Local port setup for Botswana (#17)

* Cleanup for port-based offline setup

* Changes for offline port-based setup

* Extracted MLLP testing and updated approach

* Removed  tag for simplicity

* Build fixes

* Remove profile

* MLLP testing fixes

* MLLP testing setup

* SHR update

* SHR version bump

* SHR version bump

* Fix

README.md

@@ -65,3 +65,77 @@ The certificates are loaded into the `certs` volume, which can be mounted in any
 - Hapi JPA Servers (https://github.com/hapifhir/hapi-fhir-jpaserver-starter)
 
 
+
+## HIE Testing Guide
+
+### 1. Setup
+Determine whether you're running a domain-based or port-based setup. Based on this, either use the `docker-compose.yml` file for domain-based, or the `docker-compose.local.yml` file for port-based. 
+
+This decision determines how services will be reached, and what environment needs to be used for testing. In each case, the traffic is routed through the `nginx` container, which distributes the traffic correctly based on domains or ports. See the `nginx` configuration in the corresponding `docker-compose.yml` file, and the configurations in `./configs/nginx`. 
+
+These instructions will assume a port-based approach when giving examples, so you can swap in the corresponding domain-based urls from the `nginx.conf` files. 
+### 2. Verify access to OpenHIM
+
+Make sure console is up and running, and pointed to the correct, external (non-docker) url for the `openhim-core` api (port `8080`):
+```sh
+docker logs -n 100 openhim-console
+```
+
+Make sure `openhim-core` is running correctly:
+```sh
+docker logs -n 100 openhim-core
+```
+
+Open openhim console url in browser window:
+`https://localhost`
+
+Log in using default password:
+`[email protected]/openhim-password`
+
+Set new admin password
+
+Browse the OpenHIM Dashboard
+### 3. Activate and Verify the Mediators
+
+Go to `Mediators` tab in OpenHIM console.
+
+Verify that the following three mediators are registered and have active (green) heartbeats:
+- OpenCR
+- SHR
+- FHIR-HL7 Converter
+
+Add the channels associated with each mediator with the green `+` button.
+
+Go to the `Clients and Roles` tab and create the following roles and channel assignments:
+1. shr-client (all SHR mediator channels)
+2. opencr-client (all OpenCR mediator channels)
+3. converter-client (all Fhir Converter mediator channels)
+4. mfl-client (placeholder)
+5. omang-client (placeholder)
+6. bd-client (placeholder)
+
+In the clients section, create the following clients and assign roles:
+1. pims-test(shr-client, opencr-client, mfl-client)
+2. ipms-test(shr-client)
+3. shr(opencr-client, converter-client, mfl-client, omang-client, bd-client)
+4. opencr(converter-client, omang-client, bd-client)
+
+For each client, add Basic Auth authentication in the Authentication tab. The client name will be the username for BasicAuth, and will need to be set correctly in configurations for the communication workflows to work. For production, certificate-based authentication will be used. 
+
+To enable testing, the following temporary client should also be created and given access to all of the listed roles: `postman/postman`. If a password other than this default is required, the corresponding settings need to be updated in each `.json` file in `.postman/collections` for the tests to run correctly. 
+
+
+
+### 4. Run Postman Tests
+
+
+
+### MLLP Testing
+Dependencies: openhim-core, openhim-console, shr, fhir-converter
+
+1. Check that the
+
+1. ADT
+2. ORU
+
+For this test, the test will respond with success if it passes, and it will log a couple transactions in the OpenHIM console. 

