Merge pull request #89 from medizininformatik-initiative/release/v4.1.0

Release/v4.1.0

.github/workflows/ci.yml

@@ -41,10 +41,24 @@ jobs:
     - name: Initialize .env's
       run: feasibility-triangle/initialise-triangle-env-files.sh
 
-    - name: Change Flare External Port
-      run: sed -i 's/8084/18084/g' feasibility-triangle/flare/.env
+    - name: Change Configuration for localhost
+      run: |
+        sed -i -r -e 's#^(FHIR_SERVER_OPENID_PROVIDER_URL)=.*$#\1=https://auth.localhost:444/realms/blaze#' \
+                  -e 's#^(FHIR_SERVER_FRONTEND_KEYCLOAK_HOSTNAME_URL)=.*$#\1=https://auth.localhost:444/#' \
+                  -e 's#^(FHIR_SERVER_FRONTEND_KEYCLOAK_HTTP_RELATIVE_PATH)=.*$#\1=/#' \
+            feasibility-triangle/fhir-server/.env
+        sed -i -r -e 's#8084#18084#g' \
+                  -e 's#^(FLARE_FHIR_OAUTH_ISSUER_URI)=.*$#\1=https://auth.localhost:444/realms/blaze#' \
+            feasibility-triangle/flare/.env
+        sed -i -r -e 's#^(FHIR_SERVER_HOSTNAME)=.*$#\1=fhir.localhost#' \
+                  -e 's#^(FLARE_HOSTNAME)=.*$#\1=flare.localhost#' \
+                  -e 's#^(KEYCLOAK_HOSTNAME)=.*$#\1=auth.localhost#' \
+                  -e 's#^(FEASIBILITY_TRIANGLE_REV_PROXY_NGINX_CONFIG)=.*$#\1=./subdomains.nginx.conf#' \
+            feasibility-triangle/rev-proxy/.env
 
     - name: Generate certificate
+      env:
+        CERT_DOMAINS: "fhir.localhost, flare.localhost, auth.localhost"
       run: feasibility-triangle/generate-cert.sh
 
     - name: Start Triangle

CHANGELOG.md

@@ -17,6 +17,14 @@ Please refer to the respective repositories for a more in depth changelog of sin
 |Blaze FHIR server|<https://github.com/medizininformatik-initiative/blaze>|
 
 
+## [4.1.0] - 2024-07-16
+
+### Overall
+
+- Changed to context configuration (installing using one domain) for default setup
+- Added option to switch between subdomain and context setup
+
+
 ## [4.0.0] - 2024-07-01
 
 ### Overall

feasibility-portal/README.md

@@ -78,15 +78,15 @@ This starts the following default local feasibility portal, with the following c
 | Component | url                                | description |
 |-----------|------------------------------------|-------------|
 | GUI       | https://feasibility-subdomain.my-feasibility-domain      |             |
-| Keycloak  | https:/keycloak-subdomain.my-feasibility-domain/auth |             |
+| Keycloak  | https:/keycloak-subdomain.my-feasibility-domain |             |
 | Backend   | https:/backend-subdomain.my-feasibility-domain//api/v3 |             |
 
 
 ### Step 7 - Configure keycloak and add a user for the user interface
 
 Please note that the keycloak provided here is an example setup, and we strongly recommend for each site to adjust the keycloak installation to their local security requirements or connect the local feasibility portal to a keycloak already provided at the site.
 
-Navigate to https://my-fesibility-domain/auth/keycloakadmin/admin
+Navigate to https://keycloak-subdomain.my-fesibility-domain/admin/master/console/
 click on "Administration Console" and log in to keycloak using the admin user and password set in step 6 (FEASIBILITY_KC_ADMIN_USER, FEASIBILITY_KC_ADMIN_PW).
 User: admin
 Pw: my password set in step 6

feasibility-portal/down-feasibility-portal.sh

@@ -4,7 +4,12 @@ COMPOSE_PROJECT=${FEASIBILITY_COMPOSE_PROJECT:-feasibility-deploy}
 
 BASE_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 1 ; pwd -P )"
 
-docker compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/keycloak/docker-compose.yml down
+ docker compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/keycloak/docker-compose.yml down
+
+
 docker compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/backend/docker-compose.yml down
 docker compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/gui/docker-compose.yml down
-docker compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/proxy/docker-compose.yml down -v
+docker compose -p "$COMPOSE_PROJECT" -f "$BASE_DIR"/proxy/docker-compose.yml down -v 
+
+
+

feasibility-triangle/DEVELOPMENT.md

@@ -4,7 +4,6 @@ The portal and triangle can be run locally for testing purposes.
 
 Follow the instructions provided in the [README](./README.md#setting-up-the-feasibility-triangle) and insert the
 following instructions between step 4 and step 5:
-with 
 
 ### Step 4.5 - Generate Self-Signed Certificates
 In order to generate self-signed certificates which will be used for TLS encryption and client authentication execute
@@ -13,3 +12,22 @@ the following command:
 ```sh
 ./generate_cert.sh
 ```
+
+You will be asked to provide one or more domains for your certificate. These domains must be accessible from inside
+docker containers running on same host where the triangle will be started. The scripts defaults to the hostname of the
+machine it is executed on. You can check the accessibility of the hostname by executing:
+
+```sh
+docker run --rm alpine:3 nslookup $(hostname)
+```
+
+If you don't have a hostname/domain which can be resolved from inside a docker container, you can use `localhost` if
+you are running the triangle (and portal) on the same machine you want to access the frontends via browser or use
+custom hostnames in your `hosts` file (`/etc/hosts` for Linux/Mac, `C:\Windows\system32\drivers\etc\hosts` for Windows)
+for the localhost ip `127.0.0.1`. In this case it is necessary to use the
+[subdomains.nginx.conf](./rev-proxy/subdomains.nginx.conf) as nginx configuration (see`rev-proxy/.env`) and preferrably
+use the subdomains `fhir.localhost`, `auth.localhost` and`flare.localhost`. The subdomain for keycloak (`auth.localhost`
+in this case) needs to be forwarded to the host for the fhir-server, fhir-server-frontend and flare docker container.
+This is already preconfigured in the `docker-compose.yml` files for these services (see section `extra-hosts` in
+[fhir-server/docker-compose.yml](./fhir-server/docker-compose.yml) and
+[flare/docker-compose.yml](./flare/docker-compose.yml)).