From 74d0136d384bbfa339b3a8f28d984da18b9c3522 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 27 Jun 2025 17:57:04 +0300 Subject: [PATCH 1/4] Set up Dockerfile and surrounding tools Signed-off-by: Kaur Palang --- .editorconfig | 10 ++ .github/workflows/deploy-image.yaml | 38 +++++ .gitignore | 1 + deploy/.dockerignore | 2 + deploy/.env | 8 + deploy/Dockerfile | 114 +++++++++++++ deploy/compose.yaml | 65 ++++++++ deploy/entrypoint.sh | 245 ++++++++++++++++++++++++++++ 8 files changed, 483 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/workflows/deploy-image.yaml create mode 100644 .gitignore create mode 100644 deploy/.dockerignore create mode 100644 deploy/.env create mode 100644 deploy/Dockerfile create mode 100644 deploy/compose.yaml create mode 100755 deploy/entrypoint.sh diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..4567699 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,10 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 + +[{*.yml,*.yaml}] +indent_style = space +indent_size = 2 diff --git a/.github/workflows/deploy-image.yaml b/.github/workflows/deploy-image.yaml new file mode 100644 index 0000000..2af9e6b --- /dev/null +++ b/.github/workflows/deploy-image.yaml @@ -0,0 +1,38 @@ +name: Build production images + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + build-images: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up Docker Compose + uses: docker/setup-compose-action@v1 + + - name: Build images + working-directory: deploy + run: | + docker compose --progress plain build --build-arg CREATED_AT=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + docker image ls + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Push images to Docker hub + run: docker image push --all-tags openintegrationengine/engine diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62c8935 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea/ \ No newline at end of file diff --git a/deploy/.dockerignore b/deploy/.dockerignore new file mode 100644 index 0000000..864179f --- /dev/null +++ b/deploy/.dockerignore @@ -0,0 +1,2 @@ +* +!entrypoint.sh diff --git a/deploy/.env b/deploy/.env new file mode 100644 index 0000000..5284572 --- /dev/null +++ b/deploy/.env @@ -0,0 +1,8 @@ +UBUNTU_JRE_TAG=17.0.15_6-jre-noble +UBUNTU_JDK_TAG=17.0.15_6-jdk-noble + +ALPINE_JRE_TAG=17.0.15_6-jre-alpine +ALPINE_JDK_TAG=17.0.15_6-jdk-alpine + +OIE_RELEASE_VERSION=4.5.2-tp.1 +OIE_RELEASE_URL=https://github.com/OpenIntegrationEngine/engine/releases/download/v4.5.2-tp.1/oie_unix_4_5_2.tar.gz diff --git a/deploy/Dockerfile b/deploy/Dockerfile new file mode 100644 index 0000000..4cce425 --- /dev/null +++ b/deploy/Dockerfile @@ -0,0 +1,114 @@ +# syntax=docker/dockerfile:1 + +ARG ALPINE_TAG +ARG UBUNTU_TAG + +ARG OIE_RELEASE_VERSION + +ARG UID=14285 +ARG GID=14285 + +FROM alpine:3.21.3 AS downloader + +ARG UID +ARG GID +ARG OIE_RELEASE_URL + +WORKDIR /opt + +# Download Open Integration Engine release +RUN apk add --no-cache curl \ + && curl -L \ + -o /opt/engine.tar.gz \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + ${OIE_RELEASE_URL}\ + && tar xzf engine.tar.gz \ + && mv /opt/oie /opt/engine \ + && mkdir -p /opt/engine/appdata + +WORKDIR /opt/engine +COPY --chmod=755 entrypoint.sh /opt/engine/entrypoint.sh + +RUN rm -rf cli-lib manager-lib \ + && rm mirth-cli-launcher.jar oiecommand + +RUN chown -R ${UID}:${GID} /opt/engine + +########################################## +# +# Alpine Images +# +########################################## + +FROM eclipse-temurin:$ALPINE_TAG AS alpine + +ARG UID +ARG GID +ARG OIE_RELEASE_VERSION +ARG CREATED_AT + +# Add OCI best-practice labels https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys +LABEL "org.opencontainers.image.authors"="The Open Integration Engine Project and contributors" \ + "org.opencontainers.image.created"="${CREATED_AT?:}" \ + "org.opencontainers.image.description"="An open source fork of the now closed-source Mirth Connect" \ + "org.opencontainers.image.licenses"="MPL-2.0" \ + "org.opencontainers.image.source"="https://github.com/OpenIntegrationEngine/engine-docker" \ + "org.opencontainers.image.title"="Open Integration Engine" \ + "org.opencontainers.image.url"="https://github.com/OpenIntegrationEngine/engine" \ + "org.opencontainers.image.vendor"="The Open Integration Engine Project" \ + "org.opencontainers.image.version"="${OIE_RELEASE_VERSION?:}" + +COPY --from=downloader /opt/engine /opt/engine + +RUN apk add --no-cache bash \ + && adduser -D -H -u $UID engine engine # Create both group and user "engine" at the same time + +VOLUME /opt/engine/appdata +VOLUME /opt/engine/custom-extensions +WORKDIR /opt/engine + +EXPOSE 8443 + +USER engine +ENTRYPOINT ["./entrypoint.sh"] +CMD ["./oieserver"] + +########################################## +# +# Ubuntu Image +# +########################################## + +FROM eclipse-temurin:$UBUNTU_TAG AS ubuntu + +ARG UID +ARG GID +ARG OIE_RELEASE_VERSION +ARG CREATED_AT + +# Add OCI best-practice labels https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys +LABEL "org.opencontainers.image.authors"="The Open Integration Engine Project and contributors" \ + "org.opencontainers.image.created"="${CREATED_AT?:}" \ + "org.opencontainers.image.description"="An open source fork of the now closed-source Mirth Connect" \ + "org.opencontainers.image.licenses"="MPL-2.0" \ + "org.opencontainers.image.source"="https://github.com/OpenIntegrationEngine/engine-docker" \ + "org.opencontainers.image.title"="Open Integration Engine" \ + "org.opencontainers.image.url"="https://github.com/OpenIntegrationEngine/engine" \ + "org.opencontainers.image.vendor"="The Open Integration Engine Project" \ + "org.opencontainers.image.version"="${OIE_RELEASE_VERSION?:}" + +COPY --from=downloader /opt/engine /opt/engine + +RUN groupadd --gid ${GID} engine \ + && useradd -u ${UID} -g ${GID} -M engine + +VOLUME /opt/engine/appdata +VOLUME /opt/engine/custom-extensions +WORKDIR /opt/engine + +EXPOSE 8443 + +USER engine +ENTRYPOINT ["./entrypoint.sh"] +CMD ["./oieserver"] diff --git a/deploy/compose.yaml b/deploy/compose.yaml new file mode 100644 index 0000000..18ddc53 --- /dev/null +++ b/deploy/compose.yaml @@ -0,0 +1,65 @@ +name: open-integration-engine + +services: + ubuntu-jdk: + image: openintegrationengine/engine + build: + dockerfile: Dockerfile + target: ubuntu + context: . + args: &jdk-args + UBUNTU_TAG: ${UBUNTU_JDK_TAG:?} + ALPINE_TAG: ${ALPINE_JDK_TAG:?} + OIE_RELEASE_VERSION: ${OIE_RELEASE_VERSION:?} + OIE_RELEASE_URL: ${OIE_RELEASE_URL:?} + platforms: &platforms + - linux/amd64 +# - linux/arm64 + tags: + - openintegrationengine/engine:latest-ubuntu-jdk + - openintegrationengine/engine:${OIE_RELEASE_VERSION?:}-ubuntu-jdk + + ubuntu-jre: + image: openintegrationengine/engine + build: + dockerfile: Dockerfile + target: ubuntu + context: . + args: &jre-tags + UBUNTU_TAG: ${UBUNTU_JRE_TAG:?} + ALPINE_TAG: ${ALPINE_JRE_TAG:?} + OIE_RELEASE_VERSION: ${OIE_RELEASE_VERSION:?} + OIE_RELEASE_URL: ${OIE_RELEASE_URL:?