Skip to content

Server administration

GOFR Installation

1. Install redis

sudo apt install redis

2. Install tomcat

sudo apt install tomcat9

3. Install postgres (version 9.3 or above)

4. Install HAPI FHIR

a) Create Database

sudo -u postgres psql
create database hapi;
create user hapi with encrypted password 'PASS';
grant all privileges on database hapi to hapi;
\q

b) Install maven to compile hapi

sudo apt install maven
git clone <https://github.com/hapifhir/hapi-fhir-jpaserver-starter.git>
cd hapi-fhir-jpaserver-starter

Edit pom.xml and change the following line from hapi-fhir-jpaserver:

<finalName>hapi</finalName>

Edit src/main/resources/application.yaml and change the following

spring.datasource.url=’jdbc:postgresql://localhost:5432/hapi’
spring.datasource.username=’hapi’
spring.datasource.password=’PASS’
spring.datasource.driverClassName=’org.postgresql.Driver’

Uncomment below lines

# hibernate.search.enabled: true

# hibernate.search.backend.type: lucene

# hibernate.search.backend.analysis.configurer: ca.uhn.fhir.jpa.search.HapiLuceneAnalysisConfigurer

# hibernate.search.backend.directory.type: local-filesystem

# hibernate.search.backend.directory.root: target/lucenefiles

# hibernate.search.backend.lucene_version: lucene_current

auto_create_placeholder_reference_targets=true hapi.fhir.enable_index_missing_fields=true hapi.fhir.client_id_strategy=ANY

Uncomment below lines

# partitioning

# allow_references_across_partitions: false

# partitioning_include_in_search_hashes: false

Create war file

 mvn clean install -DskipTests
 sudo mkdir /var/lib/tomcat9/target
 sudo chown tomcat:tomcat /var/lib/tomcat9/target
 sudo cp target/hapi.war /var/lib/tomcat9/webapps

c) Load Basic Definitions

Download and install hapi-fhir-cli: here

Load definitions with below commands ./hapi-fhir-cli upload-definitions -v r4 -t here

5. Keycloak Installation

!!! Important "Install keycloak only if you want to use it as an identity provider."

Follow instructions here

6. Keycloak Configuration

Modify keycloak base URL to keycloak/auth by changing web-context in standalone/configuration/standalone.xml to keycloak/auth.

This will make keycloak accessible via http://localhost:8080/keycloak/auth

Copy GOFR keycloak theme to keycloak

 cp -r gofr/resources/keycloak/themes/gofr keycloak/themes/

Load GOFR keycloak realm

Before loading the realm, make sure that Keycloak is running, if not running, please use below command to start it

 bin/standalone.sh

To load the realm, first login to keycloak by running below command

 ./kcadm.sh config credentials --server <http://localhost:8080/keycloak/auth> --realm master --user admin --password admin

where username and password refers to an admin account that has access to the master realm

Now load the GOFR keycloak realm with below command

 ./kcadm.sh create realms -f gofr/resources/keycloak/realm.json_

7. Clone GOFR github repository

git clone <https://github.com/intrahealth/gofr.git>

8. Install dependencies

cd gofr/gofr-backend
npm install

9 Running GOFR in production mode

cd gofr/gofr-backend/lib
node app.js

10. Accessing GOFR

<http://localhost:4000>

Install redis.

sudo apt install redis

Install tomcat.

sudo apt install tomcat9

Install postgres (version 9.3 or above)

Install HAPI FHIR

Create database

sudo -u postgres psql
create database hapi;
create user hapi with encrypted password 'PASS';
grant all privileges on database hapi to hapi;
\q

Install maven to compile hapi

sudo apt install maven
git clone https://github.com/hapifhir/hapi-fhir-jpaserver-starter.git
cd hapi-fhir-jpaserver-starter

Edit pom.xml and change the following line from hapi-fhir-jpaserver:

