From 1e976224ed34189b7bac28bce23e191275dba03b Mon Sep 17 00:00:00 2001 From: jkv Date: Sun, 4 Aug 2024 16:07:15 +0200 Subject: [PATCH 1/4] Add doc statements --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 6fbfccd..33e9444 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,13 @@ This project is a complete starter project you can use to deploy a FHIR server u Note that this project is specifically intended for end users of the HAPI FHIR JPA server module (in other words, it helps you implement HAPI FHIR, it is not the source of the library itself). If you are looking for the main HAPI FHIR project, see here: https://github.com/hapifhir/hapi-fhir +While this project shows how you can use many parts of the HAPI FHIR framework there are a set of features which you should be aware of are missing or something you need to supply yourself or get professional support ahead of using it directly in production: + +1) The service comes with no security implementation. See how it can be done at https://hapifhir.io/hapi-fhir/docs/security/introduction.html +2) The service comes with no enterprise logging. See how it can be done at https://hapifhir.io/hapi-fhir/docs/security/balp_interceptor.html +3) The internal topic cache used by subscriptions in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem only](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-jpaserver-subscription/src/main/java/ca/uhn/fhir/jpa/topic/ActiveSubscriptionTopicCache.java). +4) The internal message bus used to communicate between instances in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem only](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/channel/api/IChannelFactory.java). + Need Help? Please see: https://github.com/hapifhir/hapi-fhir/wiki/Getting-Help ## Prerequisites From 1bd55c206a6a60e5afbc497d7c1b00646b6d2526 Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Mon, 5 Aug 2024 09:10:21 +0200 Subject: [PATCH 2/4] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 33e9444..cded1df 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,8 @@ While this project shows how you can use many parts of the HAPI FHIR framework t 1) The service comes with no security implementation. See how it can be done at https://hapifhir.io/hapi-fhir/docs/security/introduction.html 2) The service comes with no enterprise logging. See how it can be done at https://hapifhir.io/hapi-fhir/docs/security/balp_interceptor.html -3) The internal topic cache used by subscriptions in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem only](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-jpaserver-subscription/src/main/java/ca/uhn/fhir/jpa/topic/ActiveSubscriptionTopicCache.java). -4) The internal message bus used to communicate between instances in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem only](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/channel/api/IChannelFactory.java). +3) The internal topic cache used by subscriptions in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-jpaserver-subscription/src/main/java/ca/uhn/fhir/jpa/topic/ActiveSubscriptionTopicCache.java). +4) The internal message broker channel in HAPI FHIR is not shared across multiple instances as the [default supplied implementation is in-mem](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/channel/api/IChannelFactory.java). This impacts the use of modules listed [here](https://smilecdr.com/docs/installation/message_broker.html#modules-dependent-on-message-brokers). Need Help? Please see: https://github.com/hapifhir/hapi-fhir/wiki/Getting-Help From ad7bc51ce3a179b9cb61052e49fab2bb7b31091c Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Mon, 5 Aug 2024 09:11:35 +0200 Subject: [PATCH 3/4] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cded1df..ebca0d8 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,10 @@ Note that this project is specifically intended for end users of the HAPI FHIR J While this project shows how you can use many parts of the HAPI FHIR framework there are a set of features which you should be aware of are missing or something you need to supply yourself or get professional support ahead of using it directly in production: -1) The service comes with no security implementation. See how it can be done at https://hapifhir.io/hapi-fhir/docs/security/introduction.html -2) The service comes with no enterprise logging. See how it can be done at https://hapifhir.io/hapi-fhir/docs/security/balp_interceptor.html -3) The internal topic cache used by subscriptions in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-jpaserver-subscription/src/main/java/ca/uhn/fhir/jpa/topic/ActiveSubscriptionTopicCache.java). -4) The internal message broker channel in HAPI FHIR is not shared across multiple instances as the [default supplied implementation is in-mem](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/channel/api/IChannelFactory.java). This impacts the use of modules listed [here](https://smilecdr.com/docs/installation/message_broker.html#modules-dependent-on-message-brokers). +1) The service comes with no security implementation. See how it can be done [here](https://hapifhir.io/hapi-fhir/docs/security/introduction.html) +2) The service comes with no enterprise logging. See how it can be done [here](https://hapifhir.io/hapi-fhir/docs/security/balp_interceptor.html) +3) The internal topic cache used by subscriptions in HAPI FHIR are not shared across multiple instances as the [default supplied implementation is in-mem](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-jpaserver-subscription/src/main/java/ca/uhn/fhir/jpa/topic/ActiveSubscriptionTopicCache.java) +4) The internal message broker channel in HAPI FHIR is not shared across multiple instances as the [default supplied implementation is in-mem](https://github.com/hapifhir/hapi-fhir/blob/master/hapi-fhir-storage/src/main/java/ca/uhn/fhir/jpa/subscription/channel/api/IChannelFactory.java). This impacts the use of modules listed [here](https://smilecdr.com/docs/installation/message_broker.html#modules-dependent-on-message-brokers) Need Help? Please see: https://github.com/hapifhir/hapi-fhir/wiki/Getting-Help From 39be2cc750690f0e70edec07f506068418e900a0 Mon Sep 17 00:00:00 2001 From: dotasek Date: Mon, 12 Aug 2024 09:53:06 -0400 Subject: [PATCH 4/4] Escalate privileges earlier for lucene directory creation. (#720) And chown back to 1001 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e3a6dc8..e40e77b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,11 +20,12 @@ RUN mkdir /app && cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main. ########### it can be built using eg. `docker build --target tomcat .` FROM bitnami/tomcat:10.1 AS tomcat +USER root RUN rm -rf /opt/bitnami/tomcat/webapps/ROOT && \ mkdir -p /opt/bitnami/hapi/data/hapi/lucenefiles && \ + chown -R 1001:1001 /opt/bitnami/hapi/data/hapi/lucenefiles && \ chmod 775 /opt/bitnami/hapi/data/hapi/lucenefiles -USER root RUN mkdir -p /target && chown -R 1001:1001 target USER 1001