openSRPDocker/docker-compose.yml at main · SatatTech/openSRPDocker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Use postgres/example user/password credentials
version: '3.3'

services:

  db:
    image: postgres:14
    restart: always
    # set shared memory limit when using docker-compose
    # shm_size: 128mb
    # or set shared memory limit when deploy via swarm stack
    #volumes:
    #  - type: tmpfs
    #    target: /dev/shm
    #    tmpfs:
    #      size: 134217728 # 128*2^20 bytes = 128Mb
    environment:
      POSTGRES_PASSWORD: admin
      POSTGRES_USER: admin
      POSTGRES_DB: hapi
    volumes:
      - ./hapi.postgress.data:/var/lib/postgresql/data

  fhir:
    container_name: fhir
    #image: "hapiproject/hapi:v6.1.0"
    image: "hapiproject/hapi:latest"
    ports:
      - "8099:8080"
    volumes:
      - ./hapi.application.yaml:/app/config/application.yaml
    #configs:
    #  - source: hapi
    #    target: /app/config/application.yaml
    depends_on:
      - db

  keyclock:
    container_name: keyclock
    image: "quay.io/keycloak/keycloak:22.0.5"
    ports:
      - "8090:8080"
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
    command: start-dev

  # fhir-web:
  #   image: opensrp/web:v3.1.3
  #   #ports:
  #   #  - '3000:3000'
  #   network_mode: "host"
  #   volumes:
  #     # volume with React front-end environment variables
  #     - ./config.js.tpl:/etc/confd/templates/config.js.tmpl
  #   environment:
  #     # optional overrides
  #     - 'NODE_ENV=production' # 'NODE_ENV=development' if fhir-web-base-url === http://localhost:3000
  #     - 'EXPRESS_ALLOW_TOKEN_RENEWAL=true'
  #     - 'EXPRESS_OPENSRP_LOGOUT_URL=null'
  #     - 'EXPRESS_REACT_BUILD_PATH=/usr/src/web'

  #     # keycloak
  #     - 'EXPRESS_OPENSRP_CLIENT_ID=fhapi-web'
  #     - 'EXPRESS_OPENSRP_CLIENT_SECRET=JrzyxEYDkRfx4PPbEM90wYnIbDrEODPh'
  #     - 'EXPRESS_OPENSRP_ACCESS_TOKEN_URL=http://localhost:8090/realms/fhapi/protocol/openid-connect/token'
  #     - 'EXPRESS_OPENSRP_AUTHORIZATION_URL=http://localhost:8090/realms/fhapi/protocol/openid-connect/auth'
  #     - 'EXPRESS_KEYCLOAK_LOGOUT_URL=http://localhost:8090/realms/fhapi/protocol/openid-connect/logout'
  #     - 'EXPRESS_OPENSRP_USER_URL=http://localhost:8090/realms/fhapi/protocol/openid-connect/userinfo'

  #     # fhir web
  #     - 'EXPRESS_OPENSRP_CALLBACK_URL=http://localhost:3000/oauth/callback/OpenSRP/'
  #     - 'EXPRESS_FRONTEND_OPENSRP_CALLBACK_URL=http://localhost:3000/fe/oauth/callback/opensrp'
  #     - 'EXPRESS_SERVER_LOGOUT_URL=http://localhost:3000/logout'

  #     # UUID's
  #     - 'EXPRESS_SESSION_SECRET=rand0mlyGeneratedSecretString'

  #     # content security policy configuration
  #     # remove optional-sentry-base-url config block if your deployment has no sentry
  #     - 'EXPRESS_CONTENT_SECURITY_POLICY_CONFIG={"connect-src":["''self''","<optional-sentry-base-url>","http://localhost:8090","http://localhost:8080"],"default-src":["''self''"],"img-src":["''self''","https://github.com/opensrp/","https://*.githubusercontent.com/opensrp/"]}'

  #   # optional sentry config
  #   # - 'EXPRESS_RESPONSE_HEADERS={"report-to":", {endpoints:[{url:https://<optional-sentry-base-url>/api/<optional-sentry-projectId>/security/?sentry_key=<optional-sentry-key>\\u0026sentry_environment=<optional-sentry-environment>\\u0026sentry_release=<optional-sentry-release-name>}],group:csp-endpoint,max_age:10886400}"}'

  #   # optional redis and redis sentinel session store config (use either or neither not both)
  #   # - 'EXPRESS_REDIS_STAND_ALONE_URL=redis://username:password@redis-base-url:port/db'
  #   # - 'EXPRESS_REDIS_SENTINEL_CONFIG={"name":"sentinelMasterName","sentinelPassword":"sentinelMasterPassword","sentinels":[{"host":"sentinel-node-1-base-url","port":"12345"},{"host":"sentinel-node-2-base-url","port":"12345"},{"host":"sentinel-node-3-base-url","port":"12345"}]}'

  fhir-proxy:
    image: onaio/fhir-gateway-plugin:v1.0.3
    environment:
    #- TOKEN_ISSUER=http://localhost:8090/auth/realms/fhapi
    - TOKEN_ISSUER=http://localhost:8090/realms/fhapi
    - PROXY_TO=http://localhost:8099/fhir
    - BACKEND_TYPE=HAPI
    - ACCESS_CHECKER=list
    - RUN_MODE=DEV
    - ALLOWED_QUERIES_FILE
    network_mode: "host"
    healthcheck:
      # As hapi-server does not support curl, we check here that the
      # hapi-server is ready to accept requests
      test: curl --fail http://localhost:8099/fhir/metadata > /dev/null
      # start_period: 35s
      interval: 10s
      retries: 5
      timeout: 10s
    restart: on-failure
    depends_on:
      - fhir
      - keyclock


#configs:
#  hapi:
#     file: ./hapi.application.yaml