osgiliath/openbis
openBIS is a complete solution for managing your research data
772
Introduction
The open source platform openBIS - Open Biology Information System offers an Electronic Laboratory Notebook and a Laboratory Information Management System (ELN-LIMS) solution suitable for the academic life science laboratories. openBIS ELN-LIMS allows researchers to efficiently document their work, to describe materials and methods, and to collect raw and analysed data and analysis scripts. The openBIS ELN-LIMS platform is developed in ETH Zürich.
Support
support@osgiliath.atlassian.net
Architecture
Tags
Production Ready release
Early Access release
Network
Container networking openbis-tier refers to the ability for containers to connect to and communicate with each other. The following example creates a network using the bridge network driver. Running containers will be communicating accross the created virtual network.
$ docker network create openbis-tier --driver bridge;
Ports
Port mappings for the containers.
| Container | Port | Description |
|---|---|---|
postgres15 | 5432/tcp | PostgreSQL database server as a backend. |
openbis | 8080/tcp | HTTP protocol of openBIS Application Server as a backend. |
openbis | 8081/tcp | HTTP protocol of openBIS Data Store Server as a backend. |
ingress | 443/tcp | HTTP protocol over TLS/SSL as a frontend. |
Volumes
Docker volumes serve as the preferred mechanism for persisting data generated and utilized by containers. The data directory of openBIS, main configuration files and logs are defined to be maintained as a persistent volume. By utilizing the option -v openbis-data:/data, a persistent storage named openbis-data is created and mounted as /data within the active container. It analogically applies to all other persistent volumes.
| Container | Persistent volume | Mountpoint | Description |
|---|---|---|---|
postgres15 | postgres15-data | /var/lib/postgresql/data | PostgreSQL database configuration and data directory. |
openbis | openbis-data | /data | Application data directory for data store files to persist data between containers. |
openbis | openbis-etc | /etc/openbis | Application configuration files to persist configuration between containers. |
openbis | openbis-logs | /var/log/openbis | Application log files to persist logs and application messages. |
Usage
Docker Environment Variables
| Variable | Default value | Description |
|---|---|---|
OPENBIS_ADMIN_PASS | 123456789 | Administrator password to openBIS instance. |
OPENBIS_DATA | /data/openbis | Directory for openBIS persistent data. |
OPENBIS_DB_ADMIN_PASS | mysecretpassword | PostgreSQL superuser password. |
OPENBIS_DB_ADMIN_USER | postgres | PostgreSQL superuser name. |
OPENBIS_DB_APP_PASS | mysecretpassword | Password for application user connecting to the database. |
OPENBIS_DB_APP_USER | openbis | Username for application user connecting to the database. |
OPENBIS_DB_HOST | postgres15 | Name of container running PostgreSQL database. |
OPENBIS_ETC | /etc/openbis | Directory for openBIS configuration files. |
OPENBIS_HOME | /home/openbis | Directory for openBIS installation binaries. |
OPENBIS_LOG | /var/log/openbis | Directory for openBIS log files. |
OPENBIS_FQDN | openbis.cloud | Full qualified domain name of openBIS service. |
OPENBIS_UID | 1001 | User ID to control file permissions. |
OPENBIS_GID | 1001 | Group ID to control file permissions. |
Database
Database container provides relational database - PostgreSQL server - to persist users, authorization information, various entities and their metadata, as well as index information about all datasets. It is required to have database superuser privileges.
$ docker run --detach \
--name postgres15 \
--hostname postgres15 \
--network openbis-tier \
-v postgres15-data:/var/lib/postgresql/data \
-e POSTGRES_PASSWORD=mysecretpassword \
-e PGDATA=/var/lib/postgresql/data/pgdata \
postgres:15;
Application
Application container provides Java runtime and consists of two Java processes - the openBIS Application Server (openBIS AS) and the - openBIS Data Store Server (openBIS DSS). openBIS AS manages the metadata and links to the data while the openBIS DSS manages the data itself operating on a managed part of the file system
$ docker run --detach \
--name openbis \
--hostname openbis \
--network openbis-tier \
--pid host \
-p 8080:8080 \
-p 8081:8081 \
-v openbis-data:/data \
-v openbis-etc:/etc/openbis \
-v openbis-logs:/var/log/openbis \
-e OPENBIS_ADMIN_PASS="123456789" \
-e OPENBIS_DATA="/data/openbis" \
-e OPENBIS_DB_ADMIN_PASS="mysecretpassword" \
-e OPENBIS_DB_ADMIN_USER="postgres" \
-e OPENBIS_DB_APP_PASS="mysecretpassword" \
-e OPENBIS_DB_APP_USER="openbis" \
-e OPENBIS_DB_HOST="postgres15" \
-e OPENBIS_ETC="/etc/openbis" \
-e OPENBIS_HOME="/home/openbis" \
-e OPENBIS_LOG="/var/log/openbis" \
-e OPENBIS_FQDN="openbis.cloud" \
osgiliath/openbis:20.10.9;
Ingress
Ingress container provides TLS termination and reverse proxy. Examples below are easily functional. They should be extended for complex access control or web application firewall. They configure Transport Layer Security, and reverse proxy based on path, where “/openbis” is directed to port 8080, and “/datastore_server” is directed to port 8081.