configs/nginx/certs/apache-selfsigned.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6TCCAtGgAwIBAgIUaGXsC4IYiywkFsJ89o6OUX+QwS0wDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTESMBAGA1UEBwwJU2hvcmVs
+aW5lMRIwEAYDVQQKDAlJLVRFQ0gtVVcxDTALBgNVBAsMBERJR0kxEjAQBgNVBAMM
+CWxvY2FsaG9zdDEcMBoGCSqGSIb3DQEJARYNcG1hbmtvQHV3LmVkdTAeFw0yMTEw
+MjgyMTE3MzlaFw0yMjEwMjgyMTE3MzlaMIGDMQswCQYDVQQGEwJVUzELMAkGA1UE
+CAwCV0ExEjAQBgNVBAcMCVNob3JlbGluZTESMBAGA1UECgwJSS1URUNILVVXMQ0w
+CwYDVQQLDARESUdJMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgkqhkiG9w0BCQEW
+DXBtYW5rb0B1dy5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW
+ClsP30SnLNv0iE+DUgV3Np7Dy648B3cCFYkZag4HDdDj0DIqzho+bpuxwph641Sc
+TzZhu45FssDr8hUMPVMJJsuz3k+y1BhjlLP0fiN/wrxA+9qjEZXvezSLbGd6iaAY
+cvP46a7rklaekJELMXRFb8FcPoQ1y+0U/WnzgPy5p/e9jCOJN5zWTNs8XXyXs2/I
+aw33pV0LSdPp9cwSiiDEGwg0i+11+I+nO28HVR70tGW5oX830TtH6/XFVqXVVs9P
+RMi6aI0i6G0vT+r1C28b0uRzBjHRQ7mWRHUeAFZIfLQBceIEfAeIah5c6Cbrgg+O
++IlmfghNOHXv49vEx8tvAgMBAAGjUzBRMB0GA1UdDgQWBBSBMLMDRU6yGYk8a1Dz
+SlDjdUV3CTAfBgNVHSMEGDAWgBSBMLMDRU6yGYk8a1DzSlDjdUV3CTAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCHeK1EBQ17HeRwKs2meUZOyGvk
+vtuHDdjDkFU/uoD9Kb4SihK7cQb8eAdLo+veQKKt7Q5GR4/7+6eqFunbczLC/W1A
+WlkeaSxyzNtWvEf2Jik51+VQ+1zcTjZGc0ON6ajl9hvFnLXo19DYcCvxVlL09Aci
+KyBsYkO08nQhKPcMIPQCn1aq30TJ3EfquKPiqbtVkod9Dvyld1oNrLZqvSe8EHnn
+Ak7nE135l68ZTesyveL5IG6AJeNgjESldcsV0S+1TJ3Et9kNpFZgL/S7XK/8FbGY
+VvUK7Kb3wwVPuG1RmZ3zroQ8DhFm9C9cO8W/XUns5g1kQpdMUIIkIwSKDmIp
+-----END CERTIFICATE-----

