the following file:

Microsoft Windows traditional installer:
%APPDATA%\CAST\ImagingSystem\imagingservice\imagingetl.bat
    
Docker Installer extension (located in the folder created when unzipping the extension):
etl/app.config

In this file, locate the following line:

Microsoft Windows traditional installer:
-HTTP_ENDPOINT="http://localhost:8083/imaging"

Docker Installer extension (located in the folder created when unzipping the extension):
"HTTP_ENDPOINT": "http://localhost:8083/imaging"

Change the URL (https/port) to match the changes you have made in the nginx.conf file. Save the file and ensure that you restart the CAST Imaging System - imaging-ETL Windows service or the etl Docker container in order for the new configuration to be taken into account.