diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..8893889f6 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,62 @@ +# Include any files or directories that you don't want to be copied to your +# container here (e.g., local build artifacts, temporary files, etc.). +# +# For more help, visit the .dockerignore file reference guide at +# https://docs.docker.com/go/build-context-dockerignore/ + +**/.DS_Store +**/.classpath +**/.dockerignore +**/.env +**/.factorypath +**/.git +**/.gitignore +**/.idea +**/.project +**/.sts4-cache +**/.settings +**/.toolstarget +**/.vs +**/.vscode +**/.next +**/.cache +**/*.dbmdl +**/*.jfm +**/charts +**/docker-compose* +**/compose.y*ml +**/Dockerfile* +**/secrets.dev.yaml +**/values.dev.yaml +**/vendor +LICENSE +README.md +**/*.class +**/*.iml +**/*.ipr +**/*.iws +**/*.log +**/.apt_generated +**/.gradle +**/.gradletasknamecache +**/.nb-gradle +**/.springBeans +**/build +**/dist +**/gradle-app.setting +**/nbbuild +**/nbdist +**/nbproject/private +**/target +*.ctxt +.mtj.tmp +.mvn/timing.properties +buildNumber.properties +dependency-reduced-pom.xml +hs_err_pid* +pom.xml.next +pom.xml.releaseBackup +pom.xml.tag +pom.xml.versionsBackup +release.properties +replay_pid* \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..dfdb8b771 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.sh text eol=lf diff --git a/DEVELOPERS.md b/DEVELOPERS.md new file mode 100644 index 000000000..589987697 --- /dev/null +++ b/DEVELOPERS.md @@ -0,0 +1,33 @@ +# For developers and contributors + +## "Easy Path" with docker + +```bash +# Build using docker +docker build -t oie-dev . +# Start an ephemeral image +# NOTE: All data will be deleted on stop due to --rm. Use a volume for "real" use. +docker run --rm -p 8443:8443 oie-dev +``` + +Then use [Ballista](https://github.com/kayyagari/ballista) to connect to +https://localhost:8443/ and login using admin admin. + +## Build Environment + +To build the solution, you must have a Java 1.8 JDK+FX and Apache Ant. This +can be installed by [sdkman](https://sdkman.io/) by executing `sdkman env install`. + +## Build Process + +From the `server/` directory, run `ant -f mirth-build.xml -DdisableSigning=true`. + +If you are using Mirth Connect Administrator Launcher, you may need to omit +`-DdisableSigning=true` to support JWS signatures. Launchers like +[Ballista](https://github.com/kayyagari/ballista) do not require signing, and +signing adds considerable time to the build process. + +## Run + +After build, run the server by invoking `server/mirth-server-launcher.jar`. An +example of how to do this is listed in `docker/mirth-connect.sh`. diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..ca346fcd6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,57 @@ +# syntax=docker/dockerfile:1.7-labs + +# Stages: +# 1. Builder Stage: Compiles the application and resolves dependencies. Produces +# JAR files that can be deployed. +# 1a. Install dependencies +# 1b. Build the application +# 2. Runner Stage: Creates a lightweight image that runs the application using the JRE. + +FROM ubuntu:noble-20250415.1 AS builder +WORKDIR /app +# sdkman requires bash +SHELL ["/bin/bash", "-c"] + +# Stage 1a: Install dependencies +# Install necessary tools +COPY .sdkmanrc . +RUN apt-get update\ + && apt-get install -y zip curl\ + && curl -s "https://get.sdkman.io?ci=true" | bash \ + && source "$HOME/.sdkman/bin/sdkman-init.sh" && sdk env install \ + && rm -rf /var/lib/apt/lists/* + +# Stage 1b: Build the application +# Copy the entire source tree (excluding .dockerignore files), and build +COPY --exclude=docker . . +WORKDIR /app/server +RUN source "$HOME/.sdkman/bin/sdkman-init.sh" \ + && ANT_OPTS="-Dfile.encoding=UTF8" ant -f mirth-build.xml -DdisableSigning=true + +# Stage 2: Runtime container +FROM eclipse-temurin:21.0.7_6-jre-noble + +RUN groupadd mirth \ + && usermod -l mirth ubuntu \ + && adduser mirth mirth \ + && mkdir -p /opt/connect/appdata \ + && chown -R mirth:mirth /opt/connect + +WORKDIR /opt/connect +COPY --chmod=0755 docker/entrypoint.sh docker/mirth-connect.sh ./ +COPY --chown=mirth:mirth --from=builder \ + --exclude=cli-lib \ + --exclude=mirth-cli-launcher.jar \ + --exclude=mccommand \ + --exclude=manager-lib \ + --exclude=mirth-manager-launcher.jar \ + --exclude=mcmanager \ + /app/server/setup ./ + +VOLUME /opt/connect/appdata +VOLUME /opt/connect/custom-extensions +EXPOSE 8443 + +USER mirth +ENTRYPOINT [ "/opt/connect/entrypoint.sh" ] +CMD ["/opt/connect/mirth-connect.sh"] diff --git a/README.md b/README.md index d5272e8c8..ce5e6f82c 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ --- ## Table of Contents +- [Quick-start](#quick-start) - [Mission Statement](#mission-statement) - [Overview](#overview) - [Why Open Integration Engine?](#why-open-integration-engine) @@ -19,6 +20,12 @@ - [Licensing](#licensing) - [Acknowledgments](#acknowledgments) +--- +## Quick-start + +Start an instance of OIE with `docker run -p 8443:8443 ghcr.io/mgaffigan/oie` and +connect using [Ballista](https://github.com/kayyagari/ballista) to https://localhost:8443/ using login admin/admin. + --- ## Mission Statement diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000..f3b4ff435 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,416 @@ + +# Table of Contents + +* [Supported tags and respective Dockerfile links](#supported-tags) +* [Supported Architectures](#supported-architectures) +* [Quick Reference](#quick-reference) +* [What is Mirth Connect](#what-is-connect) +* [How to use this image](#how-to-use) + * [Start a Connect instance](#start-connect) + * [Using `docker stack deploy` or `docker-compose`](#using-docker-compose) + * [Environment Variables](#environment-variables) + * [Common mirth.properties options](#common-mirth-properties-options) + * [Other mirth.properties options](#other-mirth-properties-options) + * [Using Docker Secrets](#using-docker-secrets) + * [Using Volumes](#using-volumes) + * [The appdata folder](#the-appdata-folder) + * [Additional extensions](#additional-extensions) +* [License](#license) + +------------ + + +# Supported tags and respective Dockerfile links [↑](#top) + +##### Eclipse Temurin OpenJDK 21 + +* [latest](https://github.com/ghcr.io/mgaffigan/oie-docker/blob/master/Dockerfile) + +------------ + + +# Supported Architectures [↑](#top) + +Docker images for Mirth Connect 4.4.0 and later versions support both `linux/amd64` and `linux/arm64` architectures. Earlier versions only support `linux/amd64`. As an example, to pull the latest `linux/arm64` image, use the command +``` +docker pull --platform linux/arm64 ghcr.io/mgaffigan/oie:latest +``` + +------------ + + +# Quick Reference [↑](#top) + +#### Where to get help: + +Engage with the community and project through [the options listed on the main Github page](https://github.com/NicoPiel/OIE/tree/feature/gradle-2?tab=readme-ov-file#community-and-governance). + +------------ + + +# What is Mirth Connect [↑](#top) + +An open-source message integration engine focused on healthcare. For more information please visit our [GitHub page](https://github.com/ghcr.io/mgaffigan/oie). + + + +------------ + + +# How to use this image [↑](#top) + + +## Start a Connect instance [↑](#top) + +Quickly start Connect using embedded Derby database and all configuration defaults. At a minimum you will likely want to use the `-p` option to expose the 8443 port so that you can login with the Administrator GUI or CLI: + +```bash +docker run -p 8443:8443 ghcr.io/mgaffigan/oie +``` + +You can also use the `--name` option to give your container a unique name, and the `-d` option to detach the container and run it in the background: + +```bash +docker run --name myconnect -d -p 8443:8443 ghcr.io/mgaffigan/oie +``` + +To run a specific version of Connect, specify a tag at the end: + +```bash +docker run --name myconnect -d -p 8443:8443 ghcr.io/mgaffigan/oie:3.9 +``` + +To run using a specific architecture, specify it using the `--platform` argument: + +```bash +docker run --name myconnect -d -p 8443:8443 --platform linux/arm64 ghcr.io/mgaffigan/oie:4.4.0 +``` + +Look at the [Environment Variables](#environment-variables) section for more available configuration options. + +------------ + + +## Using [`docker stack deploy`](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [`docker-compose`](https://github.com/docker/compose) [↑](#top) + +With `docker stack` or `docker-compose` you can easily setup and launch multiple related containers. For example you might want to launch both Connect *and* a PostgreSQL database to run alongside it. + +```bash +docker-compose -f stack.yml up +``` + +Here's an example `stack.yml` file you can use: + +```yaml +version: "3.1" +services: + mc: + image: ghcr.io/mgaffigan/oie + platform: linux/amd64 + environment: + - DATABASE=postgres + - DATABASE_URL=jdbc:postgresql://db:5432/mirthdb + - DATABASE_MAX_CONNECTIONS=20 + - DATABASE_USERNAME=mirthdb + - DATABASE_PASSWORD=mirthdb + - DATABASE_MAX_RETRY=2 + - DATABASE_RETRY_WAIT=10000 + - KEYSTORE_STOREPASS=docker_storepass + - KEYSTORE_KEYPASS=docker_keypass + - VMOPTIONS=-Xmx512m + ports: + - 8080:8080/tcp + - 8443:8443/tcp + depends_on: + - db + db: + image: postgres + environment: + - POSTGRES_USER=mirthdb + - POSTGRES_PASSWORD=mirthdb + - POSTGRES_DB=mirthdb + expose: + - 5432 +``` + +[![Try in PWD](https://raw.githubusercontent.com/play-with-docker/stacks/master/assets/images/button.png)](http://play-with-docker.com/?stack=https://raw.githubusercontent.com/ghcr.io/mgaffigan/oie-docker/master/examples/play-with-docker-example.yml) + +Try it out with Play With Docker! Note that in order to access the 8080/8443 ports from your workstation, follow [their guide](https://github.com/play-with-docker/play-with-docker#how-can-i-connect-to-a-published-port-from-the-outside-world) to format the URL correctly. When you login via the Administrator GUI, use port 443 on the end instead of 8443. + +There are other example stack files in the [examples directory](https://github.com/ghcr.io/mgaffigan/oie-docker/tree/master/examples)! + +------------ + + +## Environment Variables [↑](#top) + +You can use environment variables to configure the [mirth.properties](https://github.com/ghcr.io/mgaffigan/oie/blob/development/server/conf/mirth.properties) file or to add custom JVM options. More information on the available mirth.properties options can be found in the [Connect User Guide](http://downloads.mirthcorp.com/connect-user-guide/latest/mirth-connect-user-guide.pdf). + +To set environment variables, use the `-e` option for each variable on the command line: + +```bash +docker run -e DATABASE='derby' -p 8443:8443 ghcr.io/mgaffigan/oie +``` + +You can also use a separate file containing all of your environment variables using the `--env-file` option. For example let's say you create a file **myenvfile.txt**: + +```bash +DATABASE=postgres +DATABASE_URL=jdbc:postgresql://serverip:5432/mirthdb +DATABASE_USERNAME=postgres +DATABASE_PASSWORD=postgres +DATABASE_MAX_RETRY=2 +DATABASE_RETRY_WAIT=10000 +KEYSTORE_STOREPASS=changeme +KEYSTORE_KEYPASS=changeme +VMOPTIONS=-Xmx512m +``` + +```bash +docker run --env-file=myenvfile.txt -p 8443:8443 ghcr.io/mgaffigan/oie +``` + +------------ + + +### Common mirth.properties options [↑](#top) + + +#### `DATABASE` + +The database type to use for the NextGen Connect Integration Engine backend database. Options: + +* derby +* mysql +* postgres +* oracle +* sqlserver + + +#### `DATABASE_URL` + +The JDBC URL to use when connecting to the database. For example: +* `jdbc:postgresql://serverip:5432/mirthdb` + + +#### `DATABASE_USERNAME` + +The username to use when connecting to the database. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `DATABASE_PASSWORD` + +The password to use when connecting to the database. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `DATABASE_MAX_CONNECTIONS` + +The maximum number of connections to use for the internal messaging engine connection pool. + + +#### `DATABASE_MAX_RETRY` + +On startup, if a database connection cannot be made for any reason, Connect will wait and attempt again this number of times. By default, will retry 2 times (so 3 total attempts). + + +#### `DATABASE_RETRY_WAIT` + +The amount of time (in milliseconds) to wait between database connection attempts. By default, will wait 10 seconds between attempts. + + +#### `KEYSTORE_STOREPASS` + +The password for the keystore file itself. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `KEYSTORE_KEYPASS` + +The password for the keys within the keystore, including the server certificate and the secret encryption key. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `KEYSTORE_TYPE` + +The type of keystore. + + +#### `SESSION_STORE` + +If set to true, the web server sessions are stored in the database. This can be useful in situations where you have multiple Connect servers (connecting to the same database) clustered behind a load balancer. + + +#### `VMOPTIONS` + +A comma-separated list of JVM command-line options to place in the `.vmoptions` file. For example to set the max heap size: + +* -Xmx512m + + +#### `DELAY` + +This tells the entrypoint script to wait for a certain amount of time (in seconds). The entrypoint script will automatically use a command-line SQL client to check connectivity and wait until the database is up before starting Connect, but only when using PostgreSQL or MySQL. If you are using Oracle or SQL Server and the database is being started up at the same time as Connect, you may want to use this option to tell Connect to wait a bit to allow the database time to startup. + + +#### `KEYSTORE_DOWNLOAD` + +A URL location of a Connect keystore file. This file will be downloaded into the container and Connect will use it as its keystore. + + +#### `EXTENSIONS_DOWNLOAD` + +A URL location of a zip file containing Connect extension zip files. The extensions will be installed on the Connect server. + + +#### `CUSTOM_JARS_DOWNLOAD` + +A URL location of a zip file containing JAR files. The JAR files will be installed into the `server-launcher-lib` folder on the Connect server, so they will be added to the server's classpath. + + +#### `ALLOW_INSECURE` + +Allow insecure SSL connections when downloading files during startup. This applies to keystore downloads, plugin downloads, and server library downloads. By default, insecure connections are disabled but you can enable this option by setting `ALLOW_INSECURE=true`. + + +#### `SERVER_ID` + +Set the `server.id` to a specific value. Use this to preserve or set the server ID across restarts and deployments. Using the env-var is preferred over storing `appdata` persistently + +------------ + + +### Other mirth.properties options [↑](#top) + +Other options in the mirth.properties file can also be changed. Any environment variable starting with the `_MP_` prefix will set the corresponding value in mirth.properties. Replace `.` with a single underscore `_` and `-` with two underscores `__`. + +Examples: + +* Set the server TLS protocols to only allow TLSv1.2 and 1.3: + * In the mirth.properties file: + * `https.server.protocols = TLSv1.3,TLSv1.2` + * As a Docker environment variable: + * `_MP_HTTPS_SERVER_PROTOCOLS='TLSv1.3,TLSv1.2'` + +* Set the max connections for the read-only database connection pool: + * In the mirth.properties file: + * `database-readonly.max-connections = 20` + * As a Docker environment variable: + * `_MP_DATABASE__READONLY_MAX__CONNECTIONS='20'` + +------------ + + +## Using Docker Secrets [↑](#top) + +For sensitive information such as the database/keystore credentials, instead of supplying them as environment variables you can use a [Docker Secret](https://docs.docker.com/engine/swarm/secrets/). There are two secret names this image supports: + +##### mirth_properties + +If present, any properties in this secret will be merged into the mirth.properties file. + +##### mcserver_vmoptions + +If present, any JVM options in this secret will be appended onto the mcserver.vmoptions