Release 6.0.0

cfl/README.md

@@ -5,13 +5,14 @@ The distribution project consists of docker compose configuration files and reso
  (OpenMRS Web Application, modules and other).
 
 The project contains **.env.example** file which contains the configuration of an environment, the committed version
- configures CFL distribution to run on your local docker, where both application and database docker containers are running. 
+ configures CFL distribution to run on your local docker, where both application and database docker containers are
+  running. 
 
-The docker compose configuration files, with suffix .yml, should stay unchanged - with an exception of docker image
- versioning.
-
-**Increment proper version number in docker-compose.run.yml and docker-compose.build.yml when you make any
- change in this project**
+The CFL distribution forgoes usage of database dump, in favor of 'initial startup'. 
+The 'initial startup' is the first start of an application, during which empty database has tables created and initial
+ data loaded in. This approach removes a burden of synchronizing DB dump with initial data of the CfL application, 
+ at the expense of the longer initial startup - depending on the server's performance, it may take up to few hours, the most
+  of time is taken by the OCL concepts import (over 50000 concepts).
 
 ## Requirements
   - Docker engine
@@ -24,8 +25,15 @@ The project provides utility script to start OpenMRS application docker containe
 Run script:
 ```runInDevMode.sh```
 
+The docker compose configuration files, should stay unchanged - with an exception of docker image versioning.
+
+**Increment proper version number in docker-compose.run.yml and docker-compose.build.yml when you make any
+ change in this project**
+
 ## Production
 
+Review AWS considerations and Serving CfL over HTTP below.
+
 Build CFL distribution image using ``docker-compose.build.yml``.
 
 ```
@@ -37,14 +45,27 @@ Save CFL distribution image into archive.
 ```
 sudo docker save openmrscorecfl:X.Y.Z | gzip > openmrscorecfl_X.Y.Z.tar.gz
 ```
+Where X.Y.Z is the version number from `docker-compose.run.yml` web image name's suffix.
 
 Distribute the created image together with ``docker-compose.run.yml`` file. 
-The ``.env`` file has to be created during installation, each environment has individual configuration.
+The ``.env`` file has to be created during the installation, each environment has individual configuration.
 
 ### Run production
 
 Configure ``.env`` accordingly to the production environment.
 
