-
Notifications
You must be signed in to change notification settings - Fork 20
Deployment of the BPE using Github Registry Images
Before deployment you have to get two certificates from the DFN:
- Server-client certificate type X.509 (DFN profile 802.1X Client). This certificate can be used for server authentication against clients but also as client certificate to authenticate against the local/remote FHIR Enpoints.
Create a deployment folder named bpe_compose and copy the folder dsf-docker-test-setup ▸ bpe into it.
- Add the DFN CA Certificate (full chain needed), the BPE Server Client Certificate and the BPE Server Client Private Key to the folder
bpe_compose ▸ proxy ▸ ssl: - Filenames have to be:
-
ca_certificate.pemfor the ca chain -
certificate.pemfor the server certificate -
private-key.pemfor the server certificate private key
-
- Adapt
app ▸ conf ▸ config.propertieswith a neworg.highmed.dsf.bpe.db.liquibase_user_passwordandorg.highmed.dsf.bpe.db.server_user_password - Add the
org.highmed.dsf.bpe.db.liquibase_user_passwordtodb ▸ conf ▸ postgress_password
-
Create a .p12 keystore containing the local Business Process Engine certificate using
openssl pkcs12 -export -out [store.p12] -inkey [private-key.pem] -in [certificate.pem] -certfile [ca-chain.pem]and move it into bpe_compose ▸ app ▸ confWATCH OUT: If the application runs on a machine behind a proxy using TLS Inspection, authentication based on client certificates will not work. TLS Inspection has to be turned off. -
Adapt the following settings in the file
app ▸ conf ▸ config.properties:-
org.highmed.dsf.bpe.fhir.local.webservice.baseUrlfor the FHIR webservice interface -
org.highmed.dsf.bpe.fhir.local.websocket.urlfor the FHIR websocket interface -
keystore.p12fileand thekeystore.passwordfor both,org.highmed.dsf.bpe.fhir.local.webserviceandorg.highmed.dsf.bpe.fhir.local.websocket -
org.highmed.dsf.bpe.db.camunda_user_passwordwith a new password -
org.highmed.dsf.bpe.fhir.organization.identifier.localValuewith the MeDIC identifier
-
-
If outgoing connections use a proxy, additionally uncomment and change the settings:
-
org.highmed.dsf.bpe.fhir.remote.webservice.proxy.schemeHostPortwith the proxy protocol, url and port org.highmed.dsf.bpe.fhir.remote.webservice.proxy.proxy.usernameorg.highmed.dsf.bpe.fhir.remote.webservice.proxy.proxy.password
-
-
For connection to the openEHR repository, change the following settings:
org.highmed.dsf.bpe.openehr.webservice.baseUrlorg.highmed.dsf.bpe.openehr.webservice.basicAuthUsernameorg.highmed.dsf.bpe.openehr.webservice.basicAuthPassword
-
The MPI client can be selected by changing the setting
org.highmed.dsf.bpe.mpi.webservice.factory.class, currently supported clients are:org.highmed.mpi.client.pdq.MasterPatientIndexClientPdqFactory
-
Settings of the Jetty application server can be changed in the file
app ▸ conf ▸ jetty.properties -
If there are additional processes to be deployed, drop them packaged as jar in the folder
app ▸ plugin -
Make sure volumes can be accessed. The Application is run by a user with uid==gid==2202. That means that this user has to be able to read the conf and plugin folder and to read+write+execute the log folder.
Adapt the file docker-compose.yml:
- Adapt the entry
HTTPS_SERVER_NAME_PORTwith the permanent redirect url for https (:) - If the BPE is located on its own machine without the FHIR Endpoint:
- Remove the network entries with the name
fhir_bpe - Adapt the ports to of the entry
proxy ▸ portsto80:80and443:443
- Remove the network entries with the name
- Replace the entry of
services ▸ proxy ▸ imagewithdocker.pkg.github.com/highmed/highmed-dsf/bpe_proxy:latest - Replace the entry of
services ▸ app ▸ imagewithdocker.pkg.github.com/highmed/highmed-dsf/bpe:latest
Adapt the file docker-compose.prod.yml:
- If you need additional entries in the file
/etc/hosts(e.g. if the external access ip/domain-name mapping for the local FHIR server is different then the internal network ip/domain-name mapping) add them to the fieldextra_hosts
Run docker-compose -f docker-compose.yml -f docker-compose.prod.yml up