} + platforms: *platforms + tags: + - openintegrationengine/engine:latest-ubuntu + - openintegrationengine/engine:latest-ubuntu-jre + - openintegrationengine/engine:${OIE_RELEASE_VERSION?:}-ubuntu + - openintegrationengine/engine:${OIE_RELEASE_VERSION?:}-ubuntu-jre + + alpine-jdk: + image: openintegrationengine/engine + build: + dockerfile: Dockerfile + target: alpine + context: . + args: *jdk-args + platforms: *platforms + tags: + - openintegrationengine/engine:latest-alpine-jdk + - openintegrationengine/engine:${OIE_RELEASE_VERSION?:}-alpine-jre + + alpine-jre: + image: openintegrationengine/engine + build: + dockerfile: Dockerfile + target: alpine + context: . + args: *jre-tags + platforms: *platforms + tags: + - openintegrationengine/engine:latest + - openintegrationengine/engine:latest-alpine + - openintegrationengine/engine:latest-alpine-jre + - openintegrationengine/engine:${OIE_RELEASE_VERSION?:}-alpine + - openintegrationengine/engine:${OIE_RELEASE_VERSION?:}-alpine-jre diff --git a/deploy/entrypoint.sh b/deploy/entrypoint.sh new file mode 100755 index 0000000..285d501 --- /dev/null +++ b/deploy/entrypoint.sh @@ -0,0 +1,245 @@ +#!/usr/bin/env bash +# +# SPDX-License-Identifier: MPL-2.0 +# SPDX-FileCopyrightText: 2023 NextGen Healthcare +# SPDX-FileCopyrightText: 2025 Kaur Palang +# + +set -e + +APP_DIR=/opt/engine + +custom_extension_count=`ls -1 "$APP_DIR"/custom-extensions/*.zip 2>/dev/null | wc -l` +if [ $custom_extension_count != 0 ]; then + echo "Found ${custom_extension_count} custom extensions." + for extension in $(ls -1 "$APP_DIR"/custom-extensions/*.zip); do + unzip -o -q $extension -d "$APP_DIR/extensions" + done +fi + +# set storepass and keypass to 'changeme' so they aren't overwritten later +KEYSTORE_PASS=changeme +sed -i "s/^keystore\.storepass\s*=\s*.*\$/keystore.storepass = ${KEYSTORE_PASS//\//\\/}/" "$APP_DIR/conf/mirth.properties" +sed -i "s/^keystore\.keypass\s*=\s*.*\$/keystore.keypass = ${KEYSTORE_PASS//\//\\/}/" "$APP_DIR/conf/mirth.properties" + +# merge the environment variables into /opt/engine/conf/mirth.properties +# db type +if ! [ -z "${DATABASE+x}" ]; then + sed -i "s/^database\s*=\s*.*\$/database = ${DATABASE//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# db username +if ! [ -z "${DATABASE_USERNAME+x}" ]; then + sed -i "s/^database\.username\s*=\s*.*\$/database.username = ${DATABASE_USERNAME//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# db password +if ! [ -z "${DATABASE_PASSWORD+x}" ]; then + sed -i "s/^database\.password\s*=\s*.*\$/database.password = ${DATABASE_PASSWORD//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# db url +if ! [ -z "${DATABASE_URL+x}" ]; then + sed -i "s/^database\.url\s*=\s*.*\$/database.url = ${DATABASE_URL//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# database max connections +if ! [ -z "${DATABASE_MAX_CONNECTIONS+x}" ]; then + sed -i "s/^database\.max-connections\s*=\s*.*\$/database.max-connections = ${DATABASE_MAX_CONNECTIONS//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# database max retries +if ! [ -z "${DATABASE_MAX_RETRY+x}" ]; then + sed -i "s/^database\.connection\.maxretry\s*=\s*.*\$/database.connection.maxretry = ${DATABASE_MAX_RETRY//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# database retry wait time +if ! [ -z "${DATABASE_RETRY_WAIT+x}" ]; then + sed -i "s/^database\.connection\.retrywaitinmilliseconds\s*=\s*.*\$/database.connection.retrywaitinmilliseconds = ${DATABASE_RETRY_WAIT//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# keystore storepass +if ! [ -z "${KEYSTORE_STOREPASS+x}" ]; then + sed -i "s/^keystore\.storepass\s*=\s*.*\$/keystore.storepass = ${KEYSTORE_STOREPASS//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# keystore keypass +if ! [ -z "${KEYSTORE_KEYPASS+x}" ]; then + sed -i "s/^keystore\.keypass\s*=\s*.*\$/keystore.keypass = ${KEYSTORE_KEYPASS//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +if ! [ -z "${KEYSTORE_TYPE+x}" ]; then + sed -i "s/^keystore\.type\s*=\s*.*\$/keystore.type = ${KEYSTORE_TYPE//\//\\/}/" "$APP_DIR/conf/mirth.properties" +fi + +# session store +if ! [ -z "${SESSION_STORE+x}" ]; then + LINE_COUNT=`grep "server.api.sessionstore" "$APP_DIR/conf/mirth.properties" | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + echo -e "\nserver.api.sessionstore = ${SESSION_STORE//\//\\/}" >> "$APP_DIR/conf/mirth.properties" + else + sed -i "s/^server\.api\.sessionstore\s*=\s*.*\$/server.api.sessionstore = ${SESSION_STORE//\//\\/}/" "$APP_DIR/conf/mirth.properties" + fi +fi + +#server ID +if ! [ -z "${SERVER_ID+x}" ]; then + echo -e "server.id = ${SERVER_ID//\//\\/}" > "$APP_DIR/appdata/server.id" +fi + +# merge extra environment variables starting with _MP_ into mirth.properties +while read -r keyvalue; do + KEY="${keyvalue%%=*}" + VALUE="${keyvalue#*=}" + VALUE=$(tr -dc '\40-\176' <<< "$VALUE") + + if ! [ -z "${KEY}" ] && ! [ -z "${VALUE}" ] && ! [[ ${VALUE} =~ ^\ +$ ]]; then + + # filter for variables starting with "_MP_" + if [[ ${KEY} == _MP_* ]]; then + + # echo "found property ${KEY}=${VALUE}" + + # example: _MP_DATABASE_MAX__CONNECTIONS -> database.max-connections + + # remove _MP_ + # example: DATABASE_MAX__CONNECTIONS + ACTUAL_KEY=${KEY:4} + + # switch '__' to '-' + # example: DATABASE_MAX-CONNECTIONS + ACTUAL_KEY="${ACTUAL_KEY//__/-}" + + # switch '_' to '.' + # example: DATABASE.MAX-CONNECTIONS + ACTUAL_KEY="${ACTUAL_KEY//_/.}" + + # lower case + # example: database.max-connections + ACTUAL_KEY="${ACTUAL_KEY,,}" + + # if key does not exist in mirth.properties append it at bottom + LINE_COUNT=`grep "^${ACTUAL_KEY}" "$APP_DIR/conf/mirth.properties" | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + # echo "key ${ACTUAL_KEY} not found in mirth.properties, appending. Value = ${VALUE}" + echo -e "\n${ACTUAL_KEY} = ${VALUE//\//\\/}" >> "$APP_DIR/conf/mirth.properties" + else # otherwise key exists, overwrite it + # echo "key ${ACTUAL_KEY} exists, overwriting. Value = ${VALUE}" + ESCAPED_KEY="${ACTUAL_KEY//./\\.}" + sed -i "s/^${ESCAPED_KEY}\s*=\s*.*\$/${ACTUAL_KEY} = ${VALUE//\//\\/}/" "$APP_DIR/conf/mirth.properties" + fi + fi + fi +done <<< "`printenv`" + +# merge vmoptions into /opt/engine/oieserver.vmoptions +if ! [ -z "${VMOPTIONS+x}" ]; then + PREV_IFS="$IFS" + IFS="," + read -ra vmoptions <<< "$VMOPTIONS" + IFS="$PREV_IFS" + + for vmoption in "${vmoptions[@]}" + do + echo "${vmoption}" >> "$APP_DIR/oieserver.vmoptions" + done +fi + +# merge the user's secret mirth.properties +# takes a whole mirth.properties file and merges line by line with /opt/engine/conf/mirth.properties +if [ -f /run/secrets/mirth_properties ]; then + + # add new line in case /opt/engine/conf/mirth.properties doesn't end with one + echo "" >> "$APP_DIR/conf/mirth.properties" + + while read -r keyvalue; do + KEY="${keyvalue%%=*}" + VALUE="${keyvalue#*=}" + + # remove leading and trailing white space + KEY="$(echo -e "${KEY}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + VALUE="$(echo -e "${VALUE}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + + if ! [ -z "${KEY}" ] && ! [ -z "${VALUE}" ] && ! [[ ${VALUE} =~ ^\ +$ ]]; then + # if key does not exist in mirth.properties append it at bottom + LINE_COUNT=`grep "^${KEY}" "$APP_DIR/conf/mirth.properties" | wc -l` + if [ $LINE_COUNT -lt 1 ]; then + # echo "key ${KEY} not found in mirth.properties, appending. Value = ${VALUE}" + echo -e "${KEY} = ${VALUE//\//\\/}" >> "$APP_DIR/conf/mirth.properties" + else # otherwise key exists, overwrite it + # echo "key ${KEY} exists, overwriting. Value = ${VALUE}" + ESCAPED_KEY="${KEY//./\\.}" + sed -i "s/^${ESCAPED_KEY}\s*=\s*.