Bahmni ABDM proxy to Simulate HRP

Bahmni ABDM Proxy simulates HRP (Health Repository Providers) in order to allow sharing ABDM secrets across multiple single tenant bahmni instances running as HIU/HIP.

Individual Bahmni instances (as HIU/HIP) continues to directly call the ABDM gateway using shared secrets
ABDM Gateway responds back onto the ABDM Proxy callback endpoint (common accross all Bahmni HIP/HIU instances).
ABDM Proxy maintains knowledge (map) about HIU/HIP (key) and their corresponding instance url. It extracts the HIU/HIP ID from the request callback header (e.g. X-HIU-ID) and derive the delegate url
It would then forward the request to the delegate url (with headers as-is) in order to have it handled by the designated HIP/HIU instance.

Setup

The assumption is that all the Bahmni instances are running within the same Kubernetes cluster (any of the 3 approaches depicted in this document). Also Hosted Zone for target domain (e.g. mybahmni.in) is already setup along with completing this infra setup.

🔘 Create A record for ABDM Proxy

This A record is to have a unique subdomain for ABDM proxy e.g. abdm-proxy.mybahmni.in. Follow this guide for CLI or this for Console (choose Alias to network load-balancer and then select the configured elb from target aws region).

🔘 Apply ABDM proxy ingress in default namespace

Start by forking this repo https://github.com/BahmniIndiaDistro/abdm-callback-proxy - change the host in ingress.yaml to the alias that was setup in earlier setup e.g. abdm-proxy.mybahmni.in. Apply the configuration in default namespace

Install kubectl CLI and ensure you have the appropirate aws privilege set on your terminal session before running below commands

kubectl apply -f ingress.yaml

🔘 Configure HIU and HIP services on ABDM Gateway

Register individual HIP/HIU as service on the gateway using the shared abdm client secrets

HIU

curl --location --request PUT 'https://dev.ndhm.gov.in/devservice/v1/bridges/services' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer ENTER_THE_TOKEN' \
--data-raw '{"id":"alpha","name":"Alpha","type":"HIU","active":true,"alias":["Alpha"]}'

HIP

curl --location --request PUT 'https://dev.ndhm.gov.in/devservice/v1/bridges/services' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer ENTER_THE_TOKEN' \
--data-raw '{"id":"omega","name":"Omega","type":"HIP","active":true,"alias":["Omega"]}'

Configure the HIU ID and HIP ID registered with the gateway in the values.yaml of umbrella chart and follow this guide to provision the cluster.

🔘 Configure HIU and HIP instance url on Bahmni ABDM Proxy

Bahmni ABDM proxy uses Nginx + NJS to manage the HIU/HIP map and perform the delegation. Change the deligateRepository in njs.ts to represent the bahmni cluster with various instances of bahmni as HIU/HIP. In below example alpha and omega are 2 bahmni instances running as HIP/HIP in different namespace within the same EKS cluster having their own A record defined.

alpha and omega are the same id’s that was configured as service on gateway in earlier step

Build the project using yarn build
Create and publish docker Image: docker build -t yourDockerHubRepo/abdm-callback-proxy . && docker push yourDockerHubRepo/abdm-callback-proxy. It would also require a docker login to target dockerhub account before pushing the image.

🔘 Apply abdm proxy service in default namespace

Replace spec.containers.image in abdm-callback.proxy.yaml with your Dockerhub repo name (instead of bahmniindiadistro/). Apply the abdm-callback-proxy service in default namesapce