-
Notifications
You must be signed in to change notification settings - Fork 4
/
docker-compose.yml
151 lines (149 loc) · 8.82 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
services:
dataportal-backend:
container_name: dataportal-backend
restart: unless-stopped
build: .
ports:
- ${DATAPORTAL_BACKEND_PORT:-127.0.0.1:8091}:8090
depends_on:
dataportal-postgres:
condition: service_started
dataportal-elastic:
condition: service_healthy
init-elasticsearch:
condition: service_completed_successfully
environment:
JAVA_OPTS: ${DATAPORTAL_BACKEND_JAVA_OPTS}
# ----- app
QUERY_VALIDATION_ENABLED: ${DATAPORTAL_BACKEND_QUERY_VALIDATION_ENABLED:-true}
CQL_TRANSLATE_ENABLED: ${DATAPORTAL_BACKEND_CQL_TRANSLATE_ENABLED:-true}
FHIR_TRANSLATE_ENABLED: ${DATAPORTAL_BACKEND_FHIR_TRANSLATE_ENABLED:-false}
API_BASE_URL: ${DATAPORTAL_BACKEND_API_BASE_URL:-https://localhost/api/}
ALLOWED_ORIGINS: ${DATAPORTAL_BACKEND_ALLOWED_ORIGINS:-https://localhost}
QUERYRESULT_EXPIRY_MINUTES: ${DATAPORTAL_BACKEND_QUERYRESULT_EXPIRY_MINUTES:-5}
ONTOLOGY_ORDER: ${DATAPORTAL_BACKEND_ONTOLOGY_ORDER:-"Diagnose, Prozedur, Person, Laboruntersuchung, Medikamentenverabreichung, Bioprobe, Einwilligung"}
MAX_SAVED_QUERIES_PER_USER: ${DATAPORTAL_BACKEND_MAX_SAVED_QUERIES_PER_USER:-100}
# ---- db config
DATABASE_HOST: ${DATAPORTAL_BACKEND_DATABASE_HOST:-dataportal-backend-db}
DATABASE_PORT: ${DATAPORTAL_BACKEND_DATABASE_PORT:-5432}
DATABASE_USER: ${DATAPORTAL_BACKEND_DATABASE_USERNAME:-dataportaluser}
DATABASE_PASSWORD: ${DATAPORTAL_BACKEND_DATABASE_PASSWORD:-dataportalpw}
DATABASE_DBNAME: ${DATAPORTAL_BACKEND_DATABASE_DBNAME:-dataportal}
# ---- ontology
ONTOLOGY_FILES_FOLDER_UI: ${DATAPORTAL_BACKEND_ONTOLOGY_FILES_FOLDER:-/opt/dataportal-backend/ontology}
ONTOLOGY_DB_MIGRATION_FOLDER: ${DATAPORTAL_BACKEND_ONTOLOGY_DB_MIGRATION_FOLDER:-/opt/dataportal-backend/ontology/migration}
MAPPINGS_FILE: ${DATAPORTAL_BACKEND_ONTOLOGY_FILES_FOLDER:-/opt/dataportal-backend/ontology}/mapping_cql.json
CONCEPT_TREE_FILE: ${DATAPORTAL_BACKEND_ONTOLOGY_FILES_FOLDER:-/opt/dataportal-backend/ontology}/mapping_tree.json
# ---- auth
KEYCLOAK_ENABLED: ${DATAPORTAL_BACKEND_KEYCLOAK_ENABLED:-true}
KEYCLOAK_BASE_URL: ${DATAPORTAL_BACKEND_KEYCLOAK_BASE_URL:-http://keycloak:8080}
KEYCLOAK_CLIENT_ID: ${DATAPORTAL_BACKEND_KEYCLOAK_CLIENT_ID:-dataportal-gui}
KEYCLOAK_ALLOWED_ROLE: ${DATAPORTAL_BACKEND_KEYCLOAK_ALLOWED_ROLE:-DataportalUser}
KEYCLOAK_POWER_ROLE: ${DATAPORTAL_BACKEND_KEYCLOAK_POWER_ROLE:-DataportalPowerUser}
KEYCLOAK_ADMIN_ROLE: ${DATAPORTAL_BACKEND_KEYCLOAK_ADMIN_ROLE:-DataportalAdmin}
KEYCLOAK_BASE_URL_ISSUER: ${DATAPORTAL_BACKEND_KEYCLOAK_BASE_URL_ISSUER:-http://auth:8080}
KEYCLOAK_BASE_URL_JWK: ${DATAPORTAL_BACKEND_KEYCLOAK_BASE_URL_JWK:-http://auth:8080}