*\$/${KEY} = ${VALUE//\//\\/}/" "$APP_DIR/conf/mirth.properties" + fi + fi + done <<< "`cat /run/secrets/mirth_properties`" +fi + +# merge the user's secret vmoptions +# takes a whole oieserver.vmoptions file and merges line by line with /opt/engine/oieserver.vmoptions +if [ -f /run/secrets/oieserver_vmoptions ]; then + (cat /run/secrets/oieserver_vmoptions ; echo "") >> "$APP_DIR/oieserver.vmoptions" +fi + +# download jars from this url "$CUSTOM_JARS_DOWNLOAD", set by user +if ! [ -z "${CUSTOM_JARS_DOWNLOAD+x}" ]; then + echo "Downloading Jars at ${CUSTOM_JARS_DOWNLOAD}" + if ! [ -z "${ALLOW_INSECURE}" ] && [ "${ALLOW_INSECURE}" == "true" ]; then + curl -ksSLf "${CUSTOM_JARS_DOWNLOAD}" -o userJars.zip || echo "problem with custom jars download" + else + curl -sSLf "${CUSTOM_JARS_DOWNLOAD}" -o userJars.zip || echo "problem with custom jars download" + fi + + # Unzipping contents of userJars.zip into /opt/engine/server-launcher-lib folder + if [ -e "userJars.zip" ]; then + echo "Unzipping contents of userJars.zip into $APP_DIR/server-launcher-lib" + unzip userJars.zip -d "$APP_DIR/server-launcher-lib" + # removing the downloaded zip file + rm userJars.zip + fi +fi + +# download extensions from this url "$EXTENSIONS_DOWNLOAD", set by user +if ! [ -z "${EXTENSIONS_DOWNLOAD+x}" ]; then + echo "Downloading extensions at ${EXTENSIONS_DOWNLOAD}" + if ! [ -z "${ALLOW_INSECURE}" ] && [ "${ALLOW_INSECURE}" == "true" ]; then + curl -ksSLf "${EXTENSIONS_DOWNLOAD}" -o userExtensions.zip || echo "problem with extensions download" + else + curl -sSLf "${EXTENSIONS_DOWNLOAD}" -o userExtensions.zip || echo "problem with extensions download" + fi + + # Unzipping contents of userExtensions.zip + if [ -e "userExtensions.zip" ]; then + echo "Unzipping contents of userExtensions.zip" + mkdir /tmp/userextensions + unzip userExtensions.zip -d /tmp/userextensions + # removing the downloaded zip file + rm userExtensions.zip + + # Unzipping contents of individual extension zip files into /opt/engine/extensions folder + zipFileCount=`ls -1 /tmp/userextensions/*.zip 2>/dev/null | wc -l` + if [ $zipFileCount != 0 ]; then + echo "Unzipping contents of /tmp/userextensions/ zips into $APP_DIR/extensions" + for f in /tmp/userextensions/*.zip; do unzip "$f" -d "$APP_DIR/extensions"; done + fi + # removing the tmp folder + rm -rf /tmp/userextensions + fi +fi + +# download keystore +if ! [ -z "${KEYSTORE_DOWNLOAD+x}" ]; then + echo "Downloading keystore at ${KEYSTORE_DOWNLOAD}" + if ! [ -z "${ALLOW_INSECURE}" ] && [ "${ALLOW_INSECURE}" == "true" ]; then + curl -ksSLf "${KEYSTORE_DOWNLOAD}" -o "$APP_DIR/appdata/keystore.jks" || echo "problem with keystore download" + else + curl -sSLf "${KEYSTORE_DOWNLOAD}" -o "$APP_DIR/appdata/keystore.jks" || echo "problem with keystore download" + fi +fi + +# if delay is set as an environment variable then wait that long in seconds +if ! [ -z "${DELAY+x}" ]; then + sleep $DELAY +fi + +exec "$@" From c3f435f7885a6c2f79c81dc556cd4952fa644f25 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 27 Jun 2025 20:25:03 +0300 Subject: [PATCH 2/4] Add README.md Signed-off-by: Kaur Palang Signed-off-by: Jon Bartels --- README.md | 440 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 440 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..9d9f789 --- /dev/null +++ b/README.md @@ -0,0 +1,440 @@ + +# Table of Contents + +* [Supported tags and respective Dockerfile links](#supported-tags) +* [Supported Architectures](#supported-architectures) +* [Quick Reference](#quick-reference) +* [What is Mirth Connect](#what-is-connect) +* [How to use this image](#how-to-use) + * [Start a Connect instance](#start-connect) + * [Using `docker stack deploy` or `docker-compose`](#using-docker-compose) + * [Environment Variables](#environment-variables) + * [Common mirth.properties options](#common-mirth-properties-options) + * [Other mirth.properties options](#other-mirth-properties-options) + * [Using Docker Secrets](#using-docker-secrets) + * [Using Volumes](#using-volumes) + * [The appdata folder](#the-appdata-folder) + * [Additional extensions](#additional-extensions) +* [License](#license) + +------------ + + +# Supported Images [↑](#top) + +All Open Integration Engine releases are packaged into the four following images: + +- `latest`, `latest-alpine`, `latest-alpine-jre` + - `4.5.2-tp.1-alpine`, `4.5.2-tp.1-alpine-jre` +- `latest-alpine-jdk` + - `4.5.2-tp.1-alpine-jdk` +- `latest-ubuntu`, `latest-ubuntu-jre` + - `4.5.2-tp.1-ubuntu`, `4.5.2-tp.1-ubuntu-jre` +- `latest-ubuntu-jdk` + - `4.5.2-tp.1-ubuntu-jdk` + +------------ + + +# Supported Architectures [↑](#top) + +Docker images for OIE 4.5.2 and later versions support both `linux/amd64` and `linux/arm64` architectures. As an example, to pull the latest `linux/arm64` image, use the command +``` +docker pull --platform linux/arm64 openintegrationengine/engine:latest +``` + +------------ + + +# Quick Reference [↑](#top) + +#### Where to get help: + +- 🌐 **Website**: [openintegrationengine.org](https://openintegrationengine.org) +- 💬 **Discord**: [Join our server](https://discord.gg/azdehW2Zrx) +- 📂 **GitHub Repo**: [github.com/OpenIntegrationEngine/engine](https://github.com/OpenIntegrationEngine/engine) + +#### How to file issues: + +https://github.com/OpenIntegrationEngine/engine/issues + +Please do your best to include the following information in your issue: +* The exact commit hash of the code you are using +* The commands you executed to build or run the image +* The output of the command you executed (Hint add `--progress=plain` to your `docker` command to see the full output) +* Use [Markdown](https://guides.github.com/features/mastering-markdown/) to format your issue text, ESPECIALLY if you are including code snippets or command output. This will make it easier for us to read and understand your issue. + +------------ + + +# What is Open Integration Engine [↑](#top) + +An open-source message integration engine focused on healthcare. For more information please visit [openintegrationengine.org](https://openintegrationengine.org). + +OpenIntegrationEngine is a community-driven project that continues the legacy of Mirth Connect, providing a flexible, open platform for managing healthcare interfaces. It supports a wide range of healthcare standards and protocols, enabling seamless integration between disparate systems. + +OpenIntegrationEngine is designed to be vendor-neutral, allowing healthcare organizations to connect their systems without being locked into proprietary solutions. It offers a user-friendly interface for building, deploying, and managing interfaces, along with powerful features for real-time monitoring and alerting. + +------------ + + +# How to use this image [↑](#top) + + +## Start an OpenIntegrationEngine instance [↑](#top) + +Quickly start OpenIntegration using embedded Derby database and all configuration defaults. At a minimum you will likely want to use the `-p` option to expose the 8443 port so that you can login with the Administrator GUI or CLI: + +```bash +docker run -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +``` + +You can also use the `--name` option to give your container a unique name, and the `-d` option to detach the container and run it in the background: + +```bash +docker run --name myconnect -d -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +``` + +To run a different base image, specify a tag at the end: + +```bash +docker run --name myconnect -d -p 8443:8443 openintegrationengine/engine:latest-alpine-jdk +``` + +To run using a specific architecture, specify it using the `--platform` argument: + +```bash +docker run --name myconnect -d -p 