+| Property              | Value                  | Description 
+| --------------------- | -----------------------| ----------- 
+| INITIAL_STARTUP       | true or false          | Whether the next startup should create the database tables and load the initial data. **This must be true only for a first startup on given DB.**
+| TOMCAT_PORT           | port number, eg.: 80   | Specifies a TPC port under which docker should expose CfL web application.
+| DB_HOST               | URL                    | Specifies connection URL for database. Leave a default `db` for dev mode.
+| DB_USERNAME           | DB username            | Specifies user that OpenMRS will use to connect to database.
+| DB_PASSWORD           | DB password            | Specifies password that OpenMRS will use to connect to database.
+| MYSQL_DEV_PORT        | port number, eg.: 3306 | If started in dev mode, specifies a TPC port under which docker should expose database.
+| TOMCAT_DEV_PORT       | port number, eg.: 8080 | When Debugging is enabled, specifies a TPC port under which docker should expose CfL web application.
+| TOMCAT_DEV_DEBUG_PORT | port number, eg 1044   | When Debugging is enabled, specifies a TPC port under which docker should expose Java debug port of CfL web application.
+| DB_ROOT_PASSWORD      | DB root password       | If started in dev mode, specifies `root` user password for the created database.
+
 Load CFL distribution image.
 
 ```
@@ -66,3 +87,38 @@ Inspect logs
 ```
 sudo docker logs -f --tail 500 cfl_web_1
 ```
+
+### AWS considerations
+
+When running Connect for Life in AWS environments, you must ensure that RDS database has `log_bin_trust_function_creators
+` parameter (in database server's parameter group) set to **1**. 
+This is required to load database functions used in the Connect for Life.
+
+The `openmrs` schema and user used by OpenMRS, must be pre-created before Connect for Life startup. 
+The schema must created with **UTF8** character set and **utf8_general_ci** collation.
+
+### Serving CfL over HTTP
+
+The Connect for Life is by default configured to be hidden by a proxy or firewall which exposes CFL over HTTPS.
+To make Connect for Life work over regular HTTP, for connection other then from localhost, you need to modify `cfl/web
+/config/tomcat/web.xml` file. 
+Remove `cookie-config` element from the `session-config`.
+
+#### Default config
+```
+    <session-config>
+        <session-timeout>30</session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+            <secure>true</secure>
+        </cookie-config>
+    </session-config>
+```
+
+#### HTTP config
+
+```
+    <session-config>
+        <session-timeout>30</session-timeout>
+    </session-config>
+```

cfl/docker-compose.build.yml

@@ -3,4 +3,4 @@ version: '2'
 services:
   web:
     build: web
-    image: openmrscorecfl:5.0.0
+    image: openmrscorecfl:6.0.0

cfl/docker-compose.db.yml

@@ -3,14 +3,16 @@ version: '2'
 services:
   db:
     image: mysql:5.7
-    command: "mysqld --character-set-server=utf8 --collation-server=utf8_general_ci"
+    command: mysqld --sql_mode="STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" --character-set-server=utf8 --collation-server=utf8_general_ci
+    restart: always
     environment:
       MYSQL_DATABASE: openmrs
       MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
       MYSQL_USER: ${DB_USERNAME}
       MYSQL_PASSWORD: ${DB_PASSWORD}
     volumes:
       - db-data:/var/lib/mysql
+      - ./db-init-data:/docker-entrypoint-initdb.d
     ports:
       - "${MYSQL_DEV_PORT}:3306"
 

cfl/docker-compose.run.yml

@@ -2,7 +2,8 @@ version: '2'
 
 services:
   web:
-    image: openmrscorecfl:5.0.0
+    image: openmrscorecfl:6.0.0
+    restart: always
     logging:
       driver: "local"
     environment:

cfl/web/Dockerfile

@@ -1,4 +1,4 @@
-FROM tomcat:7-jre8
+FROM tomcat:8.5.82-jdk8
 
 RUN rm -rf /usr/local/tomcat/webapps/ROOT
 ADD ./ROOT /usr/local/tomcat/webapps/ROOT

cfl/web/config/tomcat/server.xml

@@ -1,4 +1,4 @@
-<?xml version='1.0' encoding='utf-8'?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
@@ -24,10 +24,8 @@
     <!-- Security listener. Documentation at /docs/config/listeners.html
     <Listener className="org.apache.catalina.security.SecurityListener" />
     -->
-    <!--APR library loader. Documentation at /docs/apr.html -->
+    <!-- APR library loader. Documentation at /docs/apr.html -->
     <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
-    <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
-    <Listener className="org.apache.catalina.core.JasperListener" />
     <!-- Prevent memory leaks due to use of particular java/javax APIs-->
     <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
     <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
@@ -63,10 +61,10 @@
 
         <!-- A "Connector" represents an endpoint by which requests are received
              and responses are returned. Documentation at :
-             Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+             Java HTTP Connector: /docs/config/http.html
              Java AJP  Connector: /docs/config/ajp.html
              APR (HTTP/AJP) Connector: /docs/apr.html
-             Define a non-SSL HTTP/1.1 Connector on port 8080
+             Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
         -->
         <Connector port="8080" protocol="HTTP/1.1"
                    URIEncoding="UTF-8"
@@ -81,20 +79,48 @@
                    connectionTimeout="20000"
