Bahmni ABDM Proxy simulates HRP (Health Repository Providers) in order to allow sharing ABDM secrets across multiple single tenant bahmni instances running as HIU/HIP.
Individual Bahmni instances (as HIU/HIP) continues to directly call the ABDM gateway using shared secrets
ABDM Gateway responds back onto the ABDM Proxy callback endpoint (common accross all Bahmni HIP/HIU instances).
ABDM Proxy maintains knowledge (map) about HIU/HIP (key) and their corresponding instance url. It extracts the HIU/HIP ID from the request callback header (e.g. X-HIU-ID) and derive the delegate url
It would then forward the request to the delegate url (with headers as-is) in order to have it handled by the designated HIP/HIU instance.
Setup
The assumption is that all the Bahmni instances are running within the same Kubernetes cluster (any of the 3 approaches depicted in this document).
🔘 Create A record for ABDM Proxy
The assumption is that you have already setup a Hosted Zone for your domain (e.g. mybahmni.in
) and completed the infra setup. This A record is to have a unique subdomain for ABDM proxy e.g. abdm-proxy.mybahmni.in
. You could either follow this guide for CLI or this for Console (choose Alias to network load-balancer and then select the configured elb from your aws region).
🔘 Apply ABDM proxy ingress in default namespace
Start by forking this repo https://github.com/BahmniIndiaDistro/abdm-callback-proxy - change the host in ingress.yaml to the alias that you setup in above setup e.g. abdm-proxy.mybahmni.in
and then apply in default namespace
kubectl apply -f ingress.yaml
🔘 Configure HIU and HIP services on ABDM Gateway
Register individual HIP/HIU as service on the gateway using the shared abdm client secrets
//HIU curl --location --request PUT 'https://dev.ndhm.gov.in/devservice/v1/bridges/services' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer ENTER_THE_TOKEN' \ --data-raw '{"id":"alpha","name":"Alpha","type":"HIU","active":true,"alias":["Alpha"]}' //HIP curl --location --request PUT 'https://dev.ndhm.gov.in/devservice/v1/bridges/services' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer ENTER_THE_TOKEN' \ --data-raw '{"id":"omega","name":"Omega","type":"HIP","active":true,"alias":["Omega"]}'
Configure the HIU ID and HIP ID registered with the gateway in the values.yaml of umbrella chart and follow this guide to provision the cluster.
🔘 Configure HIU and HIP instance url on Bahmni ABDM Proxy
Bahmni ABDM proxy uses Nginx + NJS to manage the HIU/HIP map and perform the deligation. Change the deligateRepository in njs.ts to represent your bahmni cluster with various instances of bahmni. In below example alpha and omega are 2 bahmni instances running as HIP/HIP in different namespace within the same EKS cluster having their own A record defined.
const deligateRepository: { [key: string]: string } = { alpha: 'alpha.mybahmni.in', omega: 'omega.mybahmni.in', };
Build the project using yarn build
Create and publish docker Image: docker build -t yourDockerHubRepo/abdm-callback-proxy . && docker push yourDockerHubRepo/abdm-callback-proxy
. It would also require you to do a docker login to your dockerhub account before pushing the image.
Setup a new dockerhub repo to maintain the abdm-callback-proxy image versions prior to building and publishing
🔘 Apply abdm proxy service in default namespace
Replace spec.containers.image
in abdm-callback.proxy.yaml with your Dockerhub repo name (instead of bahmniindiadistro/
). Apply the abdm-callback-proxy service in default namesapce
kubectl apply -f abdm-callback.proxy.yaml
To apply newer version of latest abdm-callback-proxy image on the cluser, use kubectl rollout restart deployment abdm-callback-proxy