8443:8443 --platform linux/arm64 openintegrationengine/engine:latest-ubuntu-jre +``` + +Look at the [Environment Variables](#environment-variables) section for more available configuration options. + +------------ + + +## Using [`docker stack deploy`](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [`docker-compose`](https://github.com/docker/compose) [↑](#top) + +With `docker stack` or `docker-compose` you can easily setup and launch multiple related containers. For example you might want to launch both Connect *and* a PostgreSQL database to run alongside it. + +```bash +docker-compose -f stack.yml up +``` + +Here's an example `stack.yml` file you can use: + +```yaml +version: "3.1" +services: + mc: + image: openintegrationengine/engine + platform: linux/amd64 + environment: + - DATABASE=postgres + - DATABASE_URL=jdbc:postgresql://db:5432/mirthdb + - DATABASE_MAX_CONNECTIONS=20 + - DATABASE_USERNAME=mirthdb + - DATABASE_PASSWORD=mirthdb + - DATABASE_MAX_RETRY=2 + - DATABASE_RETRY_WAIT=10000 + - KEYSTORE_STOREPASS=docker_storepass + - KEYSTORE_KEYPASS=docker_keypass + - VMOPTIONS=-Xmx512m + ports: + - 8080:8080/tcp + - 8443:8443/tcp + depends_on: + - db + db: + image: postgres + environment: + - POSTGRES_USER=mirthdb + - POSTGRES_PASSWORD=mirthdb + - POSTGRES_DB=mirthdb + expose: + - 5432 +``` + +------------ + + +## Environment Variables [↑](#top) + +You can use environment variables to configure the [mirth.properties](https://github.com/openintegrationengine/engine/blob/development/server/conf/mirth.properties) file or to add custom JVM options. + +### Setting Environment Variables + +To set environment variables, use the `-e` option for each variable on the command line: + +```bash +docker run -e DATABASE='derby' -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +``` + +You can also use a separate file containing all of your environment variables using the `--env-file` option. For example let's say you create a file **myenvfile.txt**: + +```bash +DATABASE=postgres +DATABASE_URL=jdbc:postgresql://serverip:5432/mirthdb +DATABASE_USERNAME=postgres +DATABASE_PASSWORD=postgres +DATABASE_MAX_RETRY=2 +DATABASE_RETRY_WAIT=10000 +KEYSTORE_STOREPASS=changeme +KEYSTORE_KEYPASS=changeme +VMOPTIONS=-Xmx512m +``` + +```bash +docker run --env-file=myenvfile.txt -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +``` + +------------ + + +### Common mirth.properties options [↑](#top) + + +#### `DATABASE` + +The database type to use for the Open Integration Engine backend database. Options: + +* derby +* mysql +* postgres +* oracle +* sqlserver + + +#### `DATABASE_URL` + +The JDBC URL to use when connecting to the database. For example: +* `jdbc:postgresql://serverip:5432/mirthdb` + + +#### `DATABASE_USERNAME` + +The username to use when connecting to the database. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `DATABASE_PASSWORD` + +The password to use when connecting to the database. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `DATABASE_MAX_CONNECTIONS` + +The maximum number of connections to use for the internal messaging engine connection pool. + + +#### `DATABASE_MAX_RETRY` + +On startup, if a database connection cannot be made for any reason, Connect will wait and attempt again this number of times. By default, will retry 2 times (so 3 total attempts). + + +#### `DATABASE_RETRY_WAIT` + +The amount of time (in milliseconds) to wait between database connection attempts. By default, will wait 10 seconds between attempts. + + +#### `KEYSTORE_STOREPASS` + +The password for the keystore file itself. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `KEYSTORE_KEYPASS` + +The password for the keys within the keystore, including the server certificate and the secret encryption key. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. + + +#### `KEYSTORE_TYPE` + +The type of keystore. + + +#### `SESSION_STORE` + +If set to true, the web server sessions are stored in the database. This can be useful in situations where you have multiple Connect servers (connecting to the same database) clustered behind a load balancer. + + +#### `VMOPTIONS` + +A comma-separated list of JVM command-line options to place in the `.vmoptions` file. For example to set the max heap size: + +* -Xmx512m + + +#### `DELAY` + +This tells the entrypoint script to wait for a certain amount of time (in seconds). The entrypoint script will automatically use a command-line SQL client to check connectivity and wait until the database is up before starting Connect, but only when using PostgreSQL or MySQL. If you are using Oracle or SQL Server and the database is being started up at the same time as Connect, you may want to use this option to tell Connect to wait a bit to allow the database time to startup. + + +#### `KEYSTORE_DOWNLOAD` + +A URL location of a Connect keystore file. This file will be downloaded into the container and Connect will use it as its keystore. + + +#### `EXTENSIONS_DOWNLOAD` + +A URL location of a zip file containing Connect extension zip files. The extensions will be installed on the Connect server. + + +#### `CUSTOM_JARS_DOWNLOAD` + +A URL location of a zip file containing JAR files. The JAR files will be installed into the `server-launcher-lib` folder on the Connect server, so they will be added to the server's classpath. + + +#### `ALLOW_INSECURE` + +Allow insecure SSL connections when downloading files during startup. This applies to keystore downloads, plugin downloads, and server library downloads. By default, insecure connections are disabled but you can enable this option by setting `ALLOW_INSECURE=true`. + + +#### `SERVER_ID` + +Set the `server.id` to a specific value. Use this to preserve or set the server ID across restarts and deployments. Using the env-var is preferred over storing `appdata` persistently + +------------ + + +### Other mirth.properties options [↑](#top) + +Other options in the mirth.properties file can also be changed. Any environment variable starting with the `_MP_` prefix will set the corresponding value in mirth.properties. Replace `.` with a single underscore `_` and `-` with two underscores `__`. + +Examples: + +* Set the server TLS protocols to only allow TLSv1.2 and 1.3: + * In the mirth.properties file: + * `https.server.protocols = TLSv1.3,TLSv1.2` + * As a Docker environment variable: + * `_MP_HTTPS_SERVER_PROTOCOLS='TLSv1.3,TLSv1.2'` + +* Set the max connections for the read-only database connection pool: + * In the mirth.properties file: + * `database-readonly.max-connections = 20` + * As a Docker environment variable: + * `_MP_DATABASE__READONLY_MAX__CONNECTIONS='20'` + +------------ + + +## Using Docker Secrets [↑](#top) + +For sensitive information such as the database/keystore credentials, instead of supplying them as environment variables you can use a [Docker Secret](https://docs.docker.com/engine/swarm/secrets/). There are two secret names this image supports: + +##### mirth_properties + +If present, any properties in this secret will be merged into the mirth.properties file. + +##### mcserver_vmoptions + +If present, any JVM options in this secret will be appended onto the mcserver.vmoptions file. + +------------ + +Secrets are supported with [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/), but you can also use them with [`docker-compose`](#using-docker-compose). + +For example let's say you wanted to set `keystore.storepass` and `keystore.keypass` in