This repository has been archived by the owner on Mar 22, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Process Data Transfer Configuration v0.1.0
Reto Wettstein edited this page Oct 21, 2022
·
1 revision
The process can be configured using the following mandatory and optional environment variables depending on the organization's role. Add the necessary environment variables to the /opt/bpe/docker-compose.yml
file of your BPE.
- Property: de.medizininformatik.initiative.kds.fhir.server.base.url
- Required: true
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: The base address of the KDS FHIR server to read/store FHIR resources
- Example: http://foo.bar/fhir
- Recommendation: None
- Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.base.url
- Required: true
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: The base address of the KDS FHIR server to read/store FHIR resources
- Example: http://foo.bar/fhir
- Recommendation: None
- Default: not set by default
The following keypair could be generated by using the commands:
openssl genrsa -out cos_keypair.pem 4096
openssl rsa -in cos_keypair.pem -pubout -out cos_public_key.pem
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in cos_keypair.pem -out cos_private_key.pem
- Property: de.medizininformatik.initiative.cos.public.key
- Required: true
- Processes: medizininformatik-initiativede_dataReceive/
- Description: Location of the COS public-key as 4096 Bit RSA PEM encoded file
- Example: /run/secrets/cos_public_key.pem
- Recommendation: Use docker secret file to configure
- Default: not set by default
- Property: de.medizininformatik.initiative.cos.private.key
- Required: true
- Processes: medizininformatik-initiativede_dataReceive/
- Description: Location of the COS private-key as 4096 Bit RSA PEM encoded, not encrypted file
- Example: /run/secrets/cos_private_key.pem
- Recommendation: Use docker secret file to configure
- Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.trust.certificates
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: PEM encoded file with one or more trusted root certificate to validate the KDS FHIR server certificate when connecting via https
- Example: /run/secrets/hospital_ca.pem
- Recommendation: Use docker secret file to configure
- Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.basicauth.username
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Basic authentication username, set if the server containing the FHIR KDS data requests authentication using basic auth
- Example: None
- Recommendation: None
- Default: not set by default
DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_PASSWORD_FILE
- Property: de.medizininformatik.initiative.kds.fhir.server.basicauth.password
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Basic authentication password, set if the server containing the FHIR KDS data requests authentication using basic auth
- Example: /run/secrets/kds_server_basicauth.password
-
Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_PASSWORD_FILE. Caution! Editors like nano will add a
LF
(hex0A
) character at the end of the last line. Make sure that the password file does not end with theLF
character. For example by starting nano withnano -L file.password
. If you want to check that the file does not end with anLF
(hex0A
) character, usexxd file.password
to look at a hexdump. - Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.bearer.token
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Bearer token for authentication, set if the server containing the FHIR KDS data requests authentication using a bearer token, cannot be set using docker secrets
- Example: None
- Recommendation: None
- Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.certificate
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: PEM encoded file with client-certificate, if KDS FHIR server requires mutual TLS authentication
- Example: /run/secrets/kds_server_client_certificate.pem
- Recommendation: Use docker secret file to configure
- Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.private.key
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Private key corresponding to the KDS FHIR server client-certificate as PEM encoded file. Use DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE if private key is encrypted
- Example: /run/secrets/kds_server_private_key.pem
- Recommendation: Use docker secret file to configure
- Default: not set by default
DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.kds.fhir.server.private.key.password
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Password to decrypt the KDS FHIR server client-certificate encrypted private key
- Example: /run/secrets/kds_server_private_key.pem.password
-
Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE. Caution! Editors like nano will add a
LF
(hex0A
) character at the end of the last line. Make sure that the password file does not end with theLF
character. For example by starting nano withnano -L file.password
. If you want to check that the file does not end with anLF
(hex0A
) character, usexxd file.password
to look at a hexdump. - Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.proxy.url
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Proxy location, set if the server containing the FHIR KDS data can only be reached through a proxy
- Example: http://proxy.foo:8080
- Recommendation: None
- Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.proxy.username
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Proxy username, set if the server containing the FHIR KDS data can only be reached through a proxy which requests authentication
- Example: None
- Recommendation: None
- Default: not set by default
DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.kds.fhir.server.proxy.password
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Proxy password, set if the server containing the FHIR KDS data can only be reached through a proxy which requests authentication
- Example: None
-
Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_PASSWORD_FILE. Caution! Editors like nano will add a
LF
(hex0A
) character at the end of the last line. Make sure that the password file does not end with theLF
character. For example by starting nano withnano -L file.password
. If you want to check that the file does not end with anLF
(hex0A
) character, usexxd file.password
to look at a hexdump. - Default: not set by default
- Property: de.medizininformatik.initiative.kds.fhir.server.client
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Client implementation used to connect to the KDS FHIR server in order to read/store FHIR resources
- Example: None
- Recommendation: Use default value
- Default: de.medizininformatik_initiative.processes.projectathon.data_transfer.client.fhir.KdsFhirClientImpl
- Property: de.medizininformatik.initiative.kds.fhir.server.client.verbose
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: The KDS client will log additional debug output
- Example: See default value
- Recommendation: Change default value only if exceptions occur
- Default: false
- Property: de.medizininformatik.initiative.kds.fhir.server.timeout.connect
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: The timeout in milliseconds until a connection is established between the KDS client and the KDS FHIR server
- Example: See default value
- Recommendation: Change default value only if timeout exceptions occur
- Default: 10000
- Property: de.medizininformatik.initiative.kds.fhir.server.timeout.connection.request
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: The timeout in milliseconds used when requesting a connection from the connection manager between the KDS client and the KDS FHIR server
- Example: See default value
- Recommendation: Change default value only if timeout exceptions occur
- Default: 10000
- Property: de.medizininformatik.initiative.kds.fhir.server.timeout.socket
- Required: false
- Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
- Description: Maximum period of inactivity in milliseconds between two consecutive data packets of the KDS client and the KDS FHIR server
- Example: See default value
- Recommendation: Change default value only if timeout exceptions occur
- Default: 10000