-
Notifications
You must be signed in to change notification settings - Fork 0
Process Data Transfer Configuration v1.0.x.x
Reto Wettstein edited this page Jul 31, 2024
·
2 revisions
The data-transfer process can be configured using the following mandatory and optional environment variables depending on the organization's role. Add the necessary environment variables to the /opt/bpe/docker-compose.yml
file of your BPE.
Important:
To receive eMail notifications, configure the e-mail environment variables described as part of the DSF BPE deployment starting with DEV_DSF_BPE_MAIL_...
.
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.base.url
- Required: Yes
- Processes: medizininformatik-initiativede_dataSend
- Description: The base address of the DIC FHIR server to read/store FHIR resources
-
Example:
http://foo.bar/fhir
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.base.url
- Required: Yes
- Processes: medizininformatik-initiativede_dataReceive
- Description: The base address of the DMS FHIR server to read/store FHIR resources
-
Example:
http://foo.bar/fhir
The following keypair could be generated by using the commands:
openssl genrsa -out dms_keypair.pem 4096
openssl rsa -in dms_keypair.pem -pubout -out dms_public_key.pem
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in dms_keypair.pem -out dms_private_key.pem
- Property: de.medizininformatik.initiative.dms.private.key
- Required: Yes
- Processes: medizininformatik-initiativede_dataReceive
- Description: Location of the DMS private-key as 4096 Bit RSA PEM encoded, not encrypted file
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/dms_private_key.pem
- Property: de.medizininformatik.initiative.dms.public.key
- Required: Yes
- Processes: medizininformatik-initiativede_dataReceive
- Description: Location of the DMS public-key as 4096 Bit RSA PEM encoded file
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/dms_public_key.pem
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.dataLoggingEnabled
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: To enable debug logging of FHIR resources set to
true
-
Default:
false
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.trust.certificates
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: PEM encoded file with one or more trusted root certificate to validate the DIC FHIR server certificate when connecting via https
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/hospital_ca.pem
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.basicauth.username
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: Basic authentication username, set if the server containing the FHIR data requests authentication using basic auth
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_BASICAUTH_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_BASICAUTH_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.basicauth.password
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: Basic authentication password, set if the server containing the FHIR data requests authentication using basic auth
- Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_BASICAUTH_PASSWORD_FILE
-
Example:
/run/secrets/fhir_server_basicauth.password
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.bearer.token
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: Bearer token for authentication, set if the server containing the FHIR data requests authentication using a bearer token, cannot be set using docker secrets
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.trust.certificates
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, PEM encoded file with one or more trusted root certificate to validate the oidc provider server certificate when connecting via https - Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/hospital_ca.pem
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.issuer.url
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, the url of the oidc provider to request access tokens (token endpoint) -
Example:
http://foo.baz/realms/fhir-realm/protocol/openid-connect/token
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.client.id
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, identifier of the client (username) used for authentication when accessing the oidc provider token endpoint
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_OAUTH2_CLIENT_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_OAUTH2_CLIENT_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.client.password
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, secret of the client (password) used for authentication when accessing the oidc provider token endpoint - Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_OAUTH2_CLIENT_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.proxy.url
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, proxy location, set if the oidc provider can only be reached through a proxy, uses value from DEV_DSF_PROXY_URL if not set -
Example:
http://proxy.foo:8080
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.proxy.username
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, proxy username, set if the oidc provider can only be reached through a proxy which requests authentication, uses value from DEV_DSF_PROXY_USERNAME if not set
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_OAUTH2_PROXY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_OAUTH2_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.proxy.password
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, proxy password, set if the oidc provider can only be reached through a proxy which requests authentication, uses value from DEV_DSF_PROXY_PASSWORD if not set - Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_OAUTH2_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.timeout.connect
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, the timeout in milliseconds until a connection is established between the client and the oidc provider - Recommendation: Change default value only if timeout exceptions occur
-
Default:
20000
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.oauth2.timeout.socket
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Available from version
>1.0.2.0
, maximum period of inactivity in milliseconds between two consecutive data packets of the client and the oidc provider - Recommendation: Change default value only if timeout exceptions occur
-
Default:
60000
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.certificate
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: PEM encoded file with client-certificate, if DIC FHIR server requires mutual TLS authentication
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/fhir_server_client_certificate.pem
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.private.key
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: Private key corresponding to the DIC FHIR server client-certificate as PEM encoded file. Use DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE if private key is encrypted
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/fhir_server_private_key.pem
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.private.key.password
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: Password to decrypt the DIC FHIR server client-certificate encrypted private key
- Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE
-
Example:
/run/secrets/fhir_server_private_key.pem.password
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.proxy.url
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Proxy location, set if the server containing the FHIR data can only be reached through a proxy, from version
>1.0.2.0
: uses value from DEV_DSF_PROXY_URL if not set -
Example:
http://proxy.foo:8080
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.proxy.username
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Proxy username, set if the server containing the FHIR data can only be reached through a proxy which requests authentication, from version
>1.0.2.0
: uses value from DEV_DSF_PROXY_USERNAME if not set
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PROXY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.proxy.password
- Required: No
- Processes: medizininformatik-initiativede_dataSend
-
Description: Proxy password, set if the server containing the FHIR data can only be reached through a proxy which requests authentication, from version
>1.0.2.0
: uses value from DEV_DSF_PROXY_PASSWORD if not set - Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DIC_FHIR_SERVER_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.client.verbose
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: The client will log additional debug output
- Recommendation: Change default value only if exceptions occur
-
Default:
false
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.timeout.connect
