This container runs HAPI-FHIR on Tomcat, proxied by nginx. It is setup to run as an AWS ECS container, retrieving run configurations from PS, managing AuthN/AuthZ through Auth0 JWT, and is entirely specific to our internal deployments.
The following command can be used to build the container. The HAPI_FHIR_VERSION
build argument specifies the release of the HAPI-FHIR source to specify as dependency
versions in the pom.xml. The HAPI_FHIR_SOURCE argument specifies which Maven
project directory should be copied to the image for building. Due to package
differences between HAPI-FHIR 2.x and 3.x.x, each project source must be separate.
Also included are projects that contain the HAPI-FHIR overlay for testing and
viewing FHIR resources through a web UI.
docker build . -t dbmi/hapi-fhir:2.5-overlay --build-arg HAPI_FHIR_VERSION 2.5 --build-arg HAPI_FHIR_SOURCE hapi-fhir-2.x-overlay
This project is built to persist data to a MySQL instance and then authenticate and authorize by JWT. Details for both are configurable through environment variables, including the ability to disable all JWT AuthN/AuthZ if needed. Also needed is a port to set nginx to listen on as well as a server name and absolute server URL for FHIR to correctly return resource URLs despite being proxied by nginx.
docker run -d -e APP_PORT=8080 \
-e FHIR_MYSQL_URL=<url> \
-e FHIR_MYSQL_USERNAME=<username> \
-e FHIR_MYSQL_PASSWORD=<password> \
-e JWT_ISSUER=https://<client>.auth0.com/ \
-e JWT_AUDIENCE=<Auth0 client ID> \
-e JWT_HEADER_PREFIX="JWT " \
-e JWT_COOKIE_NAME="DBMI_JWT \
-e JWT_AUTHZ_CLAIM=https://some.oidc.compliant.namespace/authz \
-e JWT_ADMIN_GROUP=fhir-admin \
--name hapi-fhir dbmi/hapi-fhir:2.5-overlay