a secure way. You could create a new file, **secret.properties**: + +```bash +keystore.storepass=changeme +keystore.keypass=changeme +``` + +Then in your YAML docker-compose stack file: + +```yaml +version: '3.1' +services: + mc: + image: openintegrationengine/engine + environment: + - VMOPTIONS=-Xmx512m + secrets: + - mirth_properties + ports: + - 8080:8080/tcp + - 8443:8443/tcp +secrets: + mirth_properties: + file: /local/path/to/secret.properties +``` + +The **secrets** section at the bottom specifies the local file location for each secret. Change `/local/path/to/secret.properties` to the correct local path and filename. + +Inside the configuration for the Connect container there is also a **secrets** section that lists the secrets you want to include for that container. + +------------ + + +## Using Volumes [↑](#top) + + +#### The appdata folder [↑](#top) + +The application data directory (appdata) stores configuration files and temporary data created by Connect after starting up. This usually includes the keystore file and the `server.id` file that stores your server ID. If you are launching Connect as part of a stack/swarm, it's possible the container filesystem is already being preserved. But if not, you may want to consider mounting a **volume** to preserve the appdata folder. + +```bash +docker run -v /local/path/to/appdata:/opt/connect/appdata -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +``` + +The `-v` option makes a local directory from your filesystem available to the Docker container. Create a folder on your local filesystem, then change the `/local/path/to/appdata` part in the example above to the correct local path. + +You can also configure volumes as part of your docker-compose YAML stack file: + +```yaml +version: '3.1' +services: + mc: + image: openintegrationengine/engine + volumes: + - ~/Documents/appdata:/opt/connect/appdata +``` + +------------ + + +#### Additional extensions [↑](#top) + +The entrypoint script will automatically look for any ZIP files in the `/opt/connect/custom-extensions` folder and unzip them into the extensions folder before Connect starts up. So to launch Connect with any additional extensions not included in the base application, do this: + +```bash +docker run -v /local/path/to/custom-extensions:/opt/connect/custom-extensions -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +``` + +Create a folder on your local filesystem containing the ZIP files for your additional extensions. Then change the `/local/path/to/custom-extensions` part in the example above to the correct local path. + +As with the appdata example, you can also configure this volume as part of your docker-compose YAML file. + +------------ + +## Known Limitations + +Currently, only the Debian flavored images support the newest authentication scheme in MySQL 8. All others (the Alpine based images) will need the following to force the MySQL database container to start using the old authentication scheme: + +```yaml +command: --default-authentication-plugin=mysql_native_password +``` + +Example: + +```yaml + db: + image: mysql + command: --default-authentication-plugin=mysql_native_password + environment: + ... +``` + +------------ + +## Building images + +To build the full set of four images (`ubuntu-jre`, `ubuntu-jdk`, `alpine-jre`, and `alpine-jdk`) run the following command in the `deploy/` directory: +```sh +docker compose build --build-arg CREATED_AT=$(date -u +"%Y-%m-%dT%H:%M:%SZ") +``` + +------------ + + +# License [↑](#top) + +The Dockerfiles, entrypoint script, and any other files used to build these Docker images are Copyright © NextGen Healthcare and OpenIntegrationEngine contributors. They are licensed under the [Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/). From 4c7243a9f1cfe24cfe60e1c74b85b304688a8a0f Mon Sep 17 00:00:00 2001 From: Jon Bartels Date: Sat, 28 Jun 2025 20:49:37 -0400 Subject: [PATCH 3/4] Issue 40, DRY up dockerfile Signed-off-by: Jon Bartels --- README.md | 191 ++++++++++++++++++++++++-------------------- deploy/Dockerfile | 31 +++---- deploy/compose.yaml | 20 +++-- 3 files changed, 127 insertions(+), 115 deletions(-) diff --git a/README.md b/README.md index 9d9f789..6af5e3d 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,14 @@ # Table of Contents +* [Quick Reference](#quick-reference) + * [Where to get help](#quick-reference) * [Supported tags and respective Dockerfile links](#supported-tags) * [Supported Architectures](#supported-architectures) -* [Quick Reference](#quick-reference) -* [What is Mirth Connect](#what-is-connect) +* [What is Open Integration Engine](#what-is-oie) * [How to use this image](#how-to-use) - * [Start a Connect instance](#start-connect) - * [Using `docker stack deploy` or `docker-compose`](#using-docker-compose) + * [Start an Engine instance](#start-engine) + * [Using `docker stack deploy` or `docker compose`](#using-docker-compose) * [Environment Variables](#environment-variables) * [Common mirth.properties options](#common-mirth-properties-options) * [Other mirth.properties options](#other-mirth-properties-options) @@ -19,32 +20,6 @@ ------------ - -# Supported Images [↑](#top) - -All Open Integration Engine releases are packaged into the four following images: - -- `latest`, `latest-alpine`, `latest-alpine-jre` - - `4.5.2-tp.1-alpine`, `4.5.2-tp.1-alpine-jre` -- `latest-alpine-jdk` - - `4.5.2-tp.1-alpine-jdk` -- `latest-ubuntu`, `latest-ubuntu-jre` - - `4.5.2-tp.1-ubuntu`, `4.5.2-tp.1-ubuntu-jre` -- `latest-ubuntu-jdk` - - `4.5.2-tp.1-ubuntu-jdk` - ------------- - - -# Supported Architectures [↑](#top) - -Docker images for OIE 4.5.2 and later versions support both `linux/amd64` and `linux/arm64` architectures. As an example, to pull the latest `linux/arm64` image, use the command -``` -docker pull --platform linux/arm64 openintegrationengine/engine:latest -``` - ------------- - # Quick Reference [↑](#top) @@ -61,7 +36,7 @@ https://github.com/OpenIntegrationEngine/engine/issues Please do your best to include the following information in your issue: * The exact commit hash of the code you are using * The commands you executed to build or run the image -* The output of the command you executed (Hint add `--progress=plain` to your `docker` command to see the full output) +* The output of the command you executed (Hint: add `--progress=plain` to your `docker` command to see the full output) * Use [Markdown](https://guides.github.com/features/mastering-markdown/) to format your issue text, ESPECIALLY if you are including code snippets or command output. This will make it easier for us to read and understand your issue. ------------ @@ -71,40 +46,69 @@ Please do your best to include the following information in your issue: An open-source message integration engine focused on healthcare. For more information please visit [openintegrationengine.org](https://openintegrationengine.org). -OpenIntegrationEngine is a community-driven project that continues the legacy of Mirth Connect, providing a flexible, open platform for managing healthcare interfaces. It supports a wide range of healthcare standards and protocols, enabling seamless integration between disparate systems. +OpenIntegrationEngine is a community-driven project that continues the legacy of Mirth Connect, providing a flexible, open platform for managing healthcare interfaces. It supports a wide range of +healthcare standards and protocols, enabling seamless