ohdsi-webapi.yml

version: '3.9'

services:

  ohdsi-webapi:
    container_name: ohdsi-webapi
    platform: ${DOCKER_ARCH}
    restart: unless-stopped
    ipc: none
    read_only: true
    tmpfs:
      - /tmp
    privileged: false
    volumes:
      - ./cacerts:/usr/local/openjdk-8/lib/security/cacerts:ro # add a cacerts file if using LDAPS
    environment:

      DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
      DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}
      DATASOURCE_USERNAME: ${WEBAPI_DATASOURCE_USERNAME}
      DATASOURCE_PASSWORD: ${WEBAPI_DATASOURCE_PASSWORD}
      DATASOURCE_OHDSI_SCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
      SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect
      SPRING_JPA_PROPERTIES_HIBERNATE_DEFAULT_SCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
      SPRING_BATCH_REPOSITORY_TABLEPREFIX: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}.BATCH_
      FLYWAY_DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
      FLYWAY_DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}
      FLYWAY_DATASOURCE_USERNAME: ${WEBAPI_DATASOURCE_USERNAME}
      FLYWAY_DATASOURCE_PASSWORD: ${WEBAPI_DATASOURCE_PASSWORD}
      FLYWAY_LOCATIONS: classpath:db/migration/postgresql
      FLYWAY_PLACEHOLDERS_OHDSISCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
      FLYWAY_SCHEMAS: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}
      FLYWAY_BASELINEONMIGRATE: "true"
      FLYWAY_TABLE: schema_history
      flyway_baselineVersionAsString: "2.2.5.20180212152023"  # this env var is case sensitive
      FLYWAY_BASELINEDESCRIPTION: Base Migration
      SECURITY_CORS_ENABLED: "true"
      SECURITY_ORIGIN: "${HTTP_TYPE}://${BROADSEA_HOST}"
      SOLR_ENDPOINT: "${SOLR_VOCAB_ENDPOINT}"

      # Security provider enabling/disabling
      
      SECURITY_PROVIDER: ${WEBAPI_SECURITY_PROVIDER}
      SECURITY_AUTH_KERBEROS_ENABLED: ${SECURITY_AUTH_KERBEROS_ENABLED}
      SECURITY_AUTH_OPENID_ENABLED: ${SECURITY_AUTH_OPENID_ENABLED}
      SECURITY_AUTH_FACEBOOK_ENABLED: ${SECURITY_AUTH_FACEBOOK_ENABLED}
      SECURITY_AUTH_GITHUB_ENABLED: ${SECURITY_AUTH_GITHUB_ENABLED}
      SECURITY_AUTH_GOOGLE_ENABLED: ${SECURITY_AUTH_GOOGLE_ENABLED}
      SECURITY_AUTH_JDBC_ENABLED: ${SECURITY_AUTH_JDBC_ENABLED}
      SECURITY_AUTH_LDAP_ENABLED: ${SECURITY_AUTH_LDAP_ENABLED}
      SECURITY_AUTH_AD_ENABLED: ${SECURITY_AUTH_AD_ENABLED}
      SECURITY_AUTH_CAS_ENABLED: ${SECURITY_AUTH_CAS_ENABLED}
      SECURITY_AUTH_GOOGLEIAP_ENABLED: ${SECURITY_AUTH_GOOGLEIAP_ENABLED}

      # Security env variables - Basic

      SECURITY_DB_DATASOURCE_SCHEMA: ${SECURITY_DB_DATASOURCE_SCHEMA}
      SECURITY_DB_DATASOURCE_URL: ${SECURITY_DB_DATASOURCE_URL}
      SECURITY_DB_DATASOURCE_DRIVERCLASSNAME: ${SECURITY_DB_DATASOURCE_DRIVERCLASSNAME}
      SECURITY_DB_DATASOURCE_USERNAME: ${SECURITY_DB_DATASOURCE_USERNAME}
      SECURITY_DB_DATASOURCE_PASSWORD: ${SECURITY_DB_DATASOURCE_PASSWORD}

      # Security env variables - LDAP

      SECURITY_LDAP_DN: ${SECURITY_LDAP_DN}
      SECURITY_LDAP_URL: ${SECURITY_LDAP_URL}
      SECURITY_LDAP_BASEDN: ${SECURITY_LDAP_BASEDN}
      SECURITY_LDAP_SYSTEM_USERNAME: ${SECURITY_LDAP_SYSTEM_USERNAME}
      SECURITY_LDAP_SYSTEM_PASSWORD: ${SECURITY_LDAP_SYSTEM_PASSWORD}
      SECURITY_LDAP_SEARCHSTRING: ${SECURITY_LDAP_SEARCHSTRING}
      SECURITY_LDAP_SEARCHBASE: ${SECURITY_LDAP_SEARCHBASE}