                    redirectPort="8443" />
         -->
-        <!-- Define a SSL HTTP/1.1 Connector on port 8443
-             This connector uses the BIO implementation that requires the JSSE
-             style configuration. When using the APR/native implementation, the
-             OpenSSL style configuration is required as described in the APR/native
-             documentation -->
+        <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+             This connector uses the NIO implementation. The default
+             SSLImplementation will depend on the presence of the APR/native
+             library and the useOpenSSL attribute of the AprLifecycleListener.
+             Either JSSE or OpenSSL style configuration may be used regardless of
+             the SSLImplementation selected. JSSE style configuration is used below.
+        -->
         <!--
-        <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
-                   maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-                   clientAuth="false" sslProtocol="TLS" />
+        <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   maxThreads="150" SSLEnabled="true">
+            <SSLHostConfig>
+                <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+                             type="RSA" />
+            </SSLHostConfig>
+        </Connector>
+        -->
+        <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+             This connector uses the APR/native implementation which always uses
+             OpenSSL for TLS.
+             Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+             configuration is used below.
+        -->
+        <!--
+        <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+                   maxThreads="150" SSLEnabled="true" >
+            <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+            <SSLHostConfig>
+                <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+                             certificateFile="conf/localhost-rsa-cert.pem"
+                             certificateChainFile="conf/localhost-rsa-chain.pem"
+                             type="RSA" />
+            </SSLHostConfig>
+        </Connector>
         -->
 
         <!-- Define an AJP 1.3 Connector on port 8009 -->
-        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
+        <!--
+        <Connector protocol="AJP/1.3"
+                   address="::1"
+                   port="8009"
+                   redirectPort="8443" />
+        -->
 
         <!-- An Engine represents the entry point (within Catalina) that processes
              every request.  The Engine implementation for Tomcat stand alone
@@ -138,9 +164,10 @@
                      Documentation at: /docs/config/valve.html
                      Note: The pattern used is equivalent to using pattern="common" -->
                 <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
-                       prefix="localhost_access_log." suffix=".txt"
+                       prefix="localhost_access_log" suffix=".txt"
                        pattern="%h %l %u %t &quot;%r&quot; %s %b" />
-
+                <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false"
+                       showServerInfo="false"/>
             </Host>
         </Engine>
     </Service>

cfl/web/config/tomcat/web.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
@@ -15,11 +15,11 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
-                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-         version="3.0">
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+         version="3.1">
 
     <!-- ======================== Introduction ============================== -->
     <!-- This document defines default values for *all* web applications      -->
@@ -48,6 +48,11 @@
     <!--   fileEncoding        Encoding to be used to read static resources   -->
     <!--                       [platform default]                             -->
     <!--                                                                      -->
+    <!--   useBomIfPresent     If a static file contains a byte order mark    -->
+    <!--                       (BOM), should this be used to determine the    -->
+    <!--                       file encoding in preference to fileEncoding.   -->
+    <!--                       [true]                                         -->
+    <!--                                                                      -->
     <!--   input               Input buffer size (in bytes) when reading      -->
     <!--                       resources to be served.  [2048]                -->
     <!--                                                                      -->
@@ -99,6 +104,13 @@
     <!--   showServerInfo      Should server information be presented in the  -->
     <!--                       response sent to clients when directory        -->
     <!--                       listings is enabled? [true]                    -->
+    <!--                                                                      -->
+    <!--   allowPartialPut     Should the server treat an HTTP PUT request    -->
+    <!--                       with a Range header as a partial PUT? Note     -->
+    <!--                       that while RFC 7233 clarified that Range       -->
+    <!--                       headers only valid for GET requests, RFC 9110  -->