integration between disparate systems. -OpenIntegrationEngine is designed to be vendor-neutral, allowing healthcare organizations to connect their systems without being locked into proprietary solutions. It offers a user-friendly interface for building, deploying, and managing interfaces, along with powerful features for real-time monitoring and alerting. +OpenIntegrationEngine is designed to be vendor-neutral, allowing healthcare organizations to connect their systems without being locked into proprietary solutions. It offers a user-friendly interface +for building, deploying, and managing interfaces, along with powerful features for real-time monitoring and alerting. + +------------ + + +# Supported Images [↑](#top) + +All Open Integration Engine releases are packaged into the four following images: + +- `latest`, `latest-alpine`, `latest-alpine-jre` + - `4.5.2-tp.1-alpine`, `4.5.2-tp.1-alpine-jre` +- `latest-alpine-jdk` + - `4.5.2-tp.1-alpine-jdk` +- `latest-ubuntu`, `latest-ubuntu-jre` + - `4.5.2-tp.1-ubuntu`, `4.5.2-tp.1-ubuntu-jre` +- `latest-ubuntu-jdk` + - `4.5.2-tp.1-ubuntu-jdk` + +------------ + + +# Supported Architectures [↑](#top) + +Docker images for OIE 4.5.2 and later versions support both `linux/amd64` and `linux/arm64` architectures. As an example, to pull the latest `linux/arm64` image, use the command +``` +docker pull --platform linux/arm64 openintegrationengine/engine:latest +``` ------------ # How to use this image [↑](#top) - + ## Start an OpenIntegrationEngine instance [↑](#top) -Quickly start OpenIntegration using embedded Derby database and all configuration defaults. At a minimum you will likely want to use the `-p` option to expose the 8443 port so that you can login with the Administrator GUI or CLI: +Quickly start OpenIntegration using embedded Derby database and all configuration defaults. At a minimum you will likely want to use the `-p` option to expose the 8443 port so that you can log in with +the Administrator GUI or CLI: ```bash -docker run -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +docker run -p 8443:8443 openintegrationengine/engine ``` You can also use the `--name` option to give your container a unique name, and the `-d` option to detach the container and run it in the background: ```bash -docker run --name myconnect -d -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +docker run --name myengine -d -p 8443:8443 openintegrationengine/engine ``` To run a different base image, specify a tag at the end: ```bash -docker run --name myconnect -d -p 8443:8443 openintegrationengine/engine:latest-alpine-jdk +docker run --name myengine -d -p 8443:8443 openintegrationengine/engine:latest-alpine-jdk ``` To run using a specific architecture, specify it using the `--platform` argument: ```bash -docker run --name myconnect -d -p 8443:8443 --platform linux/arm64 openintegrationengine/engine:latest-ubuntu-jre +docker run --name myengine -d -p 8443:8443 --platform linux/arm64 openintegrationengine/engine ``` Look at the [Environment Variables](#environment-variables) section for more available configuration options. @@ -112,46 +116,45 @@ Look at the [Environment Variables](#environment-variables) section for more ava ------------ -## Using [`docker stack deploy`](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [`docker-compose`](https://github.com/docker/compose) [↑](#top) +## Using [`docker stack deploy`](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [`docker compose`](https://github.com/docker/compose) [↑](#top) -With `docker stack` or `docker-compose` you can easily setup and launch multiple related containers. For example you might want to launch both Connect *and* a PostgreSQL database to run alongside it. +With `docker stack` or `docker compose` you can easily set up and launch multiple related containers. For example, you might want to launch both Engine *and* a PostgreSQL database to run alongside it. ```bash -docker-compose -f stack.yml up +docker compose -f stack.yml up ``` Here's an example `stack.yml` file you can use: ```yaml -version: "3.1" services: - mc: + engine: image: openintegrationengine/engine - platform: linux/amd64 environment: - DATABASE=postgres - - DATABASE_URL=jdbc:postgresql://db:5432/mirthdb + - DATABASE_URL=jdbc:postgresql://db:5432/enginedb - DATABASE_MAX_CONNECTIONS=20 - - DATABASE_USERNAME=mirthdb - - DATABASE_PASSWORD=mirthdb + - DATABASE_USERNAME=enginedb + - DATABASE_PASSWORD=enginedb - DATABASE_MAX_RETRY=2 - DATABASE_RETRY_WAIT=10000 - KEYSTORE_STOREPASS=docker_storepass - KEYSTORE_KEYPASS=docker_keypass - VMOPTIONS=-Xmx512m ports: - - 8080:8080/tcp - - 8443:8443/tcp + - "8080:8080/tcp" + - "8443:8443/tcp" depends_on: - db + db: image: postgres environment: - - POSTGRES_USER=mirthdb - - POSTGRES_PASSWORD=mirthdb - - POSTGRES_DB=mirthdb - expose: - - 5432 + - POSTGRES_USER=enginedb + - POSTGRES_PASSWORD=enginedb + - POSTGRES_DB=enginedb + ports: + - "5432:5432/tcp" ``` ------------ @@ -166,14 +169,14 @@ You can use environment variables to configure the [mirth.properties](https://gi To set environment variables, use the `-e` option for each variable on the command line: ```bash -docker run -e DATABASE='derby' -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +docker run -e DATABASE='derby' -p 8443:8443 openintegrationengine/engine ``` You can also use a separate file containing all of your environment variables using the `--env-file` option. For example let's say you create a file **myenvfile.txt**: ```bash DATABASE=postgres -DATABASE_URL=jdbc:postgresql://serverip:5432/mirthdb +DATABASE_URL=jdbc:postgresql://serverip:5432/enginedb DATABASE_USERNAME=postgres DATABASE_PASSWORD=postgres DATABASE_MAX_RETRY=2 @@ -184,7 +187,7 @@ VMOPTIONS=-Xmx512m ``` ```bash -docker run --env-file=myenvfile.txt -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +docker run --env-file=myenvfile.txt -p 8443:8443 openintegrationengine/engine ``` ------------ @@ -207,7 +210,7 @@ The database type to use for the Open Integration Engine backend database. Optio #### `DATABASE_URL` The JDBC URL to use when connecting to the database. For example: -* `jdbc:postgresql://serverip:5432/mirthdb` +* `jdbc:postgresql://serverip:5432/enginedb` #### `DATABASE_USERNAME` @@ -227,7 +230,7 @@ The maximum number of connections to use for the internal messaging engine conne #### `DATABASE_MAX_RETRY` -On startup, if a database connection cannot be made for any reason, Connect will wait and attempt again this number of times. By default, will retry 2 times (so 3 total attempts). +On startup, if a database connection cannot be made for any reason, Engine will wait and attempt again this number of times. By default, will retry 2 times (so 3 total attempts). #### `DATABASE_RETRY_WAIT` @@ -242,7 +245,8 @@ The password for the keystore file itself. If you don't want to use an environme #### `KEYSTORE_KEYPASS` -The password for the keys within the keystore, including the server certificate and the secret encryption key. If you don't want to use an environment variable to store sensitive information like this, look at the [Using Docker Secrets](#using-docker-secrets) section below. +The password for the keys within the keystore, including the server certificate and the secret encryption key. If you don't want to use an environment variable to store sensitive information like this, +look at the [Using Docker Secrets](#using-docker-secrets) section below. #### `KEYSTORE_TYPE` @@ -252,7 +256,8 @@ The type of keystore. #### `SESSION_STORE` -If set to true, the web server sessions are stored in the database. This can be useful in situations where you have multiple Connect servers (connecting to the same database) clustered behind a load balancer. +If set to true, the web server sessions are stored in the database. This can be useful in situations where you have multiple Engine servers (connecting to the same database) clustered behind a load +balancer. #### `VMOPTIONS` @@ -264,27 +269,30 @@ A comma-separated list of JVM command-line options to place in the `.vmoptions` #### `DELAY` -This tells the entrypoint script to wait for a certain amount of time (in seconds). The entrypoint script will automatically use a command-line SQL client to check connectivity and wait until the database is up before starting Connect, but only when using PostgreSQL or MySQL. If you are using Oracle or SQL Server and the database is being started up at the same time as Connect, you may want to use this option to tell Connect to wait a bit to allow the database time to startup. +This tells the entrypoint script to wait for a certain amount of time (in seconds). The entrypoint script will automatically use a command-line SQL client to check connectivity and wait until the +database is up before starting Engine, but only when using PostgreSQL or MySQL. If you are using Oracle or SQL Server and the database is being started up at the same time as Engine, you may want +to use this option to tell Engine to wait a bit to allow the database time to startup. #### `KEYSTORE_DOWNLOAD` -A URL location of a Connect keystore file. This file will be downloaded into the container and Connect will use it as its keystore. +A URL location of a Engine keystore file. This file will be downloaded into the container and Engine will use it as its keystore. #### `EXTENSIONS_DOWNLOAD` -A URL location of a zip file containing Connect extension zip files. The extensions will be installed on the Connect server. +A URL location of a zip file containing Engine extension zip files. The extensions will be installed on the Engine server. #### `CUSTOM_JARS_DOWNLOAD` -A URL location of a zip file containing JAR files. The JAR files will be installed into the `server-launcher-lib` folder on the Connect server, so they will be added to the server's classpath. +A URL location of a zip file containing JAR files. The JAR files will be installed into the `server-launcher-lib` folder on the Engine server, so they will be added to the server's classpath. #### `ALLOW_INSECURE` -Allow insecure SSL connections when downloading files during startup. This applies to keystore downloads, plugin downloads, and server library downloads. By default, insecure connections are disabled but you can enable this option by setting `ALLOW_INSECURE=true`. +Allow insecure SSL connections when downloading files during startup. This applies to keystore downloads, plugin downloads, and server library downloads. By default, insecure connections are disabled, +but you can enable this option by setting `ALLOW_INSECURE=true`. #### `SERVER_ID` @@ -296,7 +304,8 @@ Set the `server.id` to a specific value. Use this to preserve or set the server ### Other mirth.properties options [↑](#top) -Other options in the mirth.properties file can also be changed. Any environment variable starting with the `_MP_` prefix will set the corresponding value in mirth.properties. Replace `.` with a single underscore `_` and `-` with two underscores `__`. +Other options in the mirth.properties file can also be changed. Any environment variable starting with the `_MP_` prefix will set the corresponding value in mirth.properties. Replace `.` with a single +underscore `_` and `-` with two underscores `__`. Examples: @@ -317,7 +326,8 @@ Examples: ## Using Docker Secrets [↑](#top) -For sensitive information such as the database/keystore credentials, instead of supplying them as environment variables you can use a [Docker Secret](https://docs.docker.com/engine/swarm/secrets/). There are two secret names this image supports: +For sensitive information such as the database/keystore credentials, instead of supplying them as environment variables you can use a [Docker Secret](https://docs.docker.com/engine/swarm/secrets/). +There are two secret names this image supports: ##### mirth_properties @@ -329,7 +339,7 @@ If present, any JVM options in this secret will be appended onto the mcserver.vm ------------ -Secrets are supported with [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/), but you can also use them with [`docker-compose`](#using-docker-compose). +Secrets are supported with [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/), but you can also use them with [`docker compose`](#using-docker-compose). For example let's say you wanted to set `keystore.storepass` and `keystore.keypass` in a secure way. You could create a new file, **secret.properties**: @@ -338,20 +348,20 @@ keystore.storepass=changeme keystore.keypass=changeme ``` -Then in your YAML docker-compose stack file: +Then in your `compose.yaml`: ```yaml -version: '3.1' services: - mc: + engine: image: openintegrationengine/engine environment: - VMOPTIONS=-Xmx512m secrets: - mirth_properties ports: - - 8080:8080/tcp - - 8443:8443/tcp + - "8080:8080/tcp" + - "8443:8443/tcp" + secrets: mirth_properties: file: /local/path/to/secret.properties @@ -359,7 +369,7 @@ secrets: The **secrets** section at the bottom specifies the local file location for each secret. Change `/local/path/to/secret.properties` to the correct local path and filename. -Inside the configuration for the Connect container there is also a **secrets** section that lists the secrets you want to include for that container. +Inside the configuration for the Engine container there is also a **secrets** section that lists the secrets you want to include for that container. ------------ @@ -369,23 +379,25 @@ Inside the configuration for the Connect container there is also a **secrets** s #### The appdata folder [↑](#top) -The application data directory (appdata) stores configuration files and temporary data created by Connect after starting up. This usually includes the keystore file and the `server.id` file that stores your server ID. If you are launching Connect as part of a stack/swarm, it's possible the container filesystem is already being preserved. But if not, you may want to consider mounting a **volume** to preserve the appdata folder. +The application data directory (appdata) stores configuration files and temporary data created by Engine after starting up. This usually includes the keystore file and the `server.id` file that stores +your server ID. If you are launching Engine as part of a stack/swarm, it's possible the container filesystem is already being preserved. But if not, you may want to consider mounting a **volume** to +preserve the appdata folder. ```bash -docker run -v /local/path/to/appdata:/opt/connect/appdata -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +docker run -v /local/path/to/appdata:/opt/engine/appdata -p 8443:8443 openintegrationengine/engine ``` -The `-v` option makes a local directory from your filesystem available to the Docker container. Create a folder on your local filesystem, then change the `/local/path/to/appdata` part in the example above to the correct local path. +The `-v` option makes a local directory from