Configuration Parameters

DSF-TeamAbout 5 min

DEV_DSF_FHIR_CLIENT_CERTIFICATE

Property: dev.dsf.fhir.client.certificate
Required: Yes
Description: PEM encoded file with local client certificate for https connections to remote DSF FHIR servers
Recommendation: Use docker secret file to configure
Example: /run/secrets/app_client_certificate.pem

DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY

Property: dev.dsf.fhir.client.certificate.private.key
Required: Yes
Description: Private key corresponding to the local client certificate as PEM encoded file. Use DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD or DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE if private key is encrypted
Recommendation: Use docker secret file to configure
Example: /run/secrets/app_client_certificate_private_key.pem

DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD or DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE

Property: dev.dsf.fhir.client.certificate.private.key.password
Required: No
Description: Password to decrypt the local client certificate encrypted private key
Recommendation: Use docker secret file to configure using DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE
Example: /run/secrets/app_client_certificate_private_key.pem.password

DEV_DSF_FHIR_CLIENT_TIMEOUT_CONNECT

Property: dev.dsf.fhir.client.timeout.connect
Required: No
Description: Timeout in milliseconds until a connection is established between this DSF FHIR server and a remote DSF FHIR server
Recommendation: Change default value only if timeout exceptions occur
Default: 2000

DEV_DSF_FHIR_CLIENT_TIMEOUT_READ

Property: dev.dsf.fhir.client.timeout.read
Required: No
Description: Timeout in milliseconds until a reading a resource from a remote DSF FHIR server is aborted
Recommendation: Change default value only if timeout exceptions occur
Default: 10000

DEV_DSF_FHIR_CLIENT_TRUST_SERVER_CERTIFICATE_CAS

Property: dev.dsf.fhir.client.trust.server.certificate.cas
Required: Yes
Description: PEM encoded file with one or more trusted root certificates to validate server certificates for https connections to remote DSF FHIR servers
Recommendation: Use docker secret file to configure
Example: /run/secrets/app_client _trust_certificates.pem

DEV_DSF_FHIR_CLIENT_VERBOSE

Property: dev.dsf.fhir.client.verbose
Required: No
Description: To enable verbose logging of requests to and replies from remote DSF FHIR servers, set to true
Default: false

DEV_DSF_FHIR_DB_LIQUIBASE_FORCEUNLOCK

Property: dev.dsf.fhir.db.liquibase.forceUnlock
Required: No
Description: To force liquibase to unlock the migration lock set to true
Recommendation: Only use this option temporarily to unlock a stuck DB migration step
Default: false

DEV_DSF_FHIR_DB_LIQUIBASE_LOCKWAITTIME

Property: dev.dsf.fhir.db.liquibase.lockWaitTime
Required: No
Description: Liquibase change lock wait time in minutes, default 2 minutes
Default: 2

DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD or DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE

Property: dev.dsf.fhir.db.liquibase.password
Required: Yes
Description: The password to access the database from the DSF FHIR server to execute database migrations
Recommendation: Use docker secret file to configure by using DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE
Example: /run/secrets/db_liquibase.password

DEV_DSF_FHIR_DB_LIQUIBASE_USERNAME

Property: dev.dsf.fhir.db.liquibase.username
Required: No
Description: The user name to access the database from the DSF FHIR server to execute database migrations
Default: liquibase_user

DEV_DSF_FHIR_DB_URL

Property: dev.dsf.fhir.db.url
Required: Yes
Description: Address of the database used for the DSF FHIR server
Recommendation: Change only if you don't use the provided docker-compose from the installation guide or made changes to the database settings/networking in the docker-compose
Example: jdbc:postgresql://db/fhir

DEV_DSF_FHIR_DB_USER_GROUP

Property: dev.dsf.fhir.db.user.group
Required: No
Description: The name of the user group to access the database from the DSF FHIR server
Default: fhir_users

DEV_DSF_FHIR_DB_USER_PASSWORD or DEV_DSF_FHIR_DB_USER_PASSWORD_FILE

Property: dev.dsf.fhir.db.user.password
Required: Yes
Description: Password to access the database from the DSF FHIR server
Recommendation: Use docker secret file to configure using DEV_DSF_FHIR_DB_USER_PASSWORD_FILE
Example: /run/secrets/db_user.password

DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_GROUP

Property: dev.dsf.fhir.db.user.permanent.delete.group
Required: No
Description: The name of the user group to access the database from the DSF FHIR server for permanent deletes
Default: fhir_permanent_delete_users

DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD or DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE

Property: dev.dsf.fhir.db.user.permanent.delete.password
Required: Yes
Description: Password to access the database from the DSF FHIR server for permanent deletes
Recommendation: Use docker secret file to configure using DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE
Example: /run/secrets/db_user_permanent_delete.password

DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_USERNAME

Property: dev.dsf.fhir.db.user.permanent.delete.username
Required: No
Description: Username to access the database from the DSF FHIR server for permanent deletes
Recommendation: Use a different user then DEV_DSF_FHIR_DB_USER_USERNAME
Default: fhir_server_permanent_delete_user

