Decide whether you're running a domain-based or port-based setup. Based on this, either use the docker-compose.yml file for domain-based, or the docker-compose.local.yml file for port-based.
This decision determines how services will be reached, and what environment needs to be used for testing. In each case, the traffic is routed through the nginx container, which distributes the traffic correctly based on domains or ports. See the nginx configuration in the corresponding docker-compose.yml file, and the configurations in ./configs/nginx.
We assume a port-based setup for these instructions.
git clone https://github.com/B-TECHBW/hie-botswana.gitcd hie-botswana
docker-compose -f docker-compose.local.yml up -d openhim-core openhim-console mongo-db opencr-fhir shr-fhir opencr-es kafka zookeeper nginxOpen the OpenHIM console in the browser and use default login and password:
[email protected]/openhim-password.
Change the password when prompted to one that your mediators will use.
Ensure the chosen password is set correctly in the configuration files for these mediators in the mediator:api:password setting:
- https://github.com/B-TECHBW/hie-botswana/blob/main/configs/fhir-converter/config_port.json
- https://github.com/B-TECHBW/hie-botswana/blob/main/configs/shr/config_ports.json
- https://github.com/B-TECHBW/hie-botswana/blob/main/configs/opencr/config_port.json
Then, start up the mediators:
docker-compose -f docker-compose.local.yml up -d shr opencr fhir-converterYou can check the logs of the mediators by running:
docker-compose -f docker-compose.local.yml logs shr opencr fhir-converterThese instructions will assume a port-based approach when giving examples, so you can swap in the corresponding domain-based urls from the nginx.conf files.
Make sure console is up and running, and pointed to the correct, external (non-docker) url for the openhim-core api (port 8080):
docker logs -n 100 openhim-consoleMake sure openhim-core is running correctly:
docker logs -n 100 openhim-coreOpen openhim console url in browser window:
https://localhost
Log in using default password and set a new admin password if not done already, using the following defaults:
[email protected]/openhim-password
Make sure whatever password you choose is updated in the opencr, shr, and fhir-converter config files.
You should now be logged into the OpenHIM Dashboard.
Go to Mediators tab in OpenHIM console.
Verify that the following three mediators are registered and have active (green) heartbeats:
- OpenCR
- SHR
- FHIR-HL7 Converter
Add the channels associated with each mediator with the green + button.
Go to the Clients and Roles tab and create the following roles and channel assignments:
- shr-client (all SHR mediator channels)
- opencr-client (all OpenCR mediator channels)
- converter-client (all Fhir Converter mediator channels)
- mfl-client (placeholder)
- omang-client (placeholder)
- bd-client (placeholder)
In the clients section, create the following clients and assign roles:
- pims-test(shr-client, opencr-client, mfl-client)
- ipms-test(shr-client)
- shr(opencr-client, converter-client, mfl-client, omang-client, bd-client)
- opencr(converter-client, omang-client, bd-client)
For each client, add Basic Auth authentication in the Authentication tab. The client name will be the username for BasicAuth, and will need to be set correctly in configurations for the communication workflows to work. For production, certificate-based authentication will be used.
To enable testing, the following temporary client should also be created and given access to all of the listed roles: postman/postman. If a password other than this default is required, the corresponding settings need to be updated in each .json file in .postman/collections for the tests to run correctly.
Verify that the .postman/postman_env.moh.json environment file has the correct urls for the setup to be tested.
Run the tests:
./.postman/run-tests-offline.shFor this test, the test will respond with success if it passes, and it will log a couple transactions in the OpenHIM console.
Run the tests:
sudo docker-compose -f docker-compose.local.yml up mllp_testsgit clone https://github.com/B-TECHBW/hie-botswana.git
cd hie-botswana
./dist/build_package.sh./load_package.sh
See step #3 in Install Instructions section
For AWS setups, we use Letsencrypt to provide SSL certificates for the domain. See https://nandovieira.com/using-lets-encrypt-in-development-with-nginx-and-aws-route53 for more guidance.
Certificates are grabbed/managed by the certbot service in the docker-compose.yaml file. This service requires the following variables: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. See https://certbot-dns-route53.readthedocs.io/en/stable/ for information on how to obtain these values in AWS.
Certificate generation and renewal will eventually be automated, but currently can be run with the following command:
sudo -E docker-compose up certbot
The certificates are loaded into the certs volume, which can be mounted in any other docker container, and is primarily used by Nginx.
- NGINX Reverse Proxy
- Open Client Registry (https://github.com/intrahealth/client-registry)
- OpenHIM (http://openhim.org/)
- Shared Health Record (https://github.com/i-tech-uw/shared-health-record)
- FHIR <-> HL7v2 Converter (https://github.com/B-TECHBW/openhim-mediator-fhir-converter)
- Hapi JPA Servers (https://github.com/hapifhir/hapi-fhir-jpaserver-starter)