Skip to content

How to install HCW@Home with Docker

This deployment is more about giving your main guide lines and will not work out the box. Due to various way to deploy our scalable solution, we are unable to provide an universal way to make your deployment. If you are in trouble, please contact us.

You should consider using our own reverse proxy. Those samples are not providing the SSL layer required for having working WebRTC.

Deploy Coturn with Docker Compose

The following sample gives you an example of how to deploy a coturn server with Docker Compose. Don't forget to adjust the following settings:

  • myuser which is the login account to use turn feature
  • mypass which is the password account to use turn feature
  • realm which can be any name of fictive domain you choose
services:
  coturn:
    image: docker.io/coturn/coturn
    environment:
      - DETECT_EXTERNAL_IP=yes
      - DETECT_RELAY_IP=yes
    ports:
      - "3478:3478"
      - "3478:3478/udp"
      - "5349:5349"
      - "5349:5349/udp"
      - "49152-65535:49152-65535/udp"
    command: "--fingerprint --lt-cred-mech --user {{coturn_user:coturn_user}}:{{coturn_password:coturn_pass}} --realm yourdomain.com
    network_mode: "host"

Put the content bellow in docker-compose.yml file and run the following command

docker compose up -d

Check the service is correctly started with the following command

docker compose logs -f

Deploying mediaserver with Docker Compose

The following sample gives you an example of how to deploy a mediasoup server with Docker Compose. Don't forget to adjust the following settings:

replace mydomain.com by you domain.
replace PUBLIC_IP value by you real server IP
replace ANNOUNCED_IP value by you internet public IP
replace API_USER and API_SERVER values by user you choose.
replace JWT_SECRET value by random secret.
services:
  backend:
    image: docker.io/iabsis/mediasoup-api
    ports:
      - "3443:3443"
    environment:
      ## Define random key here
      - JWT_SECRET={{random_jwt_key:Super3trong4ey$}}

      ## Configure credentials used to consume mediasoup API
      - API_USER={{mediasoup_api_user:mediasoup_user}}
      - API_SECRET={{mediasoup_api_password:mediasoup_pass}}

      ## Define here the public IP server
      - PUBLIC_IP={{mediasoup_server_ip_address:192.168.0.10}}

      ## If server is behind nat, you might need to advertise
      # the real public IP by commenting out this line.
      - ANNOUNCED_IP={{mediasoup_public_ip_address:1.2.3.4}}

      ## You will need to open UDP port in the follow range, you
      # can adjust the range if required.
      # - RTC_MIN_PORT=40000
      # - RTC_MAX_PORT=49000

      ## The best practice is to use reverse proxy, but if you want
      # this API to serve directly HTTPS, you might need to configure the
      # following lines
      # - HTTP_ONLY=true
      - LISTEN=3443
      - CERT=/etc/mediasoup-api/certs/example.com/fullchain.pem
      - KEY=/etc/mediasoup-api/certs/example.com/privkey.pem

      ## Redis server
      - REDIS_HOST=redis

      ## Turn server configuration
      - TURN_SERVER1=turn:{{coturn_hostname:fqdm_coturn.com}}
      - TURN_USERNAME1={{coturn_user:coturn_user}}
      - TURN_PASSWORD1={{coturn_password:coturn_pass}}

      ## Turn server configuration backup (optional)
      #- TURN_SERVER2=turn:fqdm_coturn2.com
      #- TURN_USERNAME2=coturn_user2
      #- TURN_PASSWORD2=coturn_pass2

    depends_on:
      - redis
    volumes:
      - ./data/certbot/:/etc/mediasoup-api/certs

  redis:
    image: redis

  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./data/certbot/:/etc/letsencrypt/live
    command: certonly --standalone -d {{mediasoup_fqdn_hostname:fqdm-mediasoup-domain.com}} --non-interactive --agree-tos --email info@mydomain.com
    ports:
      - "80:80"

  certbot-renew:
    image: certbot/certbot:latest
    volumes:
      - ./data/certbot/:/etc/letsencrypt/live
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

Put the content bellow in docker-compose.yml file and run the following command

docker compose up -d

Check the service is correctly started with the following command

docker compose logs -f

Deploying HCW@Home with Docker Compose

The following sample give you example of how deploying HCW@Home stack with Docker Compose. Double check the differents values you need to define.

  • Patient interface will listen on port 8000
  • Doctor interface will listen on port 8001
  • Admin interface will listen on port 8002
services:
  mongo:
    image: mongo:6
    volumes:
      - ./data/mongo:/data/db

  patient:
    image: docker.io/iabsis/hcw-patient
    ports:
      - "8000:8080"
    environment:
      - BACKEND_URL=http://backend:1337
    depends_on:
      - mongo
      - backend

  doctor:
    image: docker.io/iabsis/hcw-doctor
    ports:
      - "8001:8081"
    environment:
      - BACKEND_URL=http://backend:1337
    depends_on:
      - mongo
      - backend

  admin:
    image: docker.io/iabsis/hcw-admin
    ports:
      - "8002:8082"
    environment:
      - BACKEND_URL=http://backend:1337
    depends_on:
      - mongo
      - backend


  backend:
    image: docker.io/iabsis/hcw-backend
    ports:
      - "1337:1337"
    environment:
      # Configure here database, by default
      # a local mongo is used.
      - DB_URI=mongodb://mongo:27017/hcw-athome

      # Configure Redis URL
      - REDIS_HOST=redis
      #- REDIS_PORT=6379
      #- REDIS_PASSWORD=

      # Generate random key used by JWT encoding.
      - APP_SECRET=''

      # If used, it's possible to create JWT token
      # externally with the following key.
      #SHARED_EXTERNAL_AUTH_SECRET=12345678