<finalName>hapi</finalName>

Edit src/main/resources/application.yaml and change the following

spring.datasource.url=’jdbc:postgresql://localhost:5432/hapi’
spring.datasource.username=’hapi’
spring.datasource.password=’PASS’
spring.datasource.driverClassName=’org.postgresql.Driver’
# Uncomment below lines
# hibernate.search.enabled: true
# hibernate.search.backend.type: lucene
# hibernate.search.backend.analysis.configurer: ca.uhn.fhir.jpa.search.HapiLuceneAnalysisConfigurer
# hibernate.search.backend.directory.type: local-filesystem
# hibernate.search.backend.directory.root: target/lucenefiles
# hibernate.search.backend.lucene_version: lucene_current

auto_create_placeholder_reference_targets=true
hapi.fhir.enable_index_missing_fields=true
hapi.fhir.client_id_strategy=ANY
# Uncomment below lines
# partitioning:
    # allow_references_across_partitions: false
    # partitioning_include_in_search_hashes: false

Create war file

mvn clean install -DskipTests
sudo mkdir /var/lib/tomcat9/target
sudo chown tomcat:tomcat /var/lib/tomcat9/target
sudo cp target/hapi.war /var/lib/tomcat9/webapps

Load Basic Definitions * Download and install hapi-fhir-cli: here https://hapifhir.io/hapi-fhir/docs/tools/hapi_fhir_cli.html * Load definitions with below commands ./hapi-fhir-cli upload-definitions -v r4 -t http://localhost:8080/hapi/fhir/

Introduction to Key Cloak

Keycloak is a single sign on solution for web apps such as the Global Open Facilities Registry system (GOFR) and other RESTful web services.

The goal of Keycloak is to make security simple so that it is easy for application developers to secure the apps and services they have deployed in their organization.

Security features that developers normally have to write for themselves are provided out of the box and are easily tailorable to the individual requirements of your organization.

Keycloak provides customizable user interfaces for login, registration, administration, and account management.

You can also use Keycloak as an integration platform to hook it into existing LDAP and Active Directory servers.

You can also delegate authentication to third party identity providers like Facebook and Google.

For more information about Keycloak see Developer guide

Setting up Keycloak for GOFR

The initial server configuration includes an administrator account assigned the administrator role in keycloak by default.

This account and password should be immediately changed after installation.

Install keycloak only if you want to use it as an identity provider. Follow instructions here https://www.keycloak.org/docs/latest/getting_started/index.html#installing-the-server to install keycloak.

Modify keycloak base URL to keycloak/auth by changing web-context in standalone/configuration/standalone.xml to keycloak/auth.

This will make keycloak accessible via http://localhost:8080/keycloak/auth

Copy GOFR keycloak theme to keycloak

 cp -r gofr/resources/keycloak/themes/gofr keycloak/themes/

Load GOFR keycloak realm

Before loading the realm, make sure that Keycloak is running, if not running, please use below command to start it

 bin/standalone.sh

To load the realm, first login to keycloak by running below command where username and password refers to an admin account that has access to the master realm

To load the realm, first login to keycloak by running below command

 ./kcadm.sh config credentials --server <http://localhost:8080/keycloak/auth> --realm master --user admin --password admin

where username and password refers to an admin account that has access to the master realm

Now load the GOFR keycloak realm with below command

 ./kcadm.sh create realms -f gofr/resources/keycloak/realm.json_

Clone GOFR github repository

git clone https://github.com/intrahealth/gofr.git

Install dependencies

cd gofr/gofr-backend
npm install

Running GOFR in production mode

cd gofr/gofr-backend/lib
node app.js

Access GOFR at: http://localhost:4000

Running GOFR in Development Mode

Install UI dependencies

cd gofr/gofr-gui
npm install

Start the UI

cd gofr/gofr-gui
npm run serve

Start the backend

cd gofr/gofr-backend/lib
node app.js

Configuration Parameters

a) app.installed

Used to control when to load default data needed for GOFR to run, GOFR will set it to true when all data are loaded successfully.

b) app.idp

Controls which identity provider to use, gofr and keycloak are the only two supported values for this configuration. When gofr is the Value then GOFR will be used as an identity provider and wnen keycloak is the set value then GOFR will use Keycloak as an identity provider.

c) Server.port

This is the port number for which GOFR is listening to requests.

d) mCSD.server

This configuration stores credentials of a FHIR server, I.e protocol, host, port etc for which the FHIR server is accessible

e) defaults.fields

Set various fields types, this must be a path to a specific field


Last update: September 28, 2022