Commit 3fb359e8 authored by Olaf Rode's avatar Olaf Rode

Initial Commit

parents
# Deployment
## Overview
This project contains a docker compose file that is used do describe the deployment of a full AsK service stack. The file describes e.g. the required network, the services the AsK stack consist of as well as detailed configuration parameter. By following the [deployment documentation](http://ask.fokus.fraunhofer.de/dokumentation/#deployment) on the project's website a full AsK service stack can be deployed on a single machine with docker and docker-compose installed.
## Customization
The deployment parameters contained in the compose file (```fullstack.yaml```) are only suitable for the AsK deployment that is operated by Fraunhofer FOKUS. If you want to use this file for your own environment, you have to adjust at least the following parameters:
- **services.reverseproxy.environment.SERVER_NAME** - This attribute defines the fully-qualified domain name (FQDN)), the reverse proxy will forward traffic for. This is the value you will have to use in many other configuration values as well.
- **services.fhir.environment.FULL_FHIR_URL** - This is the full base URL under which the FHIR Service will be reachable. Make sure to insert the correct fully-qualified domain name (see above).
- **services.fhir.environment.TURN_SERVER** - Please insert the correct fully-qualified domain name.
- **services.fhir.environment.TURN_SECRET** - Secret that is need for password creation. Note: The value must match **services.coturn.environment.AUTH_SECRET**.
- **services.fhir.environment.SIGNALLING_SERVER** - Please insert the correct fully-qualified domain name
- **services.fhir.environment.OIDC_KEYSOURCE** - This attribute defines the endpoint, this service will connect to, to retrieve key material that is used to validate OIDC token. Please insert the correct fully-qualified domain name value as part of this URL.
- **services.fhir.environment.OIDC_USERINFOENDPOINT** - This attribute defines the endpoint, this service will connect to, to retrieve additional user attributes. Please insert the correct fully-qualified domain name value as part of this URL.
- **services.idp.environment.KEYCLOAK_PASSWORD** - Define a password that will be used to protect the admin interface of your keycloak instance.
- **services.mqtt-acs.environment.oidc_keysource** - This attribute defines the endpoint, this service will connect to, to retrieve key material that is used to validate OIDC token. Please insert the correct fully-qualified domain name value as part of this URL.
- **services.mqtt-acs.environment.oidc_userinfoendpoint** - This attribute defines the endpoint, this service will connect to, to retrieve additional user attributes. Please insert the correct fully-qualified domain name value as part of this URL.
- **services.coturn.environment.AUTH_SECRET** - Secret that is need for password validation. Note: The value must match **services.fhir.environment.TURN_SECRET**.
- **services.coturn.environment.EXTERNAL_IP** - Set external IP address of the system. The FQDN must resolve into this address.
## Starting the AsK Service Stack
The following command has to be executed only **once** to create a docker internal network:
```
docker network create asknet
```
The following command has to be executed to start the AsK service stack:
```
docker-compose -f fullstack.yaml up -d
```
**Note 1:** Make sure to follow the instructions of the [deployment documentation](http://ask.fokus.fraunhofer.de/dokumentation/#deployment) as additional steps are required to setup a working environment. These steps might include the creation of unavailable docker images or the post-deployment configuration of individual services.
**Note 2:** Additional information regarding the use of docker-compose can be found in the [official documentation](https://docs.docker.com/compose/).
version: '3.2'
services:
reverseproxy:
image: dockerhub.fokus.fraunhofer.de:5000/egav/reverse-proxy
ports:
- "80:80"
- "443:443"
- "8883:8883"
container_name: reverseproxy
environment:
- SERVER_NAME=ehealth-ask.fokus.fraunhofer.de
networks:
- asknet
dns_search: .
restart: unless-stopped
fhir:
image: dockerhub.fokus.fraunhofer.de:5000/egav/fhir-server
# ports:
# - "8080:8080"
container_name: fhir
environment:
- FULL_FHIR_URL=https://ehealth-ask.fokus.fraunhofer.de/baseDstu3
- MAPPING=/baseDstu3/*
- OIDC_KEYSOURCE=https://ehealth-ask.fokus.fraunhofer.de/auth/realms/AsK/protocol/openid-connect/certs
- OIDC_USERINFOENDPOINT=https://ehealth-ask.fokus.fraunhofer.de/auth/realms/AsK/protocol/openid-connect/userinfo
- SIGNALLING_SERVER=ehealth-ask.fokus.fraunhofer.de
- TURN_SERVER=ehealth-ask.fokus.fraunhofer.de
- TURN_SECRET=test123test123
networks:
- asknet
dns_search: .
restart: unless-stopped
idp:
image: dockerhub.fokus.fraunhofer.de:5000/egav/keycloak
ports:
- "10080:8080"
container_name: idp
environment:
- KEYCLOAK_IMPORT=/tmp/realm-export.json
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=test123.
networks:
- asknet
dns_search: .
restart: unless-stopped
mqtt:
image: dockerhub.fokus.fraunhofer.de:5000/egav/mosquitto-build
# ports:
# - "1883:1883"
container_name: mqtt
networks:
- asknet
dns_search: .
restart: unless-stopped
mqtt-acs:
image: dockerhub.fokus.fraunhofer.de:5000/egav/mosquitto-acs
# ports:
# - "8090:8080"
container_name: mqtt-acs
environment:
- oidc_keysource=https://ehealth-ask.fokus.fraunhofer.de/auth/realms/AsK/protocol/openid-connect/certs
- oidc_userinfoendpoint=https://ehealth-ask.fokus.fraunhofer.de/auth/realms/AsK/protocol/openid-connect/userinfo
networks:
- asknet
dns_search: .
restart: unless-stopped
coturn:
image: dockerhub.fokus.fraunhofer.de:5000/egav/coturn
container_name: coturn
environment:
- EXTERNAL_IP=193.174.152.97
- AUTH_SECRET=test123test123
network_mode: host
restart: unless-stopped
networks:
asknet:
external: true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment