See Running on Docker at the dcm4che Archive 5 Wiki.
Below explained environment variables can be set as per one's application to override the default values if need be.
An example of how one can set an env variable in docker run
command is shown below :
-e ARCHIVE_DEVICE_NAME=my-dcm4chee-arc
Device name to lookup in LDAP for UI configuration (optional, default is dcm4chee-arc
).
Space separated list of URL(s) of Archive RESTful services deployed in other Archive docker container(s). E.g.: http://test-ng:8080/dcm4chee-arc
This environment variable is used to set the JAVA_OPTS during Archive UI startup (optional, default is
"-Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true"
Indicates to delay the start of the Archive UI until specified TCP ports become accessible. Format: <host>:<port> ...
, e.g.: ldap:389 db:5432
.
HTTP port of the Archive UI (optional, default is 8080
).
HTTPS port of Archive UI (optional, default is 8443
).
HTTP port of Wildfly Administration Console (optional, default is 9990
).
HTTPS port of Wildfly Administration Console (optional, default is 9993
).
Protect Wildfly Adminstration Console with Keycloak (optional, default is true
).
By default there is no admin user created so you won't be able to login to the Wildfly Administration Console.
User to authenticate to the Wildfly Administration Console.
(At archive versions secured by Keycloak and WILDFLY_ADMIN_OIDC=true
, any user with assigned role ADMINISTRATOR
is authorized to access the Wildfly Administration Console.)
WILDFLY_ADMIN_USER_FILE
(Ignored by Archive UI version secured by Keycloak and WILDFLY_ADMIN_OIDC=true
)
User to authenticate to the Wildfly Administration Console via file input (alternative to WILDFLY_ADMIN_USER).
WILDFLY_ADMIN_PASSWORD
(Ignored by Archive UI version secured by Keycloak and WILDFLY_ADMIN_OIDC=true
)
User's password to use to authenticate to the Wildfly Administration Console.
WILDFLY_ADMIN_PASSWORD_FILE
(Ignored by Archive UI version secured by Keycloak and WILDFLY_ADMIN_OIDC=true
)
User's password to use to authenticate to the Wildfly Administration Console via file input (alternative to WILDFLY_ADMIN_PASSWORD).
User role required to access the Archive UI (optional, default is user
).
User role to identify super users, which have unrestricted access to all UI functions of the Archive, bypassing the
verification of user permissions (optional, default is admin
).
Path to keystore file with private key and certificate for HTTPS (optional, default is
/opt/wildfly/standalone/configuration/keystore/key.p12
, with sample key + certificate:
Subject - CN=PACS_J4C,O=J4CARE,C=AT
Issuer - CN=IHE Europe CA, O=IHE Europe, C=FR
Valid From - Sun Apr 02 06:38:46 UTC 2017
Valid To - Fri Apr 02 06:38:46 UTC 2027
MD5 : 7a:b3:f7:5d:cf:6e:84:34:be:5a:7a:12:95:fa:46:76
SHA1 : a9:36:b3:b4:60:63:22:9e:f4:ae:41:d3:3b:97:ca:be:9b:a9:32:e9
provided by the docker image only for testing purpose).
Password used to protect the integrity of the keystore specified by KEYSTORE
(optional, default is secret
).
Password used to protect the integrity of the keystore specified by KEYSTORE
via file input
(alternative to KEYSTORE_PASSWORD
).
Password used to protect the private key in the keystore specified by KEYSTORE
(optional, default is value of KEYSTORE_PASSWORD
).
Password used to protect the private key in the keystore specified by KEYSTORE
via file input
(alternative to KEY_PASSWORD
).
Type (JKS
or PKCS12
) of the keystore specified by KEYSTORE
(optional, default is PKCS12
).
Path to keystore file with trusted certificates for TLS (optional, default is the default Java truststore
/usr/local/openjdk-11/lib/security/cacerts
). s.o. EXTRA_CACERTS.
Password used to protect the integrity of the keystore specified by TRUSTSTORE
(optional, default is changeit
).
Password used to protect the integrity of the keystore specified by TRUSTSTORE
via file input
(alternative to TRUSTSTORE_PASSWORD
).
Type (JKS
or PKCS12
) of the keystore specified by TRUSTSTORE
(optional, default is JKS
).
Path to keystore file with CA certificates imported to default Java truststore (optional, default is
/opt/wildfly/standalone/configuration/keystore/cacerts.p12
, with sample CA certificate:
Subject - CN=IHE Europe CA,O=IHE Europe,C=FR
Issuer - CN=IHE Europe CA,O=IHE Europe,C=FR
Valid From - Fri Sep 28 11:19:29 UTC 2012
Valid To - Wed Sep 28 11:19:29 UTC 2022
MD5 : 64:b6:1b:0f:8d:84:17:da:23:e4:e5:1c:56:ba:06:5d
SHA1 : 54:e0:10:c6:4a:fe:2c:aa:20:3f:50:95:45:82:cb:53:55:6b:07:7f
provided by the docker image only for testing purpose).
Password used to protect the integrity of the keystore specified by EXTRA_CACERTS
(optional, default is secret
).
Password used to protect the integrity of the keystore specified by EXTRA_CACERTS
via file input
(alternative to EXTRA_CACERTS_PASSWORD
).
Comma separated list of enabled TLS protocols (SSLv2
, SSLv3
, TLSv1
, TLSv1.1
, TLSv1.2
, TLSv1.3
)
(optional, default is TLSv1.2
).
The filter to apply to specify the enabled cipher suites for TLSv1.2 and below. See
javadoc
for possible values. (optional, default is DEFAULT
).
Base URL of the Keycloak server used for authenticating the client requests.
Default value is http://keycloak:8080/auth
.
Name of the realm configured in Keycloak for securing the UI and RESTful services of the archive,
and the Wildfly Administration Console and Management API (optional, default is dcm4che
).
Defining the SSL/HTTPS requirements for interacting with the Keycloak server:
none
- HTTPS is not required for any client IP addressexternal
- private IP addresses can access without HTTPSall
- HTTPS is required for all IP addresses
(optional, default is external
).
If the Keycloak server requires HTTPS and this config option is set to true
the Keycloak server’s certificate is
validated via the truststore, but host name validation is not done (optional, default value set is true
).
If the Keycloak server requires HTTPS and this config option is set to true
the Keycloak server’s certificate is
is not validated via the truststore (optional, default value set is false
).
Keycloak client ID for securing the UI of the archive (optional, default is dcm4chee-arc-ui
).
Keycloak client ID for securing the Wildfly Administration Console
(optional, default is wildfly-console
).
Keycloak client ID for securing the Wildfly Management API.
(optional, default is wildfly-management
).
Logstash/GELF Logger configuration:
Hostname/IP-Address of the Logstash host. Required for emitting system logs to Logstash.
Name of the Facility (optional, default is wildfly
).
Log-Level threshold (optional, default is WARN
).
Indicates if the Stack-Trace shall be sent in the StackTrace field (optional, default is true
).
Indicates if Stack-Trace filtering shall be performed (optional, default is true
).