file. + +------------ + +Secrets are supported with [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/), but you can also use them with [`docker-compose`](#using-docker-compose). + +For example let's say you wanted to set `keystore.storepass` and `keystore.keypass` in a secure way. You could create a new file, **secret.properties**: + +```bash +keystore.storepass=changeme +keystore.keypass=changeme +``` + +Then in your YAML docker-compose stack file: + +```yaml +version: '3.1' +services: + mc: + image: ghcr.io/mgaffigan/oie + environment: + - VMOPTIONS=-Xmx512m + secrets: + - mirth_properties + ports: + - 8080:8080/tcp + - 8443:8443/tcp +secrets: + mirth_properties: + file: /local/path/to/secret.properties +``` + +The **secrets** section at the bottom specifies the local file location for each secret. Change `/local/path/to/secret.properties` to the correct local path and filename. + +Inside the configuration for the Connect container there is also a **secrets** section that lists the secrets you want to include for that container. + +------------ + + +## Using Volumes [↑](#top) + + +#### The appdata folder [↑](#top) + +The application data directory (appdata) stores configuration files and temporary data created by Connect after starting up. This usually includes the keystore file and the `server.id` file that stores your server ID. If you are launching Connect as part of a stack/swarm, it's possible the container filesystem is already being preserved. But if not, you may want to consider mounting a **volume** to preserve the appdata folder. + +```bash +docker run -v /local/path/to/appdata:/opt/connect/appdata -p 8443:8443 ghcr.io/mgaffigan/oie +``` + +The `-v` option makes a local directory from your filesystem available to the Docker container. Create a folder on your local filesystem, then change the `/local/path/to/appdata` part in the example above to the correct local path. + +You can also configure volumes as part of your docker-compose YAML stack file: + +```yaml +version: '3.1' +services: + mc: + image: ghcr.io/mgaffigan/oie + volumes: + - ~/Documents/appdata:/opt/connect/appdata +``` + +------------ + + +#### Additional extensions [↑](#top) + +The entrypoint script will automatically look for any ZIP files in the `/opt/connect/custom-extensions` folder and unzip them into the extensions folder before Connect starts up. So to launch Connect with any additional extensions not included in the base application, do this: + +```bash +docker run -v /local/path/to/custom-extensions:/opt/connect/custom-extensions -p 8443:8443 ghcr.io/mgaffigan/oie +``` + +Create a folder on your local filesystem containing the ZIP files for your additional extensions. Then change the `/local/path/to/custom-extensions` part in the example above to the correct local path. + +As with the appdata example, you can also configure this volume as part of your docker-compose YAML file. + +------------ + +## Known Limitations + +Currently, only the Debian flavored images support the newest authentication scheme in MySQL 8. All others (the Alpine based images) will need the following to force the MySQL database container to start using the old authentication scheme: + +```yaml +command: --default-authentication-plugin=mysql_native_password +``` + +Example: + +```yaml + db: + image: mysql + command: --default-authentication-plugin=mysql_native_password + environment: + ... +``` + +------------ + + +# License [↑](#top) + +The Dockerfiles, entrypoint script, and any other files used to build these Docker images are Copyright © NextGen Healthcare and licensed under the [Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/). + +You can find a copy of the NextGen Connect license in [server/docs/LICENSE.txt](https://github.com/ghcr.io/mgaffigan/oie/blob/development/server/docs/LICENSE.txt). All licensing information regarding third-party libraries is located in the [server/docs/thirdparty](https://github.com/ghcr.io/mgaffigan/oie/tree/development/server/docs/thirdparty) folder. diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 000000000..3248d86ae --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,250 @@ +#!