      # Wich environement file to use.
      - NODE_ENV=production

      # Public url to be accessed by the patient
      - PUBLIC_URL={{patient_https_url:https://replace-by-patient-domain.com}}

      # Mail configuration.
      - MAIL_SMTP_HOST=<https://my-smtp-server.ch>/
      - MAIL_SMTP_PORT=465
      - MAIL_SMTP_SECURE=true
      - https://MAIL_SMTP_SENDER%3Dnoreply@hcw-athome.ch/
      - MAIL_SMTP_USER=
      - MAIL_SMTP_PASSWORD=

      ## Choose to use either OVH or Swisscom
      # Comment/comment out line according to
      # your environment

      # SMS OVH Gateway credentials
      # - SMS_OVH_SENDER=
      # - SMS_OVH_ENDPOINT=
      # - SMS_OVH_APP_KEY=
      # - SMS_OVH_APP_SECRET=
      # - SMS_OVH_APP_CONSUMER_KEY=

      # SMS Swisscom Gateway credentials
      # - SMS_SWISSCOM_ACCOUNT=
      # - SMS_SWISSCOM_PASSWORD=
      # - SMS_SWISSCOM_SENDER=

      # ClickATell SMS Gateway credentials
      - SMS_CLICKATEL=

      # Define enabled authentication methods
      # Can be one of the following choice
      # password : user will be inside Mongo only. (default)
      # saml : configure SAML entries, compatible with Azure.
      # both : user can login with both methods (saml and password).
      # openid : user will login with openid only.
      - LOGIN_METHOD=password

      # SAML environement
      # - SAML_CALLBACK=''
      # - SAML_ENTRY_POINT=''
      # - SAML_ISSUER=''
      # - EMAIL_FIELD='email'
      # - FIRSTNAME_FIELD='firstname'
      # - LASTNAME_FIELD='lastname'
      # - LOGOUT_URL=''
      # - SAML_PATH_KEY='/etc/hcw-athome/saml.key'
      # - SAML_CERT=''
      # - SAML_FIRSTNAME_FIELD='givenName'
      # - SAML_LASTNAME_FIELD='lastName'
      # - SAML_AUTOCREATE_USER=true

      # If you use Redmine, you can configure here
      # Access key to the project.
      # - REDMINE_DOMAIN=
      # - REDMINE_API_KEY=

      # If external API is used, define here
      # the mongo ID of the queue where default consultation
      # are dropping.
      # Default value is Default
      # - DEFAULT_QUEUE_ID=Default

      # Public url to be accessed by the doctor
      - DOCTOR_URL={{doctor_https_url:https://replace-by-doctor-domain.com}}

      # ClamAv can be used to check sanity of transfered
      # files. Define there socket path for Antivirus Clamav
      - CLAM_HOST=clamav
      # - CLAM_PORT=3310

      # Enable AD if Active Directory or LDAP must be used
      # to get user information and groups.
      # Default value is false
      # - AD_ENABLE=false

      # Access to Active Directory server. Account service is
      # required here. Readonly is enough.
      # - AD_URIS=ldap://<ip or hostname of ad server>
      # - AD_BASE=dc=ad,dc=sample,dc=local
      # - AD_USER=-service-ad-readonly
      # - AD_PASSWORD=<replace-password>

      ## Allow user access if AD user in inside the following group.
      # - AD_DOCTOR_GROUP=HCWATHOME-DOCTOR

      # Auto Group to Queue mapping
      # Wildcard group is used to map AD group to internal Queue.
      # By example AD Group QUEUE-Psycho is mapped to Queue named Psycho.
      # - AD_QUEUE_MAP=^QUEUE-(.*)$

      # If AD is used, how to map user field to AD.
      # - AD_ATTR_FIRSTNAME=givenName
      # - AD_ATTR_FISTNAME=givenName
      # - AD_ATTR_LASTNAME=sn
      # - AD_ATTR_EMAIL=mail
      # - AD_ATTR_DEPARTMENT=department
      # - AD_ATTR_FUNCTION=company
      # - AD_ATTR_LOGIN=mail

      # If all Mediasoup servers fails, fallback
      # to the following server.
      - MEDIASOUP_URL=https://{{mediasoup_fqdn_hostname:fqdm-mediasoup-domain.com}}
      - MEDIASOUP_USER={{mediasoup_api_user:mediasoup_user}}
      - MEDIASOUP_SECRET={{mediasoup_api_password:mediasoup_pass}}

      ## Branding used by HCW@Home
      - BRANDING=ICRC@Home

      ## Comment out if you want put a logo path.
      #LOGO=/etc/hcw-athome/logo.png

      ## Enable accessibility
      - ACCESSIBILITY_MODE=false

      # OpenID configuration.
      - OPENID_ISSUER_BASE_URL=''
      - OPENID_CLIENT_ID=''
      - OPENID_CLIENT_SECRET=''
      - OPENID_CALLBACK_URL=''
      - OPENID_AUTHORIZATION_URL==https://<replace-by-my-domain>
      - OPENID_TOKEN_URL=''
      - OPENID_USER_INFO_URL=''
      - OPENID_LOGOUT_URL=''
      - OPENID_AUTOCREATE_USER=true

      ## Path to store attachments
      - ATTACHMENTS_DIR=/data/attachments

    depends_on:
      - mongo
      - redis
      - clamav
    volumes:
      - ./data/attachments:/data/attachments
    restart: always

  redis:
    image: redis

  clamav:
    image: clamav/clamav
    ports:
      - "3310:3310"