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: The timeout in milliseconds until a connection is established between the client and the DIC FHIR server
- Recommendation: Change default value only if timeout exceptions occur
-
Default:
20000
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.timeout.connection.request
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: The timeout in milliseconds used when requesting a connection from the connection manager between the client and the DIC FHIR server
- Recommendation: Change default value only if timeout exceptions occur
-
Default:
20000
- Property: de.medizininformatik.initiative.data.transfer.dic.fhir.server.timeout.socket
- Required: No
- Processes: medizininformatik-initiativede_dataSend
- Description: Maximum period of inactivity in milliseconds between two consecutive data packets of the client and the DIC FHIR server
- Recommendation: Change default value only if timeout exceptions occur
-
Default:
60000
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.dataLoggingEnabled
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: To enable debug logging of FHIR resources set to
true
-
Default:
false
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.trust.certificates
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: PEM encoded file with one or more trusted root certificate to validate the DMS FHIR server certificate when connecting via https
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/hospital_ca.pem
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.basicauth.username
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: Basic authentication username, set if the server containing the FHIR data requests authentication using basic auth
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_BASICAUTH_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_BASICAUTH_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.basicauth.password
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: Basic authentication password, set if the server containing the FHIR data requests authentication using basic auth
- Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_BASICAUTH_PASSWORD_FILE
-
Example:
/run/secrets/fhir_server_basicauth.password
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.bearer.token
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: Bearer token for authentication, set if the server containing the FHIR data requests authentication using a bearer token, cannot be set using docker secrets
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.trust.certificates
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, PEM encoded file with one or more trusted root certificate to validate the oidc provider server certificate when connecting via https - Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/hospital_ca.pem
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.issuer.url
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, the url of the oidc provider to request access tokens (token endpoint) -
Example:
http://foo.baz/realms/fhir-realm/protocol/openid-connect/token
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.client.id
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, identifier of the client (username) used for authentication when accessing the oidc provider token endpoint
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_OAUTH2_CLIENT_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_OAUTH2_CLIENT_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.client.password
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, secret of the client (password) used for authentication when accessing the oidc provider token endpoint - Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_OAUTH2_CLIENT_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.proxy.url
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, proxy location, set if the oidc provider can only be reached through a proxy, uses value from DEV_DSF_PROXY_URL if not set -
Example:
http://proxy.foo:8080
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.proxy.username
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, proxy username, set if the oidc provider can only be reached through a proxy which requests authentication, uses value from DEV_DSF_PROXY_USERNAME if not set
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_OAUTH2_PROXY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_OAUTH2_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.proxy.password
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, proxy password, set if the oidc provider can only be reached through a proxy which requests authentication, uses value from DEV_DSF_PROXY_PASSWORD if not set - Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_OAUTH2_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.timeout.connect
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, the timeout in milliseconds until a connection is established between the client and the oidc provider - Recommendation: Change default value only if timeout exceptions occur
-
Default:
20000
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.oauth2.timeout.socket
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Available from version
>1.0.2.0
, maximum period of inactivity in milliseconds between two consecutive data packets of the client and the oidc provider - Recommendation: Change default value only if timeout exceptions occur
-
Default:
60000
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.certificate
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: PEM encoded file with client-certificate, if DMS FHIR server requires mutual TLS authentication
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/fhir_server_client_certificate.pem
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.private.key
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: Private key corresponding to the DMS FHIR server client-certificate as PEM encoded file. Use DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE if private key is encrypted
- Recommendation: Use docker secret file to configure
-
Example:
/run/secrets/fhir_server_private_key.pem
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.private.key.password
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: Password to decrypt the DMS FHIR server client-certificate encrypted private key
- Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE
-
Example:
/run/secrets/fhir_server_private_key.pem.password
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.proxy.url
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Proxy location, set if the server containing the FHIR data can only be reached through a proxy, from version
>1.0.2.0
: uses value from DEV_DSF_PROXY_URL if not set -
Example:
http://proxy.foo:8080
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.proxy.username
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Proxy username, set if the server containing the FHIR data can only be reached through a proxy which requests authentication, from version
>1.0.2.0
: uses value from DEV_DSF_PROXY_USERNAME if not set
DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PROXY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.proxy.password
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
-
Description: Proxy password, set if the server containing the FHIR data can only be reached through a proxy which requests authentication, from version
>1.0.2.0
: uses value from DEV_DSF_PROXY_PASSWORD if not set - Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_DATA_TRANSFER_DMS_FHIR_SERVER_PROXY_PASSWORD_FILE
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.client.verbose
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: The client will log additional debug output
- Recommendation: Change default value only if exceptions occur
-
Default:
false
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.timeout.connect
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: The timeout in milliseconds until a connection is established between the client and the DMS FHIR server
- Recommendation: Change default value only if timeout exceptions occur
-
Default:
20000
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.timeout.connection.request
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: The timeout in milliseconds used when requesting a connection from the connection manager between the client and the DMS FHIR server
- Recommendation: Change default value only if timeout exceptions occur
-
Default:
20000
- Property: de.medizininformatik.initiative.data.transfer.dms.fhir.server.timeout.socket
- Required: No
- Processes: medizininformatik-initiativede_dataReceive
- Description: Maximum period of inactivity in milliseconds between two consecutive data packets of the client and the DMS FHIR server
- Recommendation: Change default value only if timeout exceptions occur
-
Default:
60000