FHIR Reverse Proxy

Purpose

The DSF FHIR Reverse Proxy is the externally reachable Apache HTTP Server based front for the FHIR Server. It terminates TLS, performs client certificate authentication for inbound DSF-to-DSF traffic, optionally accepts OIDC bearer tokens for human users, and forwards authenticated requests to the FHIR Server backend. It is the only component of a DSF instance that should be exposed to the public internet.

Docker Image

• Registry: ghcr.io/datasharingframework/fhir_proxy
• Tag for this release: 2.1.0

Verify Image Signature

Verify the signed image before deploying. See How to Verify Image Signatures for prerequisites, SBOM verification, and troubleshooting.

cosign verify \
  ghcr.io/datasharingframework/fhir_proxy:2.1.0@sha256:9f11a3580c970314532f5951808be6fe72f1de7d53348e625d2dd0c95bcf1d96 \
  --certificate-identity-regexp "https://github.com/datasharingframework/dsf/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

Useful Pages

• Configuration Parameters
• How to Verify Image Signatures