/bin/bash +set -e + +custom_extension_count=`ls -1 /opt/connect/custom-extensions/*.zip 2>/dev/null | wc -l` +if [ $custom_extension_count != 0 ]; then + echo "Found ${custom_extension_count} custom extensions." + for extension in $(ls -1 /opt/connect/custom-extensions/*.zip); do + unzip -o -q $extension -d /opt/connect/extensions + done +fi + +# set storepass and keypass to 'changeme' so they aren't overwritten later +KEYSTORE_PASS=changeme +sed -i "s/^keystore\.storepass\s*=\s*.*\$/keystore.storepass = ${KEYSTORE_PASS//\//\\/}/" /opt/connect/conf/mirth.properties +sed -i "s/^keystore\.keypass\s*=\s*.*\$/keystore.keypass = ${KEYSTORE_PASS//\//\\/}/" /opt/connect/conf/mirth.properties + +# merge the environment variables into /opt/connect/conf/mirth.properties +# db type +if ! [ -z "${DATABASE+x}" ]; then + sed -i "s/^database\s*=\s*.*\$/database = ${DATABASE//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# db username +if ! [ -z "${DATABASE_USERNAME+x}" ]; then + sed -i "s/^database\.username\s*=\s*.*\$/database.username = ${DATABASE_USERNAME//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# db password +if ! [ -z "${DATABASE_PASSWORD+x}" ]; then + sed -i "s/^database\.password\s*=\s*.*\$/database.password = ${DATABASE_PASSWORD//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# db url +if ! [ -z "${DATABASE_URL+x}" ]; then + sed -i "s/^database\.url\s*=\s*.*\$/database.url = ${DATABASE_URL//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# database max connections +if ! [ -z "${DATABASE_MAX_CONNECTIONS+x}" ]; then + sed -i "s/^database\.max-connections\s*=\s*.*\$/database.max-connections = ${DATABASE_MAX_CONNECTIONS//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# database max retries +if ! [ -z "${DATABASE_MAX_RETRY+x}" ]; then + sed -i "s/^database\.connection\.maxretry\s*=\s*.*\$/database.connection.maxretry = ${DATABASE_MAX_RETRY//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# database retry wait time +if ! [ -z "${DATABASE_RETRY_WAIT+x}" ]; then + sed -i "s/^database\.connection\.retrywaitinmilliseconds\s*=\s*.*\$/database.connection.retrywaitinmilliseconds = ${DATABASE_RETRY_WAIT//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# keystore storepass +if ! [ -z "${KEYSTORE_STOREPASS+x}" ]; then + sed -i "s/^keystore\.storepass\s*=\s*.*\$/keystore.storepass = ${KEYSTORE_STOREPASS//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# keystore keypass +if ! [ -z "${KEYSTORE_KEYPASS+x}" ]; then + sed -i "s/^keystore\.keypass\s*=\s*.*\$/keystore.keypass = ${KEYSTORE_KEYPASS//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +if ! [ -z "${KEYSTORE_TYPE+x}" ]; then + sed -i "s/^keystore\.type\s*=\s*.*\$/keystore.type = ${KEYSTORE_TYPE//\//\\/}/" /opt/connect/conf/mirth.properties +fi + +# license key +if ! [ -z "${LICENSE_KEY+x}" ]; then + LINE_COUNT=`grep "license.key" /opt/connect/conf/mirth.properties | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + echo -e "\nlicense.key = ${LICENSE_KEY//\//\\/}" >> /opt/connect/conf/mirth.properties + else + sed -i "s/^license\.key\s*=\s*.*\$/license.key = ${LICENSE_KEY//\//\\/}/" /opt/connect/conf/mirth.properties + fi +fi + +# session store +if ! [ -z "${SESSION_STORE+x}" ]; then + LINE_COUNT=`grep "server.api.sessionstore" /opt/connect/conf/mirth.properties | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + echo -e "\nserver.api.sessionstore = ${SESSION_STORE//\//\\/}" >> /opt/connect/conf/mirth.properties + else + sed -i "s/^server\.api\.sessionstore\s*=\s*.