Kodality Terminology Server can be installed by Helm charts.
Docker-compose installation contains 3 components: backend server, frontend application and database. In case you have your own DB instance you may omit terminology-postgres service from the YAML file and configure DB user/password for terminology server application in the server.env file.
docker-compose.yml
version: '3.9'
services:
terminology-server:
restart: unless-stopped
image: docker.kodality.com/terminology-server:latest
container_name: terminology-server
depends_on:
- terminology-postgres
env_file:
- server.env
healthcheck:
test: [ "CMD", "curl", "-f", "http://terminology-server:8200/health" ]
interval: 5s
timeout: 5s
retries: 60
ports:
- 8200:8200
mem_reservation: 2g
terminology-web:
restart: unless-stopped
image: docker.kodality.com/terminology-web:latest
container_name: terminology-web
depends_on:
- terminology-server
volumes:
- ./env.js:/usr/share/nginx/html/assets/env.js
ports:
- 9000:80
terminology-postgres:
restart: unless-stopped
image: postgres:14
container_name: terminology-postgres
volumes:
- ./pgdata:/var/lib/postgresql/data
env_file:
- pg.env
ports:
- 5432:5432
terminology-server and terminology-web docker tags are equal to version form release notes. TODO add link
pg.env - Postgres-related configuration for initial setup. You a free to change those values.
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_DB=postgres
server.env - Server environment variables.
DB_URL=jdbc:postgresql://terminology-postgres:5432/termserver #should be changed when postgres database is not defined in docker-compose.yml
DB_APP_PASSWORD=test #change to whatever you like
DB_ADMIN_PASSWORD=test #change to whatever you like
DB_POOL_SIZE=10 #default pool size
JAVA_OPTS=-Xmx1800m #default max heap size
OAUTH_JWKS_URL=https://auth.kodality.dev/realms/terminology/protocol/openid-connect/certs #JWKS url of your oauth SSO server
MICRONAUT_SERVER_CORS_ENABLED=true# for development only
SNOWSTORM_URL=https://snowstorm.kodality.dev/ #base url of snowstorm server
SNOWSTORM_USER=termserver-app #basic-auth username
SNOWSTORM_PASSWORD=xxxx #basic-auth password
env.js - Frontend config file.
twConfig = {
"oauthIssuer": 'https://auth.kodality.dev/realms/terminology', #your oauth SSO server issuer url
"oauthClientId": 'term-client' #your oauth client for terminology server
};
Run docker-compose with docker-compose up -d
It's expected that only Postgres service will be up and running since the terminology server has no connection to the database (it's not created). Let's connect to it and create database\users using the following command. Be sure to change admin and app user passwords according to server.env properties.
docker exec -i terminology-postgres psql -U postgres <<-EOSQL
CREATE ROLE termserver_admin LOGIN PASSWORD 'test' NOSUPERUSER INHERIT NOCREATEDB CREATEROLE NOREPLICATION;
CREATE ROLE termserver_app LOGIN PASSWORD 'test' NOSUPERUSER INHERIT NOCREATEDB CREATEROLE NOREPLICATION;
CREATE ROLE termserver_viewer NOLOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
CREATE DATABASE termserver WITH OWNER = termserver_admin ENCODING = 'UTF8' TABLESPACE = pg_default CONNECTION LIMIT = -1;
grant temp on database termserver to termserver_app;
grant connect on database termserver to termserver_app;
CREATE EXTENSION IF NOT EXISTS hstore schema public;
EOSQL
In case you are using an existing database, run SQL commands between EOSQL via sql console.
After DB is created, run docker-compose restart
and check for application server logs via docker logs -f terminology-server
. There should not be any errors or java stack traces. If you see a log line similar to this
13:08:57.472 [main] INFO io.micronaut.runtime.Micronaut - Startup completed in 7037ms. Server Running: http://2048db663c4b:8200
then the application is ready to receive requests from the browser.
Nginx reverse proxy config example
server {
server_name terminology.kodality.dev;
root /usr/share/nginx/html/;
index index.html index.htm;
location / {
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src auth.kodality.dev terminology.kodality.dev; frame-ancestors 'none'" always;
proxy_pass http://localhost:9000/;
}
location /api/ {
client_max_body_size 100M;
proxy_pass http://localhost:8200/;
}
location /swagger {
proxy_pass http://localhost:8200;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/terminology.kodality.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/terminology.kodality.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = terminology.kodality.dev) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name terminology.kodality.dev;
listen 80;
return 404; # managed by Certbot
}
server_name
value is the application domain where the application is running. Please make sure you are using SSL. Please change *.kodality.dev domain configurations with your own domain. 80 → 443 redirect is a must. auth.kodality.dev in this example is an SSO server domain.
There are three locations configured:
SSL certificates are managed by Certbot.
The terminology server requires authenticated users. Any authentication server supporting Open-Id connect should suffice. For our development, we are using Keycloak. Check official docs for setup. Check the example of the configuration.
Installing via Helm chart is also possible. Consider using Bitnami chart.
Snowstorm server serves SNOMED terminology and may be installed if you need SNOMED. Check Snowstorm installation and configuration documentation.