KEYCLOAK_REALM: ${DATAPORTAL_BACKEND_KEYCLOAK_REALM:-dataportal}
#---- Mock broker
BROKER_CLIENT_MOCK_ENABLED: ${DATAPORTAL_BACKEND_BROKER_CLIENT_MOCK_ENABLED:-true}
#---- Direct broker
BROKER_CLIENT_DIRECT_ENABLED: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_ENABLED:-false}
BROKER_CLIENT_DIRECT_USE_CQL: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_USE_CQL:-false}
BROKER_CLIENT_OBFUSCATE_RESULT_COUNT: ${DATAPORTAL_BACKEND_BROKER_CLIENT_OBFUSCATE_RESULT_COUNT:-false}
BROKER_CLIENT_DIRECT_AUTH_BASIC_USERNAME: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_BASIC_USERNAME}
BROKER_CLIENT_DIRECT_AUTH_BASIC_PASSWORD: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_BASIC_PASSWORD}
BROKER_CLIENT_DIRECT_AUTH_OAUTH_ISSUER_URL: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_ISSUER_URL:-https://keycloak.localhost:444/realms/blaze}
BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_ID: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_ID:-account}
BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_SECRET: ${DATAPORTAL_BACKEND_BROKER_CLIENT_DIRECT_AUTH_OAUTH_CLIENT_SECRET:-insecure}
FLARE_WEBSERVICE_BASE_URL: ${DATAPORTAL_BACKEND_FLARE_WEBSERVICE_BASE_URL:-http://flare:8080}
CQL_SERVER_BASE_URL: ${DATAPORTAL_BACKEND_CQL_SERVER_BASE_URL:-http://fhir-server:8080/fhir}
# ---- Aktin broker
BROKER_CLIENT_AKTIN_ENABLED: ${DATAPORTAL_BACKEND_AKTIN_ENABLED:-false}
AKTIN_BROKER_BASE_URL: ${DATAPORTAL_BACKEND_AKTIN_BROKER_BASE_URL:-http://aktin-broker:8080/broker/}
AKTIN_BROKER_API_KEY: ${DATAPORTAL_BACKEND_AKTIN_BROKER_API_KEY:-xxxApiKeyAdmin123}
# ---- DSF broker
BROKER_CLIENT_DSF_ENABLED: ${DATAPORTAL_BACKEND_DSF_ENABLED:-false}
DSF_SECURITY_CACERT: ${DATAPORTAL_BACKEND_DSF_CACERT:-/opt/dataportal-security/ca.pem}
DSF_SECURITY_KEYSTORE_P12FILE: ${DATAPORTAL_BACKEND_DSF_DSF_SECURITY_KEYSTORE_P12FILE:-/opt/dataportal-security/test-user.p12}
DSF_SECURITY_KEYSTORE_PASSWORD: ${DATAPORTAL_BACKEND_DSF_SECURITY_KEYSTORE_PASSWORD:-password}
DSF_PROXY_HOST: ${DATAPORTAL_BACKEND_DSF_PROXY_HOST}
DSF_PROXY_USERNAME: ${DATAPORTAL_BACKEND_DSF_PROXY_USERNAME}
DSF_PROXY_PASSWORD: ${DATAPORTAL_BACKEND_DSF_PROXY_PASSWORD}
DSF_WEBSERVICE_BASE_URL: ${DATAPORTAL_BACKEND_DSF_WEBSERVICE_BASE_URL:-https://dsf-zars-fhir-proxy/fhir}
DSF_WEBSOCKET_URL: ${DATAPORTAL_BACKEND_DSF_WEBSOCKET_URL:-wss://dsf-zars-fhir-proxy:443/fhir/ws}
DSF_ORGANIZATION_ID: ${DATAPORTAL_BACKEND_DSF_ORGANIZATION_ID:-Test_ZARS}
# ---- privacy
PRIVACY_QUOTA_SOFT_CREATE_AMOUNT: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_AMOUNT:-3}
PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_SOFT_CREATE_INTERVALMINUTES:-1}
PRIVACY_QUOTA_HARD_CREATE_AMOUNT: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_HARD_CREATE_AMOUNT:-50}
PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_HARD_CREATE_INTERVALMINUTES:-10080}
PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_SUMMARY_POLLINGINTERVALSECONDS:-10}
PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_POLLINGINTERVALSECONDS:-10}
PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_AMOUNT:-3}
PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS: ${DATAPORTAL_BACKEND_PRIVACY_QUOTA_READ_DETAILED_OBFUSCATED_INTERVALSECONDS:-7200}
PRIVACY_THRESHOLD_RESULTS: ${DATAPORTAL_BACKEND_PRIVACY_THRESHOLD_RESULTS:-20}
PRIVACY_THRESHOLD_SITES: ${DATAPORTAL_BACKEND_PRIVACY_THRESHOLD_SITES:-3}
PRIVACY_THRESHOLD_SITES_RESULT: ${DATAPORTAL_BACKEND_PRIVACY_THRESHOLD_SITES_RESULT:-0}
QUERYRESULT_DISABLE_LOG_FILE_ENCRYPTION: "true"
# ---- Elastic Search
ELASTIC_SEARCH_ENABLED: ${DATAPORTAL_BACKEND_ELASTIC_SEARCH_ENABLED:-true}
ELASTIC_SEARCH_HOST: ${DATAPORTAL_BACKEND_ELASTIC_SEARCH_HOST:-dataportal-elastic}
ELASTIC_SEARCH_FILTER: ${DATAPORTAL_BACKEND_ELASTIC_SEARCH_FILTER:-context,terminology,kds_module}
# ---- logging
LOG_LEVEL_SQL: ${DATAPORTAL_BACKEND_LOG_LEVEL_SQL:-warn}
LOG_LEVEL: ${DATAPORTAL_BACKEND_LOG_LEVEL:-warn}
volumes:
- ${DATAPORTAL_BACKEND_CERTS_PATH:-../certs}:/opt/dataportal-security
- ./certs:/opt/dataportal-backend/certs
dataportal-postgres:
container_name: dataportal-postgres
image: 'postgres:16-alpine'
ports:
- ${DATAPORTAL_BACKEND_DB_PORT:-127.0.0.1:5432}:5432
environment:
POSTGRES_USER: ${DATAPORTAL_BACKEND_DATASOURCE_USERNAME:-dataportaluser}
POSTGRES_PASSWORD: ${DATAPORTAL_BACKEND_DATASOURCE_PASSWORD:-dataportalpw}
POSTGRES_DB: dataportal
restart: unless-stopped
volumes:
- type: volume
source: dataportal-postgres-data
target: /var/lib/postgresql/data
dataportal-elastic:
image: docker.elastic.co/elasticsearch/elasticsearch:8.16.1
container_name: dataportal-elastic
ports:
- '9200:9200'
- '9300:9300'
healthcheck:
test: [ "CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1" ]
interval: 30s
timeout: 30s
retries: 3
environment:
discovery.type: single-node
ES_JAVA_OPTS: -Xmx512m -Xms512m
node.name: es01
cluster.name: elasticsearch
xpack.security.enabled: false
volumes:
- type: volume
source: dataportal-elastic-data
target: /usr/share/elasticsearch/data
init-elasticsearch:
image: ghcr.io/medizininformatik-initiative/dataportal-es-init:latest
depends_on:
dataportal-elastic:
condition: service_healthy
environment:
ES_HOST: http://dataportal-elastic
ES_PORT: 9200
ONTO_GIT_TAG: v3.0.1
ONTO_REPO: https://github.com/medizininformatik-initiative/fhir-ontology-generator/releases/download
DOWNLOAD_FILENAME: elastic.zip
EXIT_ON_EXISTING_INDICES: false
volumes:
dataportal-postgres-data:
name: "dataportal-postgres-data"
dataportal-elastic-data:
name: "dataportal-elastic-data"