configs/nginx/certs/apache-selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDWClsP30SnLNv0
+iE+DUgV3Np7Dy648B3cCFYkZag4HDdDj0DIqzho+bpuxwph641ScTzZhu45FssDr
+8hUMPVMJJsuz3k+y1BhjlLP0fiN/wrxA+9qjEZXvezSLbGd6iaAYcvP46a7rklae
+kJELMXRFb8FcPoQ1y+0U/WnzgPy5p/e9jCOJN5zWTNs8XXyXs2/Iaw33pV0LSdPp
+9cwSiiDEGwg0i+11+I+nO28HVR70tGW5oX830TtH6/XFVqXVVs9PRMi6aI0i6G0v
+T+r1C28b0uRzBjHRQ7mWRHUeAFZIfLQBceIEfAeIah5c6Cbrgg+O+IlmfghNOHXv
+49vEx8tvAgMBAAECggEBAL6YHhp2H/YVdg+7ycIQKZnMY3fKSW5e31RVxO2CiNcz
+ME2MOP/w42GwsKeLtqfHArLlvnEsyDW8RRpVSPTLLsO5bi7OyX1ebBFQeyY9pHLB
+/0yGeFw47qB/v3xfnY16O7tJsYJ25DIU71jnNqEW+ohSSYZQjP4yhvzn447XzzOp
+giY6e8zbuhTkGVYYKPY19t2S6PMtY5ehZs43VRt2Mt3xIvBoXDwaLEglR+5y+P0m
+Ox3qR5H/0iUqNBWDcHzlg+9rXL2frujkV5hC2RHaaeUpfiSt24F27JI1s2MurMG8
+DtFxmUWeLC73se5WDPKHfvXGBRT3NrmMdfiXv3QZcOECgYEA/fMPCkFsS/TqaCYs
+sKMZ+/iDM8TGRsJeUgmlGUvP+44UO7ljKASSq7iDkWW5qPQsrdUOcE++zz6Jo2y9
+p8GqIsCkmalyNj5DQkJtFATj/FpuaZ2QsjELm/U8Jdot0ErAAuDttsDUSrPCfxll
+/D/xaZQiq+Mutev7pyuY1nFEAjkCgYEA18TM+xFQMbkmGJr8zPr3Ae9cAqKVAnPR
+U1N5histXYttWPjZvMOV8xUzTr+SxxgpEcItLLMru5S/nyQks1xfBEmQeE10Bnks
+haYVIcE+rDJsXsRQ0OWq9ba13hD0JvkcIrpE1JhQARDA2b9NOx4pYyWi/kBFUAry
+E+NVrimwGucCgYEAkoKSIMaR5liMjD3J9raCnT5I46sZAWXN6OKrn6Z/fZAA2Fwi
+esn4nJ29OjtIG9OTm06aH+3CFersmZ545Ln0oEwoKob535WYVDfimnQf3E2H+eLv
+wf5NxlJ7uxLe75bQpFiEjLU/RUHkalOK5Tc23kSapDRTlJ1q+I1MhhuesvECgYAk
+mPDbtPgRNwJLMh6m9fpnjZ3hpIn5vINIyuPV6gTr1PZbHPpxlgsdC/+D3+KZenOc
+236mEk3cp0JJT+wZsBU9uOyUOy7u2ia/FIiJDSoAMx1Gha3fgNUakD8Qx3diFOa8
+zTNXi+4mAB110Yjb+iWy93NKBMS86t5cmTazL8b7CQKBgQD49cg8Ep8WiA2W0z3z
+ZRGwhqLu1d6hv55VmV2T4WyqxTzCi54bjMN9Ft13jXBCTLQHFyWpn8doA8WxyJ4f
+57DWmaf5nfqjifKm+CY91nLa+oyyqUx2sM49Hd4/ZEscpg60eK0PKRKnJEKkW1k7
+6cBwtXl1YajNVglvpA91Kobomw==
+-----END PRIVATE KEY-----

configs/nginx/nginx.local.conf

@@ -0,0 +1,128 @@
+events {
+  worker_connections  4096;
+}
+
+http {
+  fastcgi_read_timeout 1d;
+  client_max_body_size 1024M;
+  proxy_read_timeout 1d;
+
+  ssl_certificate     /etc/certs/apache-selfsigned.crt;
+  ssl_certificate_key /etc/certs/apache-selfsigned.key;
+
+  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers         HIGH:!aNULL:!MD5;
+
+  server {
+    listen 443 ssl;
+    server_name _;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream openhim-console;
+      proxy_pass http://$upstream;
+    }
+  }
+
+  server {
+    listen            8080 ssl;
+    server_name _;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream openhim-core;
+      proxy_pass https://$upstream:8080;
+    }
+  }
+
+  server {
+    listen            5001 default_server;
+    server_name _;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream openhim-core;
+      proxy_pass http://$upstream:5001;
+    }
+  }
+  server {
+    listen            5000 ssl;
+    server_name _;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream openhim-core;
+      proxy_pass https://$upstream:5000;
+    }
+  }
+
+  # Mediators
+
+  server {
+    listen 10040 ssl;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream mllp;
+      proxy_pass http://$upstream:2527;
+    }
+  }
+
+  server {
+    listen              2019 ssl;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;  
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream fhir-converter;
+      proxy_pass http://$upstream:2019;
+    }
+  }
+
+  server {
+    listen            8090 ssl;
+    server_name _;
+
+    location / {
+      resolver 127.0.0.11 valid=30s;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      set $upstream shr-fhir;
+      proxy_pass http://$upstream:8080;
+    }
+  }
+
+  # Testing
+}