your filesystem available to the Docker container. Create a folder on your local filesystem, then change the `/local/path/to/appdata` part in the example +above to the correct local path. -You can also configure volumes as part of your docker-compose YAML stack file: +You can also configure volumes as part of your `compose.yaml`: ```yaml -version: '3.1' services: - mc: + engine: image: openintegrationengine/engine volumes: - - ~/Documents/appdata:/opt/connect/appdata + - ~/Documents/appdata:/opt/engine/appdata ``` ------------ @@ -393,21 +405,23 @@ services: #### Additional extensions [↑](#top) -The entrypoint script will automatically look for any ZIP files in the `/opt/connect/custom-extensions` folder and unzip them into the extensions folder before Connect starts up. So to launch Connect with any additional extensions not included in the base application, do this: +The entrypoint script will automatically look for any `.zip` files in the `/opt/engine/custom-extensions` folder and unzip them into the extensions folder before Engine starts up. +So to launch Engine with any additional extensions not included in the base application, do this: ```bash -docker run -v /local/path/to/custom-extensions:/opt/connect/custom-extensions -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre +docker run -v /local/path/to/custom-extensions:/opt/engine/custom-extensions -p 8443:8443 openintegrationengine/engine:latest-ubuntu-jre ``` Create a folder on your local filesystem containing the ZIP files for your additional extensions. Then change the `/local/path/to/custom-extensions` part in the example above to the correct local path. -As with the appdata example, you can also configure this volume as part of your docker-compose YAML file. +As with the appdata example, you can also configure this volume as part of your `compose.yaml`. ------------ ## Known Limitations -Currently, only the Debian flavored images support the newest authentication scheme in MySQL 8. All others (the Alpine based images) will need the following to force the MySQL database container to start using the old authentication scheme: +Currently, only the Debian flavored images support the newest authentication scheme in MySQL 8. All others (the Alpine based images) will need the following to force the MySQL database container to +start using the old authentication scheme: ```yaml command: --default-authentication-plugin=mysql_native_password @@ -437,4 +451,5 @@ docker compose build --build-arg CREATED_AT=$(date -u +"%Y-%m-%dT%H:%M:%SZ") # License [↑](#top) -The Dockerfiles, entrypoint script, and any other files used to build these Docker images are Copyright © NextGen Healthcare and OpenIntegrationEngine contributors. They are licensed under the [Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/). +The Dockerfiles, entrypoint script, and any other files used to build these Docker images are Copyright © NextGen Healthcare and OpenIntegrationEngine contributors. +They are licensed under the [Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/). diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 4cce425..b65855b 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -1,7 +1,6 @@ # syntax=docker/dockerfile:1 -ARG ALPINE_TAG -ARG UBUNTU_TAG +ARG BASE_IMAGE_TAG ARG OIE_RELEASE_VERSION @@ -35,13 +34,11 @@ RUN rm -rf cli-lib manager-lib \ RUN chown -R ${UID}:${GID} /opt/engine + ########################################## -# -# Alpine Images -# +# Alpine based Images ########################################## - -FROM eclipse-temurin:$ALPINE_TAG AS alpine +FROM eclipse-temurin:$BASE_IMAGE_TAG AS alpine ARG UID ARG GID @@ -60,27 +57,23 @@ LABEL "org.opencontainers.image.authors"="The Open Integration Engine Project an "org.opencontainers.image.version"="${OIE_RELEASE_VERSION?:}" COPY --from=downloader /opt/engine /opt/engine - RUN apk add --no-cache bash \ - && adduser -D -H -u $UID engine engine # Create both group and user "engine" at the same time + && adduser -D -H -u $UID engine engine VOLUME /opt/engine/appdata VOLUME /opt/engine/custom-extensions -WORKDIR /opt/engine +WORKDIR /opt/engine EXPOSE 8443 - USER engine + ENTRYPOINT ["./entrypoint.sh"] CMD ["./oieserver"] ########################################## -# -# Ubuntu Image -# +# Ubuntu based Images ########################################## - -FROM eclipse-temurin:$UBUNTU_TAG AS ubuntu +FROM eclipse-temurin:$BASE_IMAGE_TAG AS ubuntu ARG UID ARG GID @@ -99,16 +92,16 @@ LABEL "org.opencontainers.image.authors"="The Open Integration Engine Project an "org.opencontainers.image.version"="${OIE_RELEASE_VERSION?:}" COPY --from=downloader /opt/engine /opt/engine - RUN groupadd --gid ${GID} engine \ && useradd -u ${UID} -g ${GID} -M engine VOLUME /opt/engine/appdata VOLUME /opt/engine/custom-extensions -WORKDIR /opt/engine +WORKDIR /opt/engine EXPOSE 8443 - USER engine + ENTRYPOINT ["./entrypoint.sh"] CMD ["./oieserver"] + diff --git a/deploy/compose.yaml b/deploy/compose.yaml index 18ddc53..aa3e6f9 100644 --- a/deploy/compose.yaml +++ b/deploy/compose.yaml @@ -7,9 +7,8 @@ services: dockerfile: Dockerfile target: ubuntu context: . - args: &jdk-args - UBUNTU_TAG: ${UBUNTU_JDK_TAG:?} - ALPINE_TAG: ${ALPINE_JDK_TAG:?} + args: + BASE_IMAGE_TAG: ${UBUNTU_JDK_TAG:?} OIE_RELEASE_VERSION: ${OIE_RELEASE_VERSION:?} OIE_RELEASE_URL: ${OIE_RELEASE_URL:?} platforms: &platforms @@ -25,9 +24,8 @@ services: dockerfile: Dockerfile target: ubuntu context: . - args: &jre-tags - UBUNTU_TAG: ${UBUNTU_JRE_TAG:?} - ALPINE_TAG: ${ALPINE_JRE_TAG:?} + args: + BASE_IMAGE_TAG: ${UBUNTU_JRE_TAG:?} OIE_RELEASE_VERSION: ${OIE_RELEASE_VERSION:?} OIE_RELEASE_URL: ${OIE_RELEASE_URL:?} platforms: *platforms @@ -43,7 +41,10 @@ services: dockerfile: Dockerfile target: alpine context: . - args: *jdk-args + args: + BASE_IMAGE_TAG: ${ALPINE_JDK_TAG:?} + OIE_RELEASE_VERSION: ${OIE_RELEASE_VERSION:?} + OIE_RELEASE_URL: ${OIE_RELEASE_URL:?} platforms: *platforms tags: - openintegrationengine/engine:latest-alpine-jdk @@ -55,7 +56,10 @@ services: dockerfile: Dockerfile target: alpine context: . - args: *jre-tags + args: + BASE_IMAGE_TAG: ${ALPINE_JRE_TAG:?} + OIE_RELEASE_VERSION: ${OIE_RELEASE_VERSION:?} + OIE_RELEASE_URL: ${OIE_RELEASE_URL:?} platforms: *platforms tags: - openintegrationengine/engine:latest From 23589e3496057927e14705bf8ab6d22a985e3b13 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 1 Jul 2025 23:21:46 +0300 Subject: [PATCH 4/4] Add "unzip" to images Signed-off-by: Kaur Palang --- deploy/Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/deploy/Dockerfile b/deploy/Dockerfile index b65855b..cceff2b 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -57,7 +57,8 @@ LABEL "org.opencontainers.image.authors"="The Open Integration Engine Project an "org.opencontainers.image.version"="${OIE_RELEASE_VERSION?:}" COPY --from=downloader /opt/engine /opt/engine -RUN apk add --no-cache bash \ + +RUN apk add --no-cache bash unzip \ && adduser -D -H -u $UID engine engine VOLUME /opt/engine/appdata @@ -92,7 +93,11 @@ LABEL "org.opencontainers.image.authors"="The Open Integration Engine Project an "org.opencontainers.image.version"="${OIE_RELEASE_VERSION?:}" COPY --from=downloader /opt/engine /opt/engine -RUN groupadd --gid ${GID} engine \ + +RUN apt-get update \ + && apt-get install -y unzip \ + && rm -rf /var/lib/apt/lists/* \ + && groupadd --gid ${GID} engine \ && useradd -u ${UID} -g ${GID} -M engine VOLUME /opt/engine/appdata