hapi-fhir-au/backend/docker-compose-hapi-fhir-enable-tls.yml at main · Robinyo/hapi-fhir-au · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
services:

  # Make sure your certificates and keys (the *.pem files in the ./certs directory) have the correct permissions -> i.e., sudo chmod 600 *.pem

  postgres:
    container_name: postgres
    image: percona/percona-distribution-postgresql:17.5
    restart: unless-stopped
    # -c config_file=/etc/postgresql/postgresql.conf
    command: >
      -c ssl=on
      -c ssl_cert_file=/var/lib/postgresql/server.crt
      -c ssl_key_file=/var/lib/postgresql/server.key
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${HAPI_FHIR_DB} -U $${POSTGRES_USER}"]
      start_period: 10s
      interval: 30s
      retries: 5
      timeout: 5s
    ports:
      - 5432:5432
    environment:
      POSTGRES_DB: ${HAPI_FHIR_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      PGSSLMODE: require
      ENABLE_PG_TDE: 1
    env_file:
      - ./.env
    volumes:
      - '${PWD}/certs/cert.pem:/var/lib/postgresql/server.crt'
      - '${PWD}/certs/key.pem:/var/lib/postgresql/server.key'
      # - '${PWD}/services/postgres/conf/postgresql.conf:/etc/postgresql/postgresql.conf'
      # - '${PWD}/services/postgres/initdb:/docker-entrypoint-initdb.d'
      - postgres_data:/var/lib/postgresql/data
    networks:
      - hapi_fhir_network

  pgadmin:
    container_name: pgadmin
    build:
      context: ./services/pgadmin
      dockerfile: Dockerfile
    ports:
      - 5080:80
      - 5443:443
    volumes:
      - '${PWD}/certs/cert.pem:/certs/server.cert'
      - '${PWD}/certs/key.pem:/certs/server.key'
      - '${PWD}/pgadmin_data:/var/lib/pgadmin'
    environment:
      PGADMIN_ENABLE_TLS: true
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - hapi_fhir_network

  hapi-fhir:
    container_name: hapi-fhir
    build:
      context: ./services/hapi-fhir
      dockerfile: Dockerfile
    restart: unless-stopped
    ports:
      - 6443:8443
    environment:
      SERVER_SSL_ENABLED: true
      SERVER_SSL_KEY_STORE_TYPE: PKCS12
      SERVER_SSL_KEY_STORE: file:/keystore/keystore.p12
      SERVER_SSL_KEY_STORE_PASSWORD: secret
      SERVER_SSL_KEY_ALIAS: tomcat
      SERVER_PORT: 8443
      SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/${HAPI_FHIR_DB}
      SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER}
      SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD}
      SPRING_DATASOURCE_DRIVER_CLASS_NAME: org.postgresql.Driver
      SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgresDialect
      SPRING_JPA_PROPERTIES_SEARCH_ENABLED: false
    env_file:
      - ./.env
    volumes:
      - '${PWD}/certs/keystore.p12:/keystore/keystore.p12'
    configs:
      - source: hapi
        target: /app/config/application.yaml
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - hapi_fhir_network

networks:
  hapi_fhir_network:
    driver: bridge

volumes:
  postgres_data:
    driver: local

configs:
  hapi:
    file: ./hapi.application-enable-tls.yaml