*\$/server.api.sessionstore = ${SESSION_STORE//\//\\/}/" /opt/connect/conf/mirth.properties + fi +fi + +#server ID +if ! [ -z "${SERVER_ID+x}" ]; then + echo -e "server.id = ${SERVER_ID//\//\\/}" > /opt/connect/appdata/server.id +fi + +# merge extra environment variables starting with _MP_ into mirth.properties +while read -r keyvalue; do + KEY="${keyvalue%%=*}" + VALUE="${keyvalue#*=}" + VALUE=$(tr -dc '\40-\176' <<< "$VALUE") + + if ! [ -z "${KEY}" ] && ! [ -z "${VALUE}" ] && ! [[ ${VALUE} =~ ^\ +$ ]]; then + + # filter for variables starting with "_MP_" + if [[ ${KEY} == _MP_* ]]; then + + # echo "found mirth property ${KEY}=${VALUE}" + + # example: _MP_DATABASE_MAX__CONNECTIONS -> database.max-connections + + # remove _MP_ + # example: DATABASE_MAX__CONNECTIONS + ACTUAL_KEY=${KEY:4} + + # switch '__' to '-' + # example: DATABASE_MAX-CONNECTIONS + ACTUAL_KEY="${ACTUAL_KEY//__/-}" + + # switch '_' to '.' + # example: DATABASE.MAX-CONNECTIONS + ACTUAL_KEY="${ACTUAL_KEY//_/.}" + + # lower case + # example: database.max-connections + ACTUAL_KEY="${ACTUAL_KEY,,}" + + # if key does not exist in mirth.properties append it at bottom + LINE_COUNT=`grep "^${ACTUAL_KEY}" /opt/connect/conf/mirth.properties | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + # echo "key ${ACTUAL_KEY} not found in mirth.properties, appending. Value = ${VALUE}" + echo -e "\n${ACTUAL_KEY} = ${VALUE//\//\\/}" >> /opt/connect/conf/mirth.properties + else # otherwise key exists, overwrite it + # echo "key ${ACTUAL_KEY} exists, overwriting. Value = ${VALUE}" + ESCAPED_KEY="${ACTUAL_KEY//./\\.}" + sed -i "s/^${ESCAPED_KEY}\s*=\s*.*\$/${ACTUAL_KEY} = ${VALUE//\//\\/}/" /opt/connect/conf/mirth.properties + fi + fi + fi +done <<< "`printenv`" + +# Address reflective access by Jackson +echo "--add-opens=java.desktop/java.awt.color=ALL-UNNAMED" >> oieserver.vmoptions + +# merge vmoptions into /opt/connect/oieserver.vmoptions +if ! [ -z "${VMOPTIONS+x}" ]; then + PREV_IFS="$IFS" + IFS="," + read -ra vmoptions <<< "$VMOPTIONS" + IFS="$PREV_IFS" + + for vmoption in "${vmoptions[@]}" + do + echo "${vmoption}" >> /opt/connect/oieserver.vmoptions + done +fi + +# merge the user's secret mirth.properties +# takes a whole mirth.properties file and merges line by line with /opt/connect/conf/mirth.properties +if [ -f /run/secrets/mirth_properties ]; then + + # add new line in case /opt/connect/conf/mirth.properties doesn't end with one + echo "" >> /opt/connect/conf/mirth.properties + + while read -r keyvalue; do + KEY="${keyvalue%%=*}" + VALUE="${keyvalue#*=}" + + # remove leading and trailing white space + KEY="$(echo -e "${KEY}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + VALUE="$(echo -e "${VALUE}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + + if ! [ -z "${KEY}" ] && ! [ -z "${VALUE}" ] && ! [[ ${VALUE} =~ ^\ +$ ]]; then + # if key does not exist in mirth.properties append it at bottom + LINE_COUNT=`grep "^${KEY}" /opt/connect/conf/mirth.properties | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + # echo "key ${KEY} not found in mirth.properties, appending. Value = ${VALUE}" + echo -e "${KEY} = ${VALUE//\//\\/}" >> /opt/connect/conf/mirth.properties + else # otherwise key exists, overwrite it + # echo "key ${KEY} exists, overwriting. Value = ${VALUE}" + ESCAPED_KEY="${KEY//./\\.}" + sed -i "s/^${ESCAPED_KEY}\s*=\s*.*\$/${KEY} = ${VALUE//\//\\/}/" /opt/connect/conf/mirth.properties + fi + fi + done <<< "`cat /run/secrets/mirth_properties`" +fi + +# merge the user's secret vmoptions +# takes a whole oieserver.vmoptions file and merges line by line with /opt/connect/oieserver.vmoptions +if [ -f /run/secrets/oieserver_vmoptions ]; then + (cat /run/secrets/oieserver_vmoptions ; echo "") >> /opt/connect/oieserver.vmoptions +fi + +# download jars from this url "$CUSTOM_JARS_DOWNLOAD", set by user +if ! [ -z "${CUSTOM_JARS_DOWNLOAD+x}" ]; then + echo "Downloading Jars at ${CUSTOM_JARS_DOWNLOAD}" + if ! [ -z "${ALLOW_INSECURE}" ] && [ "${ALLOW_INSECURE}" == "true" ]; then + curl -ksSLf "${CUSTOM_JARS_DOWNLOAD}" -o userJars.zip || echo "problem with custom jars download" + else + curl -sSLf "${CUSTOM_JARS_DOWNLOAD}" -o userJars.zip || echo "problem with custom jars download" + fi + + # Unzipping contents of userJars.zip into /opt/connect/server-launcher-lib folder + if [ -e "userJars.zip" ]; then + echo "Unzipping contents of userJars.zip into /opt/connect/server-launcher-lib" + unzip userJars.zip -d /opt/connect/server-launcher-lib + # removing the downloaded zip file + rm userJars.zip + fi +fi + +# download extensions from this url "$EXTENSIONS_DOWNLOAD", set by user +if ! [ -z "${EXTENSIONS_DOWNLOAD+x}" ]; then + echo "Downloading extensions at ${EXTENSIONS_DOWNLOAD}" + if ! [ -z "${ALLOW_INSECURE}" ] && [ "${ALLOW_INSECURE}" == "true" ]; then + curl -ksSLf "${EXTENSIONS_DOWNLOAD}" -o userExtensions.zip || echo "problem with extensions download" + else + curl -sSLf "${EXTENSIONS_DOWNLOAD}" -o userExtensions.zip || echo "problem with extensions download" + fi + + # Unzipping contents of userExtensions.zip + if [ -e "userExtensions.zip" ]; then + echo "Unzipping contents of userExtensions.zip" + mkdir /tmp/userextensions + unzip userExtensions.zip -d /tmp/userextensions + # removing the downloaded zip file + rm userExtensions.zip + + # Unzipping contents of individual extension zip files into /opt/connect/extensions folder + zipFileCount=`ls -1 /tmp/userextensions/*.zip 2>/dev/null | wc -l` + if [ $zipFileCount != 0 ]; then + echo "Unzipping contents of /tmp/userextensions/ zips into /opt/connect/extensions" + for f in /tmp/userextensions/*.zip; do unzip "$f" -d /opt/connect/extensions; done + fi + # removing the tmp folder + rm -rf /tmp/userextensions + fi +fi + +# download keystore +if ! [ -z "${KEYSTORE_DOWNLOAD+x}" ]; then + echo "Downloading keystore at ${KEYSTORE_DOWNLOAD}" + if ! [ -z "${ALLOW_INSECURE}" ] && [ "${ALLOW_INSECURE}" == "true" ]; then + curl -ksSLf "${KEYSTORE_DOWNLOAD}" -o "/opt/connect/appdata/keystore.jks" || echo "problem with keystore download" + else + curl -sSLf "${KEYSTORE_DOWNLOAD}" -o "/opt/connect/appdata/keystore.jks" || echo "problem with keystore download" + fi +fi + +# if delay is set as an environment variable then wait that long in seconds +if ! [ -z "${DELAY+x}" ]; then + sleep $DELAY +fi + +exec "$@" \ No newline at end of file diff --git a/docker/mirth-connect.sh b/docker/mirth-connect.sh new file mode 100644 index 000000000..9bbff32c9 --- /dev/null +++ b/docker/mirth-connect.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +# Mirth Connect Server Launcher Script + +# Get the directory where this script is located +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + +# Set MIRTH_HOME to the script directory +export MIRTH_HOME="$SCRIPT_DIR" + +# Set Java options +parse_vmoptions() { + local file="$1" + local current_options="${2:-}" # Initialize with existing options, or empty + + if [[ ! -f "$file" ]]; then + echo "Error: VM options file not found: $file" >&2 + return 1 + fi + + # Read the file line by line + while IFS= read -r line; do + # Trim leading/trailing whitespace + line=$(echo "$line" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//') + + # Skip empty lines and comments + if [[ -z "$line" || "$line" =~ ^# ]]; then + continue + fi + + # Check for -include-options directive + if [[ "$line" =~ ^-include-options[[:space:]]+(.+) ]]; then + local included_file="${BASH_REMATCH[1]}" + + # Resolve relative paths + if [[ ! "$included_file" =~ ^/ ]]; then # Not an absolute path + included_file="$(dirname "$file")/$included_file" + fi + + # Recursively call parse_vmoptions for the included file + local included_opts + if ! included_opts=$(parse_vmoptions "$included_file" "$current_options"); then + echo "Error processing included options from $included_file" >&2 + return 1 + fi + current_options="$included_opts" + else + # Add the option to the accumulated string + current_options+="${current_options:+" "}$line" + fi + done < "$file" + + echo "$current_options" + return 0 +} +JAVA_OPTS=$(parse_vmoptions "oieserver.vmoptions") +JAVA_OPTS="$JAVA_OPTS -Dmirth.home=$MIRTH_HOME" + +# Launch Mirth Connect +echo "Starting Mirth Connect..." +echo "MIRTH_HOME: $MIRTH_HOME" +echo "JAVA_OPTS: $JAVA_OPTS" + +java $JAVA_OPTS -jar "$MIRTH_HOME/mirth-server-launcher.jar"