      # Security env variables - AD

      SECURITY_AD_URL: ${SECURITY_AD_URL}
      SECURITY_AD_SEARCHBASE: ${SECURITY_AD_SEARCHBASE}
      SECURITY_AD_SEARCHFILTER: ${SECURITY_AD_SEARCHFILTER}
      SECURITY_AD_PRINCIPALSUFFIX: ${SECURITY_AD_PRINCIPALSUFFIX}
      SECURITY_AD_SEARCHSTRING: ${SECURITY_AD_SEARCHSTRING}
      SECURITY_AD_USERMAPPING_DISPLAYNAMEATTR: ${SECURITY_AD_USERMAPPING_DISPLAYNAMEATTR}
      SECURITY_AD_USERMAPPING_USERNAMEATTR: ${SECURITY_AD_USERMAPPING_USERNAMEATTR}
      SECURITY_AD_SYSTEM_USERNAME: ${SECURITY_AD_SYSTEM_USERNAME}
      SECURITY_AD_SYSTEM_PASSWORD: ${SECURITY_AD_SYSTEM_PASSWORD}

      # Security env variables - Kerberos

      SECURITY_KERBEROS_SPN: ${SECURITY_KERBEROS_SPN}
      SECURITY_KERBEROS_KEYTABPATH: ${SECURITY_KERBEROS_KEYTABPATH}

      # Security env variables - OAuth

      SECURITY_OAUTH_CALLBACK_UI: ${SECURITY_OAUTH_CALLBACK_UI}
      SECURITY_OAUTH_CALLBACK_API: ${SECURITY_OAUTH_CALLBACK_API}
      SECURITY_OAUTH_CALLBACK_URLRESOLVER: ${SECURITY_OAUTH_CALLBACK_URLRESOLVER}
      SECURITY_OAUTH_GOOGLE_APIKEY: ${SECURITY_OAUTH_GOOGLE_APIKEY}
      SECURITY_OAUTH_GOOGLE_APISECRET: ${SECURITY_OAUTH_GOOGLE_APISECRET}
      SECURITY_OAUTH_FACEBOOK_APIKEY: ${SECURITY_OAUTH_FACEBOOK_APIKEY}
      SECURITY_OAUTH_FACEBOOK_APISECRET: ${SECURITY_OAUTH_FACEBOOK_APISECRET}
      SECURITY_OAUTH_GITHUB_APIKEY: ${SECURITY_OAUTH_GITHUB_APIKEY}
      SECURITY_OAUTH_GITHUB_APISECRET: ${SECURITY_OAUTH_GITHUB_APISECRET}

      # Security env variables - OpenID

      SECURITY_OID_CLIENTID: ${SECURITY_OID_CLIENTID}
      SECURITY_OID_APISECRET: ${SECURITY_OID_APISECRET}
      SECURITY_OID_URL: ${SECURITY_OID_URL}
      SECURITY_OID_LOGOUTURL: ${SECURITY_OID_LOGOUTURL}
      SECURITY_OID_EXTRASCOPES: ${SECURITY_OID_EXTRASCOPES}
      SECURITY_OID_REDIRECTURL: ${SECURITY_OID_REDIRECTURL}

      # Security env variables - IAP

      SECURITY_GOOGLEIAP_CLOUDPROJECTID: ${SECURITY_GOOGLEIAP_CLOUDPROJECTID}
      SECURITY_GOOGLEIAP_BACKENDSERVICEID: ${SECURITY_GOOGLEIAP_BACKENDSERVICEID}
      SECURITY_GOOGLE_ACCESSTOKEN_ENABLED: ${SECURITY_GOOGLE_ACCESSTOKEN_ENABLED}
      
      # Security env variables - CAS
      
      SECURITY_CAS_LOGINURL: ${HTTP_TYPE}://${WEBAPI_SECURITY_CAS_SERVER}/idp/profile/cas/login
      SECURITY_CAS_CALLBACKURL: ${HTTP_TYPE}://${BROADSEA_HOST}/WebAPI/user/cas/callback?client_name=CasClient
      SECURITY_CAS_SERVERURL: ${HTTP_TYPE}://${WEBAPI_SECURITY_CAS_SERVER}/idp/profile/cas
      SECURITY_CAS_CASTICKET: ticket

      # Security env variables - SAML

      SECURITY_SAML_ENTITYID: ${SECURITY_SAML_ENTITYID}
      SECURITY_SAML_IDPMETADATALOCATION: ${SECURITY_SAML_IDPMETADATALOCATION}
      SECURITY_SAML_KEYMANAGER_KEYSTOREFILE: ${SECURITY_SAML_KEYMANAGER_KEYSTOREFILE}
      SECURITY_SAML_KEYMANAGER_STOREPASSWORD: ${SECURITY_SAML_KEYMANAGER_STOREPASSWORD}
      SECURITY_SAML_KEYMANAGER_DEFAULTKEY: ${SECURITY_SAML_KEYMANAGER_DEFAULTKEY}
      SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK: ${SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK}
      SECURITY_SAML_METADATALOCATION: ${SECURITY_SAML_METADATALOCATION}
      SECURITY_SAML_CALLBACKURL: ${SECURITY_SAML_CALLBACKURL}
      SECURITY_SAML_SLOURL: ${SECURITY_SAML_SLOURL}
      SECURITY_SAML_MAXIMUMAUTHENTICATIONLIFETIME: ${SECURITY_SAML_MAXIMUMAUTHENTICATIONLIFETIME}

    labels:
      - "traefik.enable=true"