Production Deployment on AWS Lightsail

Infrastructure

Lightsail Instance (8 GB RAM, $40/month)
RDS PostgreSQL     (db.t4g.small, $25/month)
ECR               (container registry, ~$0.10/month)

Step 1 — Create RDS PostgreSQL

AWS Console → RDS → Create database:

Engine: PostgreSQL 16
Instance: db.t4g.small
DB name: ajsmart
Create two databases: smartfhir and hapifhir

Step 2 — Create Lightsail instance

OS: Ubuntu 24.04
Plan: 8 GB RAM ($40/month)
Attach static IP

Open firewall ports: 80, 443, 22

Step 3 — Install Docker

ssh ubuntu@your-static-ip
sudo apt update && sudo apt install -y docker.io docker-compose-plugin nginx certbot python3-certbot-nginx
sudo usermod -aG docker ubuntu

Step 4 — Configure and start

git clone https://github.com/AKHester-Technologies/aj-smart-fhir-platform
cd aj-smart-fhir-platform
cp .env.example .env
# Edit .env with your RDS endpoint, passwords, and domain URLs

SPRING_PROFILES_ACTIVE=prod docker compose up -d

Step 5 — SSL with Let's Encrypt

sudo certbot --nginx \
  -d fhir.demo.ajfhir.org \
  -d auth.demo.ajfhir.org \
  --non-interactive --agree-tos -m you@ajfhir.org

Step 6 — RSA keystore (important)

Without a keystore all tokens become invalid on restart:

keytool -genkeypair -alias smart-fhir-server \
  -keyalg RSA -keysize 2048 -storetype PKCS12 \
  -keystore ./keystore/smart-fhir-server.p12 -validity 3650

# Add to .env:
KEYSTORE_PATH=/app/keystore/smart-fhir-server.p12
KEYSTORE_PASSWORD=your-password

Production Deployment on AWS Lightsail

Infrastructure​

Step 1 — Create RDS PostgreSQL​

Step 2 — Create Lightsail instance​

Step 3 — Install Docker​

Step 4 — Configure and start​

Step 5 — SSL with Let's Encrypt​

Step 6 — RSA keystore (important)​

Infrastructure

Step 1 — Create RDS PostgreSQL

Step 2 — Create Lightsail instance

Step 3 — Install Docker

Step 4 — Configure and start

Step 5 — SSL with Let's Encrypt

Step 6 — RSA keystore (important)