Installation Guide

Get all the information you need to set up und run sublimd.

Prerequisites

  • Server instance with at least 2 x 2 GHz CPU (Dual Core) and 4 GB RAM
  • Installation of Docker Community Edition with ability to run Linux containers

Basic Installation

  1. Extract the contents of the file XY-XYZ-X.X.X.zip to a directory, open a terminal and navigate to this directory

  2. Open the file .env with a text editor and modify the following properties according to your preferences:

  • MYSQL_ROOT_PASSWORD: The password of the MySQL root user
  • MYSQL_USER: The name of the MySQL user
  • MYSQL_PASSWORD: The password of the MySQL user
  • JWT_SECRET_KEY: Secret key to sign JSON Web Tokens (JWT). These tokens are used to authenticate users in sublimd. Use a random key for this.
    ⚠️ Caution: If this key is changed, all tokens (including tokens used by api users) become invalid and users have to log in again.
  1. Open the file docker-compose.yml and modify the following variable:
  • services
    • sublimd
      • environment: Set VIRTUAL_HOST to the virtual host or IP address of sublimd, e.g. sublimd.krankenhaus.ch
  1. Build the Docker images

    Run docker-compose build

  2. Run the Docker containers

    Run docker-compose up -d

  3. Open a browser and go to the sublimd url http://localhost/app (or http://<ip-address-of-machine>/app)

  4. Log in with the default credentials admin : admin123

  5. The url of the patient application (for sublimd Check In) can be found by opening the menu and then going to Einstellungen -> Organisation -> Check-in URL

Change default password of users

  1. Log in with the the default credentials admin : admin123
  2. Open the menu and go to Benutzerkonto
  3. Change the password of the admin user
  4. Open the menu and go to Benutzerkonten
  5. Change the passwords of all other users

Set up SSL (Secure Sockets Layer)

  1. Copy the SSL certificate and key to the folder certificates inside the sublimd directory (the directory where you unpacked the bundle). The certificate and key must have the name of the virtual host (the same as the value of VIRTUAL_HOST defined in the chapter Basic Installation), followed by .crt and .key. For example, a container with a virtual host of sublimd.krankenhaus.ch must have a sublimd.krankenhaus.ch.crt and sublimd.krankenhaus.ch.key file in the certificates directory. Important: There must not be a passphrase in the cerficate and key file.

  2. Build the Docker images

    Run docker-compose build

  3. Run the Docker containers

    Run docker-compose up -d

Set up Active Directory

  1. Open the file .env and modify the following properties:
  • ACTIVE_DIRECTORY_URL: The url of Active Directory
  • ACTIVE_DIRECTORY_BASE_DN: The Active Directory Base DN, e.g. ou=users,dc=xyz,dc=ch
  • ACTIVE_DIRECTORY_USERNAME: The name of the Active Directory service user
  • ACTIVE_DIRECTORY_PASSWORD: The password of the Active Directory service user
  • ACTIVE_DIRECTORY_USERNAME_QUERY: The query that is used to find a specific user, e.g.: (sAMAccountName={userName}) The placeholder {userName} is replaced with the actual user name that was entered in the sublimd login mask.
  1. Build the Docker images Run docker-compose build

  2. Run the Docker containers Run docker-compose up -d

Run with multiple nodes

This step is needed to make use of multiple CPU cores and increase performance.

  1. Run docker-compose up --scale sublimd=2 to start the application with two (or any other number) nodes of sublimd

Setup sublimd Analytics

If you install sublimd with docker-compose for the first time, no action is needed. If, however, you use an existing MySQL container, the sublimd MySQL user must be granted access to the database sublimd_pre_aggregations. Please execute the following command in your MySQL console:

GRANT ALL PRIVILEGES ON sublimd_pre_aggregations.* TO 'user'@'%';

Set up sublimd API

  1. Open a browser and go to the sublimd URL http://localhost/app (or http://<ip-address-of-machine>/app)

  2. Log in with the credentials api : api123 (or the new password if you have changed it)

  3. Open the menu and go to Benutzerkonto

  4. Copy the content of Request Headers - Authorization to get a valid authorization token for the sublimd API

Bearer eyJhb...
  1. You can now send messages to the sublimd API with the following specification:
HTTP
Request URL: http://<ip-address-of-machine>/api/endpoint
Request Method: POST
Request Headers:
• "Authorization": "Bearer eyJhb..."
• "Content-Type": "application/json"
Request Body (JSON):
{
  "xyz": "12345"
}
Successful Response
HTTP Status: 200 OK

Set up HL7 ADT Interface

You can test the interface with the following HL7 ADT message:

HTTP
Request URL: http://<ip-address-of-machine>/api/v1/hl7
Request Method: POST
Request Headers:
• "Authorization": "Bearer eyJhb..."
• "Content-Type": "application/json"
Request Body (JSON):
{
  "xyz": "12345"
}

HTTP
Request URL: http://<ip-address-of-machine>/api/v1/hl7
Request Method: POST
Request Headers:
• "Authorization": "Bearer eyJhb..."
• "Content-Type": "application/json"
Request Body (JSON):
{
  "hl7Message": "MSH|^~\&|0011|SAPHL7..."
}
Successful Response
HTTP Status: 200 OK

Set up an Internet-facing public zone with restricted access to the sublimd API

  1. Open the file docker-compose.yml and create a duplicate of the service nginx-proxy

  2. Rename the duplicate service from nginx-proxy to nginx-public-proxy

  3. In nginx-public-proxy, define the ports that should receive traffic from the public zone, e.g.

- 1080:80
- 10443:443
  1. Add the following volumes to nginx-public-proxy to restrict access to the sublimd API:
  • ./assets/files/nginx-configuration/public-zone-default-location.conf:/etc/nginx/vhost.d/default_location
  • ./assets/files/nginx-configuration/public-zone-header.conf:/etc/nginx/conf.d/header.conf

Resources

Docker

Tools

Portainer

Build and manage your Docker environments with ease: portainer.io

Commands

Logs

Show logs of a specific Docker container from the last 24 hours

docker logs --since 24h CONTAINER_ID

Search logs of a specific Docker container from the last 24 hours for “search-term”

docker logs --since 24h CONTAINER_ID | grep 'search-term'