How to install dcm4chee-arc-light Secure DICOM Server with Docker & Keycloack

Here is a video guide which shows how to install the secure version of DCM4CHEE DICOM archive on docker engine in an ubuntu linux environment.

It follows the instructions here:

Steps for installation:

1. make sure you have Ubuntu installed
2. install docker engine as seen on video
3. make sure your hostname is for the ubuntu machine is discoverable on your local network
4. Prepare the docker-compose.yml file with your hostname
5. do the installation with docker compose -p dcm4chee up -d

Access keycloack
https://:8843/admin/dcm4che/console
Sign in with User/Password root/changeit

Access DCM4CHEE UI
https://:8443/dcm4chee-arc/ui2
Sign in with User/Password root/changeit

If you want to continue the discussion on the installation of dcm4chee shown please comment and share your thoughts and questions here in the community.

I found and intereseting article on creating certificates and installing with them and even doing some validations. Didn’t test the procedures but did look helpful so just linking it here that others can find it as well.

https://medium.com/@praveen.valaboju1/dcm4chee-dicom-tls-setup-a-devops-guide-to-secure-pacs-with-bcp-195-compliance-50882159da0b

It even says at the end:
" By following these steps, you now have a production-ready DCM4Chee deployment with full DICOM BCP 195 compliance. Key points:"

Can you do an installation of secure archive on windows 11?

Hi @mario_murithi and welcome,

this one is for installation on windows with docker desktop.
It’s not the secured version but if you just use the secured version compose I think it should be easy to install.

Hi John thank you for your response, I watched this and did the installation on windows 11, but now i wanted to intsall the secure version

I was looking into the OHIF documentation and they have a tutorial video on how to setup OHIF and dcm4chee with both being behind keycloack here:

It seems they use these recipies which have the docker compose files included

Personally would have prefered everything being ready built images but it seems for OHIF the y include a dockerfile and it’s being built on the fly.

Another way of adding ohif would be to just use the docker compose provided by dcm4chee wiki and just add the ohif container into that compose with something like:

  ohif:
    image: ohif/app:latest  # Or pin a version, e.g., ohif/app:v3.8.0
    ports:
      - "3000:80"  # Access OHIF at http://<docker-host>:3000
    volumes:
      - ./app-config.js:/usr/share/nginx/html/app-config.js:ro  # Your custom config file
    depends_on:
      - arc
      - keycloak
    logging:
      driver: json-file
      options:
        max-size: "10m"

and then in the app-config.js give something like this where the oidc part integrates to the keycloack. The Authorization and Authentication | OHIF page provides some context around the oidc parameter. You would still need to create the client_id in keycloack.

window.config = {
  routerBasename: '/',
  showStudyList: true,
  dataSources: [
    {
      friendlyName: 'DCM4CHEE Secure',
      namespace: '@ohif/extension-default.dataSourcesModule.dicomweb',
      sourceName: 'dicomweb',
      configuration: {
        name: 'DCM4CHEE',
        wadoUriRoot: 'https://<docker-host>:8443/dcm4chee-arc/aets/DCM4CHEE/wado',
        qidoRoot: 'https://<docker-host>:8443/dcm4chee-arc/aets/DCM4CHEE/rs',
        wadoRoot: 'https://<docker-host>:8443/dcm4chee-arc/aets/DCM4CHEE/rs',
        qidoSupportsIncludeField: false,
        imageRendering: 'wadors',
        thumbnailRendering: 'wadors',
        supportsWildcard: true,
      },
    },
  ],
  defaultDataSourceName: 'dicomweb',
  oidc: [{
    authority: 'https://<docker-host>:8843/realms/dcm4che',
    client_id: 'ohif-viewer',
    redirect_uri: 'http://<docker-host>:3000/callback',  // Use https if you add TLS to OHIF later
    response_type: 'code',
    scope: 'openid profile email',
  }],
};

The final missing piece would be use nginx for https since oidc will not work if use ohif via http.