Using Docker Containers
Last updated
Last updated
SanteDB provides several docker containers for SanteDB solutions and services. The docker containers are structured as illustrated.
The docker containers all use the mono:latest as their root container.
santedb_icdr: The generic SanteDB iCDR project running as a docker container with FHIR, HL7, caching, PostgreSQL database support, and everything needed to get the iCDR running quickly.
santedb_mpi: The generic iCDR project with the SanteGuard and SanteMPI plugins enabled.
santedb_dcdr: The disconnected dCDR project
SanteDB iCDR and dCDR images use the Mono Framework to operate. Depending on your host environment, you may need to modify the MONO_THREADS_PER_CPU environment variable for the iCDR and dCDR if the default thread pool (accessed via the Probesscreen in the portal) indicates a small number of threads available.
The container structure is as follows:
/santedb - Directory which contains the application code for SanteDB
/santedb/docker.lastconfig - The configuration file (in XML form) which represents the computed configuration file for the last run of the docker host.
/santedb/data - Data seeding directory in Dataset format
/santedb/data/fhir - Data seeding for FHIR files (JSON or XML)
/santedb/applets - Application directory (where compile applets files should be)
/santedb/match - Directory for match configuration source files
/var/log/santedb_yyyyMMdd.log - SanteDB log file for current date
The docker containers are configured using environment variables. Features can be turned on/off using the environment variable SDB_FEATURE environment variable, for example, to enable the core features and ATNA audit shipping:
The features which are available for the default SanteDB docker container are:
Code | Feature |
LOG | Core data logging (see: Configuration Notes) |
DATA_POLICY | Data privacy enforcement (see: Configuration Notes) |
AUDIT_REPO | Internal security audit repository (see: Configuration Notes) |
ADO | Core Application Data Objects (ADO.NET) data persistence (see: Configuration Notes) |
PUBSUB_ADO | Publish / Subscribe Subsystem (see: Configuration Notes) |
RAMCACHE | In-Process Memory Cache (see: Configuration Notes) |
REDIS | REDIS based shared cache (see: Configuration Notes) |
SEC | Core Security Functions (PIP, PDP, PEP) |
SWAGGER | OpenAPI / Swagger Metadata Endpoint (see: Configuration Notes) |
OPENID | OAUTH 2.0 / OpenID IdP Provider (see: Configuration Notes) |
MDM | Master Data Management Functions (see: Configuration Notes) |
FHIR | HL7 FHIR Endpoint (see: Configuration Notes) |
HL7 | HL7 Version 2.x Endpoint (see: Configuration Notes) |
HDSI | Core Health Data Service Interface (see: Configuration Notes) |
AMI | Administrative Management Interface (see: Configuration Notes) |
BIS | Business Intelligence (reporting/query set/etc.) interface (see: Configuration Notes) |
MATCHING | Internal SanteDB Matching Engine (see: Configuration Notes) |
The location of your PostgreSQL server, and the database to use for the container can be specified with the connection string environment variables:
If you are using plugins which require additional named configuration parameters, prefix the configuration with SDB_DB_XXX where XXX is the ID of the connection string the plugin is expecting.
Components within SanteDB iCDR can be configured using environment variables. The syntax of these environment variables is SDB_FEATURE_SETTING , for example, the CACHE feature is configured as:
You can compose a minimal application with either the SanteDB-ICDR or SanteMPI instance using a docker-compose.yml file as shown.
Some directories in the docker image are useful for development purposes. For example, you can configure a volume which exposes a common configuration file set, or common applets. The volumes which can be expose (and their directories) can be done via:
The volumes which are of use for exposing to the host docker environment are:
Path | Use |
/santedb/data | Used for seeding data into the SanteDB instance. For example if you have a development environment where you'd like the same data seeded into the database on startup you can use this option. |
/santedb/config | Used for direct access to the configuration files. You should use this option if the environment variables for the docker instance are too restrictive. |
/santedb/applets | Used for loading applet files which contain user interfaces, BI reports, business rules, CDSS rules, etc. These applets should be digitally signed PAK files. |
/santedb/match | Stores the match configuration files for the SanteDB matching engine. These match configuration files control the weight, blocking, and classification subsystem for the default match algorithm. |
You can import additional configuration files and/or use the XML configuration subsystem by creating a new container which is based off the santedb-icdr docker image and including additional configuration files. To do this, collect your configuration file as myconfig.xml in a directory and create a new Dockerfile which starts using this as configuration file:
See the Adding Sample Data article for methods of seeding sample data into SanteMPI.
You can package business rules, business intelligence, and other asset files into your docker container by simply composing them into a PAK file and including them in the /santedb/applets/ directory.
Upon load, the SanteDB iCDR server will load your package files and will load any business rules files required.
In order to run a minimal SanteMPI application, you can exchange santedb-icdr with the santedb-mpi image, and apply the appropriate service configuration.
The SanteMPI container adds the following plugins to SanteDB which can be enabled/disabled with SDB_FEATURE:
Code | Feature |
IHE_PDQM | Enables the Patient Demographics Query for Mobile query parameters and extensions. |
IHE_PIXM | Enables the Patient Identity Cross Reference ( |
IHE_PMIR | Enables the Patient Master Identity Registry function ( |
IHE_PIX | Enables the IHE PIX (ITI-8 and ITI-9) interfaces for the MPI |
IHE_PDQ | Enables the IHE PDQ profile (ITI-21) for HL7v2 interface on the MPI. |
