Skip to main content

Deployment

Dockerโ€‹

Dockerfile
FROM eclipse-temurin:21-jdk-jammy AS build
WORKDIR /workspace
COPY pom.xml .
RUN mvn -B dependency:go-offline -q
COPY src ./src
RUN mvn -B package -DskipTests

FROM eclipse-temurin:21-jre-jammy
WORKDIR /app
COPY --from=build /workspace/target/smart-fhir-client-*.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]
docker build -t smart-fhir-client .
docker run -p 8080:8080 \
  -e SMART_CLIENT_ID=your-client-id \
  -e SMART_REDIRECT_URI=https://your-app.com/callback \
  smart-fhir-client

HTTPSโ€‹

Epic App Orchard requires HTTPS in production. Terminate TLS at a load balancer or reverse proxy:

nginx.conf
server {
    listen 443 ssl;
    server_name your-app.com;
    ssl_certificate     /etc/ssl/certs/cert.pem;
    ssl_certificate_key /etc/ssl/private/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Forwarded-For   $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host              $host;
    }
}

Set server.forward-headers-strategy=native in application.yml so Spring sees the correct protocol for redirect URI generation.

Redis session storeโ€‹

For multi-instance deployments, all instances must share session state:

application.yml
spring:
  session:
    store-type: redis
    timeout:    3600s
  data:
    redis:
      host:     ${REDIS_HOST:localhost}
      port:     ${REDIS_PORT:6379}
      password: ${REDIS_PASSWORD:}
pom.xml
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.session</groupId>
    <artifactId>spring-session-data-redis</artifactId>
</dependency>

Environment variablesโ€‹

VariableRequiredDescription
SMART_CLIENT_IDโœ“Your Epic application client ID
SMART_REDIRECT_URIโœ“Must match the URI registered in Epic App Orchard
REDIS_HOSTProductionRedis host for session sharing
REDIS_PASSWORDProductionRedis authentication password
SPRING_PROFILES_ACTIVEprod enables production logging and caching

Actuator healthโ€‹

curl http://localhost:8080/actuator/health
# {"status":"UP"}

Available endpoints: /actuator/health, /actuator/info, /actuator/metrics.

Next: Production Checklist โ†’