DEV_DSF_FHIR_DB_USER_USERNAME

Property: dev.dsf.fhir.db.user.username
Required: No
Description: Username to access the database from the DSF FHIR server
Default: fhir_server_user

DEV_DSF_FHIR_DEBUG_LOG_MESSAGE_CURRENTUSER

Property: dev.dsf.fhir.debug.log.message.currentUser
Required: No
Description: To enable logging of the currently requesting user set to true.
Recommendation: This debug function should only be activated during development. WARNNING: Confidential information may be leaked via the debug log!
Default: false

DEV_DSF_FHIR_DEBUG_LOG_MESSAGE_DBSTATEMENT

Property: dev.dsf.fhir.debug.log.message.dbStatement
Required: No
Description: To enable logging of DB queries set to true.
Recommendation: This debug function should only be activated during development. WARNNING: Confidential information may be leaked via the debug log!
Default: false

DEV_DSF_FHIR_DEBUG_LOG_MESSAGE_WEBSERVICEREQUEST

Property: dev.dsf.fhir.debug.log.message.webserviceRequest
Required: No
Description: To enable logging of webservices requests set to true.
Recommendation: This debug function should only be activated during development. WARNNING: Confidential information may be leaked via the debug log!
Default: false

DEV_DSF_FHIR_SERVER_BASE_URL

Property: dev.dsf.fhir.server.base.url
Required: Yes
Description: Base address of this DSF FHIR server to read/store fhir resources
Example: https://foo.bar/fhir

DEV_DSF_FHIR_SERVER_INIT_BUNDLE

Property: dev.dsf.fhir.server.init.bundle
Required: No
Description: Fhir bundle containing the initial Allow-List, loaded on startup of the DSF FHIR server
Recommendation: Change only if you don't use the provided files from the installation guide, have local changes in the Allow-List or received an Allow-List from another source
Default: conf/bundle.xml

DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE

Property: dev.dsf.fhir.server.organization.identifier.value
Required: Yes
Description: Local identifier value used in the Allow-List
Recommendation: By convention: The shortest possible FQDN that resolve the homepage of the organization
Example: hospital.com

DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT

Property: dev.dsf.fhir.server.organization.thumbprint
Required: Yes
Description: The SHA-512 thumbprint of the local organization client certificate
Recommendation: The thumbprint can be calculated via certtool --fingerprint --hash=sha512 --infile=client_certificate.pem

DEV_DSF_FHIR_SERVER_PAGE_COUNT

Property: dev.dsf.fhir.server.page.count
Required: No
Description: Page size returned by the DSF FHIR server when reading/searching fhir resources
Default: 20

DEV_DSF_FHIR_SERVER_ROLECONFIG

Property: dev.dsf.fhir.server.roleConfig
Required: No
Description: Role config YAML as defined in FHIR Server: Access Control.

DEV_DSF_FHIR_SERVER_STATIC_RESOURCE_CACHE

Property: dev.dsf.fhir.server.static.resource.cache
Required: No
Description: To disable static resource caching, set to false
Recommendation: Only set to false for development
Default: true

DEV_DSF_FHIR_SERVER_UI_THEME

Property: dev.dsf.fhir.server.ui.theme
Required: No
Description: UI theme parameter, adds a color indicator to the ui to distinguish dev, test and prod environments im configured; supported values: dev, test and prod

DEV_DSF_PROXY_NOPROXY

Property: dev.dsf.proxy.noProxy
Required: No
Description: Forward proxy no-proxy list, entries will match exactly or agianst (one level) sub-domains, if no port is specified - all ports are matched; comma or space separated list, YAML block scalars supported
Example: foo.bar, test.com:8080

DEV_DSF_PROXY_PASSWORD or DEV_DSF_PROXY_PASSWORD_FILE

Property: dev.dsf.proxy.password
Required: No
Description: Forward Proxy password
Recommendation: Configure password if proxy requires authentication, use docker secret file to configure using DEV_DSF_PROXY_PASSWORD_FILE

DEV_DSF_PROXY_URL

Property: dev.dsf.proxy.url
Required: No
Description: Forward (http/https) proxy url, use DEV_DSF_BPE_PROXY_NOPROXY to list domains that do not require a forward proxy
Example: http://proxy.foo:8080

DEV_DSF_PROXY_USERNAME

Property: dev.dsf.proxy.username
Required: No
Description: Forward proxy username
Recommendation: Configure username if proxy requires authentication

DEV_DSF_SERVER_API_HOST

Property: dev.dsf.server.api.host
Required: Yes
Description: API connector host, default in docker image: 0.0.0.0
Default: 127.0.0.1

DEV_DSF_SERVER_API_PORT

Property: dev.dsf.server.api.port
Required: Yes
Description: API connector port, default in docker image: 8080

DEV_DSF_SERVER_AUTH_CLIENT_CERTIFICATE_HEADER

Property: dev.dsf.server.auth.client.certificate.header
Required: Yes
Description: Name of HTTP header with client certificate from reverse proxy
Default: X-ClientCert

DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW

Property: dev.dsf.server.auth.oidc.authorization.code.flow
Required: No
Description: Set to true to enable OIDC authorization code flow
Recommendation: Requires DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL, DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID and DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET to be specified
Default: false

DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT

Property: dev.dsf.server.auth.oidc.back.channel.logout
Required: No
Description: Set to true to enable OIDC back-channel logout
Recommendation: Requires DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW to be set to true (enabled), DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID and DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT_PATH to be specified
Default: false

DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT_PATH

Property: dev.dsf.server.auth.oidc.back.channel.logout.path
Required: No
Description: Path called by the OIDC provide to request back-channel logout
Default: /back-channel-logout

DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN

Property: dev.dsf.server.auth.oidc.bearer.token
Required: No
Description: Set to true to enable OIDC bearer token authentication
Recommendation: Requires DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL to be specified
Default: false

DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID

Property: dev.dsf.server.auth.oidc.client.idopen in new window
Required: No
Description: OIDC provider client_id, must be specified if DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW is enabled

DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET

Property: dev.dsf.server.auth.oidc.client.secret
Required: No
Description: OIDC provider client_secret, must be specified if DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW is enabled

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE

Property: dev.dsf.server.auth.oidc.provider.client.certificate
Required: No
Description: PEM encoded file with client certificate for https connections to the OIDC provider
Recommendation: Use docker secret file to configure
Example: /run/secrets/oidc_provider_client_certificate.pem

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE_PRIVATE_KEY

Property: dev.dsf.server.auth.oidc.provider.client.certificate.private.key
Required: No
Description: Private key corresponding to the client certificate for the OIDC provider as PEM encoded file. Use DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD or DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE if private key is encrypted
Recommendation: Use docker secret file to configure
Example: /run/secrets/oidc_provider_client_certificate_private_key.pem

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD or DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE

Property: dev.dsf.server.auth.oidc.provider.client.certificate.private.key.password
Required: No
Description: Password to decrypt the client certificate for the OIDC provider encrypted private key
Recommendation: Use docker secret file to configure using DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE
Example: /run/secrets/oidc_provider_client_certificate_private_key.pem.password

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CONNECTTIMEOUT

Property: dev.dsf.server.auth.oidc.provider.client.connectTimeout
Required: No
Description: OIDC provider client connect timeout in milliseconds
Default: 5000

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_IDLETIMEOUT

Property: dev.dsf.server.auth.oidc.provider.client.idleTimeout
Required: No
Description: OIDC provider client idle timeout in milliseconds
Default: 30000

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS

Property: dev.dsf.server.auth.oidc.provider.client.trust.server.certificate.cas
Required: No
Description: PEM encoded file with one or more trusted root certificates to validate server certificates for https connections to the OIDC provider
Recommendation: Use docker secret file to configure
Example: /run/secrets/oidc_provider_trust_certificates.pem

DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL

Property: dev.dsf.server.auth.oidc.provider.realm.base.url
Required: No
Description: OIDC provider realm base url
Example: https://keycloak.test.com:8443/realms/example-realm-name

DEV_DSF_SERVER_AUTH_TRUST_CLIENT_CERTIFICATE_CAS

Property: dev.dsf.server.auth.trust.client.certificate.cas
Required: Yes
Description: PEM encoded file with one or more trusted root certificates to validate client certificates for https connections from local and remote clients
Recommendation: Use docker secret file to configure
Example: /run/secrets/app_client_trust_certificates.pem

DEV_DSF_SERVER_CERTIFICATE

Property: dev.dsf.server.certificate
Required: No
Description: Server certificate file for testing
Recommendation: Only specify For testing when terminating TLS in jetty server

DEV_DSF_SERVER_CERTIFICATE_CHAIN

Property: dev.dsf.server.certificate.chain
Required: No
Description: Server certificate chain file for testing
Recommendation: Only specify For testing when terminating TLS in jetty server

DEV_DSF_SERVER_CERTIFICATE_KEY

Property: dev.dsf.server.certificate.key
Required: No
Description: Server certificate private key file for testing
Recommendation: Only specify For testing when terminating TLS in jetty server

DEV_DSF_SERVER_CERTIFICATE_KEY_PASSWORD or DEV_DSF_SERVER_CERTIFICATE_KEY_PASSWORD_FILE

Property: dev.dsf.server.certificate.key.password
Required: No
Description: Server certificate private key file password for testing
Recommendation: Only specify For testing when terminating TLS in jetty server

DEV_DSF_SERVER_CONTEXT_PATH

Property: dev.dsf.server.context.path
Required: Yes
Description: Web application context path, default in bpe docker image: /bpe, default in fhir docker image: /fhir
Recommendation: Only modify for testing

DEV_DSF_SERVER_STATUS_HOST

Property: dev.dsf.server.status.host
Required: Yes
Description: Status connector host
Default: 127.0.0.1

DEV_DSF_SERVER_STATUS_PORT

Property: dev.dsf.server.status.port
Required: Yes
Description: Status connector port, default in docker image: 10000