+    <!--                       (which obsoletes RFC 7233) now allows partial  -->
+    <!--                       puts. [true]                                   -->
 
     <servlet>
         <servlet-name>default</servlet-name>
@@ -138,9 +150,9 @@
     <!--                       pages.  See the jasper documentation for more  -->
     <!--                       information.                                   -->
     <!--                                                                      -->
-    <!--   compilerSourceVM    Compiler source VM. [1.6]                      -->
+    <!--   compilerSourceVM    Compiler source VM. [1.7]                      -->
     <!--                                                                      -->
-    <!--   compilerTargetVM    Compiler target VM. [1.6]                      -->
+    <!--   compilerTargetVM    Compiler target VM. [1.7]                      -->
     <!--                                                                      -->
     <!--   development         Is Jasper used in development mode? If true,   -->
     <!--                       the frequency at which JSPs are checked for    -->
@@ -238,6 +250,11 @@
     <!--   xpoweredBy          Determines whether X-Powered-By response       -->
     <!--                       header is added by generated servlet.  [false] -->
     <!--                                                                      -->
+    <!--   strictQuoteEscaping When scriptlet expressions are used for        -->
+    <!--                       attribute values, should the rules in JSP.1.6  -->
+    <!--                       for the escaping of quote characters be        -->
+    <!--                       strictly applied? [true]                       -->
+    <!--                                                                      -->
     <!--   quoteAttributeEL    When EL is used in an attribute value on a     -->
     <!--                       JSP page should the rules for quoting of       -->
     <!--                       attributes described in JSP.1.6 be applied to  -->
@@ -355,7 +372,7 @@
     <!--   enableCmdLineArguments                                             -->
     <!--                        Are command line parameters generated from    -->
     <!--                        the query string as per section 4.4 of 3875   -->
-    <!--                        RFC? [true]                                   -->
+    <!--                        RFC? [false]                                  -->
     <!--                                                                      -->
     <!--   executable           Name of the executable used to run the        -->
     <!--                        script. [perl]                                -->
@@ -526,7 +543,7 @@
     <!-- this to work you will need to uncomment the .shtml mime type         -->
     <!-- definition towards the bottom of this file.                          -->
     <!-- The contentType init param allows you to apply SSI processing to JSP -->
-    <!-- pages, javascript, or any other content you wish.  This filter       -->
+    <!-- pages, JavaScript, or any other content you wish.  This filter       -->
     <!-- supports the following initialization parameters (default values are -->
     <!-- in square brackets):                                                 -->
     <!--                                                                      -->
@@ -576,7 +593,6 @@
     <!-- ==================== Built In Filter Mappings ====================== -->
 
     <!-- The mapping for the HTTP header security Filter -->
-
     <filter-mapping>
         <filter-name>httpHeaderSecurity</filter-name>
         <url-pattern>/*</url-pattern>
@@ -627,6 +643,7 @@
     <!-- based on these mappings.  Additional mappings can be added here (to  -->
     <!-- apply to all web applications), or in your own application's web.xml -->
     <!-- deployment descriptor.                                               -->
+    <!-- Note: Extensions are always matched in a case-insensitive manner.    -->
 
     <mime-mapping>
         <extension>123</extension>
@@ -4237,6 +4254,10 @@
         <extension>wad</extension>
         <mime-type>application/x-doom</mime-type>
     </mime-mapping>
+    <mime-mapping>
+        <extension>wasm</extension>
+        <mime-type>application/wasm</mime-type>
+    </mime-mapping>
     <mime-mapping>
         <extension>wav</extension>
         <mime-type>audio/x-wav</mime-type>
@@ -4642,10 +4663,6 @@
         <extension>z</extension>
         <mime-type>application/x-compress</mime-type>
     </mime-mapping>
-    <mime-mapping>
-        <extension>Z</extension>
-        <mime-type>application/x-compress</mime-type>
-    </mime-mapping>
     <mime-mapping>
         <extension>z1</extension>
         <mime-type>application/x-zmachine</mime-type>

cfl/web/startup.sh

@@ -45,7 +45,7 @@ mkdir -p ~/modules
 # Create OpenMRS installation script - see setenv.sh
 cat > /usr/local/tomcat/openmrs-server.properties << EOF
 install_method=auto
-connection.url=jdbc\:mysql\://${DB_HOST}\:3306/${DB_DATABASE}?autoReconnect\=true&sessionVariables\=default_storage_engine\=InnoDB&useUnicode\=true&characterEncoding\=UTF-8
+connection.url=jdbc\:mysql\://${DB_HOST}\:3306/${DB_DATABASE}?autoReconnect\=true&sessionVariables\=default_storage_engine\=InnoDB&useUnicode\=true&characterEncoding\=UTF-8&useSSL\=false
 connection.username=${DB_USERNAME}
 connection.password=${DB_PASSWORD}
 has_current_openmrs_database=true