Nginx
Minimal functional example of server block which can be used as a template for the final configurations.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name openbis.domain;
root /var/www/html;
location /openbis/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://openbis:8080;
}
location /datastore_server/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://openbis:8081;
}
ssl_certificate /etc/ssl/openbis.domain.pem;
ssl_certificate_key /etc/ssl/private/openbis.domain.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:1m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
}
HAProxy
Minimal functional example which can be used as a template for the final configuration.
global
maxconn 1024
chroot /var/haproxy
uid 604
gid 604
daemon
pidfile /var/run/haproxy.pid
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
retries 3
maxconn 2000
frontend openbis_ingress
bind *:443 ssl crt /etc/haproxy/ssl
acl is_as path_beg /openbis
acl is_dss path_beg /datastore_server
use_backend openbis_as if is_as
use_backend openbis_dss if is_dss
default_backend openbis_as
backend openbis_as
option forwardfor
server as openbis:8080 check
backend openbis_dss
option forwardfor
server dss openbis:8081 check
Apache httpd
Minimal functional example of VirtualHost which can be used as a template for the final configuration.
<VirtualHost _default_:443>
ServerName openbis.domain
DocumentRoot "/var/www/html"
SSLEngine on
SSLCertificateFile /etc/ssl/openbis.domain.pem
SSLCertificateKeyFile /etc/ssl/private/openbis.domain.key
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
ProxyRequests off
ProxyPreserveHost on
AllowEncodedSlashes on
RewriteEngine on
RewriteRule ^/openbis$ /openbis/ [R,L]
RewriteRule ^/datastore_server$ /datastore_server/ [R,L]
ProxyPass /openbis/ http://openbis:8080/openbis/ timeout=600 keepalive=on
ProxyPassReverse /openbis/ http://openbis:8080/openbis/
ProxyPass /datastore_server/ http://openbis:8081/datastore_server/ timeout=600 keepalive=off
ProxyPassReverse /datastore_server/ http://openbis:8081/datastore_server/
</VirtualHost>
Verification
Check status of running openBIS Application Server.
$ docker exec -it openbis /home/openbis/servers/openBIS-server/jetty/bin/status.sh;
openBIS Application Server is running (pid 24538)
Check version of running openBIS Application Server.
$ docker exec -it openbis /home/openbis/servers/openBIS-server/jetty/bin/version.sh;
20.10.7 (r1688387419)
Check the password file for file based authentication.
$ docker exec -it openbis /home/openbis/servers/openBIS-server/jetty/bin/passwd.sh list;
User ID First Name Last Name Email
admin
etlserver
Check connectivity to port 8080 of openBIS Application Server.
$ docker exec -it openbis curl http://localhost:8080/openbis/webapp/eln-lims/version.txt;
20.10.7
Examine a process of openBIS Data Store Server.
$ docker exec -it openbis pgrep -af DataStoreServer;
25503 java -server -Djavax.net.ssl.trustStore=etc/openBIS.keystore --add-exports java.xml/jdk.xml.internal=ALL-UNNAMED -Dnative.libpath=lib/native -classpath lib/slf4j-log4j12-1.6.2.jar:lib/datastore_server.jar:lib/common.jar:lib/dbmigration-20.10.7-r1688387419.jar:lib/activation-1.1.1.jar:lib/ascii-table-1.2.0.jar:lib/aspectjweaver-1.8.12.jar:lib/authentication-20.10.7-r1688387419.jar:lib/autolink-dataset-uploader-api-zip4j_1.3.2.jar:lib/autolink-dropboxReporter-jyson-1.0.2.jar:lib/autolink-eln-lims-api-htmlcleaner-2.23.jar:lib/autolink-eln-lims-api-zip4j_1.3.2.jar:lib/autolink-password-reset-api-persistentkeyvaluestore.jar:lib/autolink-zenodo-exports-api-job-scheduler.jar:lib/base64-2.3.9.jar:lib/bcel-6.0-SNAPSHOT.jar:lib/bcpg-1.59.jar:lib/bcprov-1.59.jar:lib/bioformats-6.5.1.jar:lib/builder-commons-1.0.2.jar:lib/cisd-args4j-9.11.2.jar:lib/cisd-cifex-r1550129411.jar:lib/cisd-hotdeploy-13.01.0.jar:lib/cisd-image-readers-bioformats-r1553067167.jar:lib/cisd-image-readers-imagej-r1553067167.jar:lib/cisd-image-readers-jai-r1553067167.jar:lib/cisd-image-readers-r1553067167.jar:lib/cisd-openbis-knime-server-13.6.0.r29301.jar:lib/classmate-1.3.0.jar:lib/common.jar:lib/commonbase.jar:lib/commons-cli-1.2.jar:lib/commons-codec-1.10.jar:lib/commons-collections-4.01.jar:lib/commons-collections4-4.1.jar:lib/commons-compress-1.8.jar:lib/commons-csv-1.2.jar:lib/commons-dbcp-1.3-CISD.jar:lib/commons-fileupload-1.3.3.jar:lib/commons-io-2.6.jar:lib/commons-lang3-3.11.jar:lib/commons-logging-1.1.1.jar:lib/commons-pool-1.5.6.jar:lib/commons-text-1.6.jar:lib/datastore_server-20.10.7-r1688387419.jar:lib/datastore_server_plugin-dsu-20.10.7-r1688387419.jar:lib/datastore_server_plugin-plasmid-20.10.7-r1688387419.jar:lib/datastore_server_plugin-yeastx-20.10.7-r1688387419.jar:lib/dbmigration-20.10.7-r1688387419.jar:lib/docx4j-6.1.2.jar:lib/dom4j-1.6.1.jar:lib/ehcache-2.10.0.jar:lib/eodsql-2.2-CISD.jar:lib/fast-md5-2.6.1.jar:lib/ftpserver-core-1.0.6.jar:lib/guava-25.0-jre.jar:lib/h2-1.1.115.jar:lib/hamcrest-core-1.3.jar:lib/hamcrest-integration-1.3.jar:lib/hamcrest-library-1.3.jar:lib/httpclient-4.3.6.jar:lib/httpcore-4.3.3.jar:lib/ij-1.43u.jar:lib/image-viewer-0.3.6.jar:lib/istack-commons-runtime-3.0.5.jar:lib/jackcess-1.2.2.jar:lib/jackson-annotations-2.9.10.jar:lib/jackson-core-2.9.10.jar:lib/jackson-databind-2.9.10.8.jar:lib/jandex-2.0.3.Final.jar:lib/javacsv-2.0.jar:lib/javassist-3.20.0.GA.jar:lib/javax.annotation-api-1.3.2.jar:lib/javax.jws-3.1.2.2.jar:lib/jaxb-api-2.3.0.jar:lib/jaxb-core-2.3.0.jar:lib/jaxb-runtime-2.3.0.jar:lib/jboss-logging-3.3.0.Final.jar:lib/jboss-transaction-api_1.2_spec-1.0.0.Final.jar:lib/jcommon.jar:lib/jetty-client-9.4.44.v20210927.jar:lib/jetty-deploy-9.4.44.v20210927.jar:lib/jetty-http-9.4.44.v20210927.jar:lib/jetty-io-9.4.44.v20210927.jar:lib/jetty-security-9.4.44.v20210927.jar:lib/jetty-server-9.4.44.v20210927.jar:lib/jetty-servlet-9.4.44.v20210927.jar:lib/jetty-util-9.4.44.v20210927.jar:lib/jetty-webapp-9.4.44.v20210927.jar:lib/jetty-xml-9.4.44.v20210927.jar:lib/jfreechart-1.0.13.jar:lib/jline-0.9.94.jar:lib/jsonrpc4j-1.5.3.jar:lib/jsoup-1.14.2.jar:lib/jython-2.5.2.jar:lib/log4j-1.2.15.jar:lib/mail-1.4.3.jar:lib/marathon-spring-util-1.2.5.jar:lib/mina-core-2.0.7.jar:lib/openbis-20.10.7-r1688387419.jar:lib/openbis-common.jar:lib/openbis-mobile-r29271.jar:lib/openbis_api-20.10.7-r1688387419.jar:lib/pngj-0.62.jar:lib/poi-3.17.jar:lib/poi-ooxml-3.17.jar:lib/poi-ooxml-schemas-3.17.jar:lib/postgresql-42.5.0.jar:lib/reflections-0.9.10.jar:lib/restrictionchecker-1.0.2.jar:lib/screening-20.10.7-r1688387419.jar:lib/serializer-2.7.2.jar:lib/servlet-api-3.1.0.jar:lib/sis-base-18.09.0.jar:lib/sis-file-transfer-19.03.1.jar:lib/sis-jhdf5-19.04.0.jar:lib/slf4j-1.6.2.jar:lib/slf4j-api-1.7.24.jar:lib/slf4j-log4j12-1.6.2.jar:lib/spring-aop-5.0.17.RELEASE.jar:lib/spring-beans-5.0.17.RELEASE.jar:lib/spring-context-5.0.17.RELEASE.jar:lib/spring-context-support-5.0.17.RELEASE.jar:lib/spring-core-5.0.17.RELEASE.jar:lib/spring-expression-5.0.17.RELEASE.jar:lib/spring-jcl-5.0.17.RELEASE.jar:lib/spring-jdbc-5.0.17.RELEASE.jar:lib/spring-orm-5.0.17.RELEASE.jar:lib/spring-tx-5.0.17.RELEASE.jar:lib/spring-web-5.0.17.RELEASE.jar:lib/spring-webmvc-5.0.1.RELEASE.jar:lib/sshd-common.jar:lib/sshd-core-2.7.0.jar:lib/sshd-sftp-2.7.0.jar:lib/stax-api-1.0.1.jar:lib/stax2-api-3.0.4.jar:lib/truezip-6.8.1.jar:lib/txw2-2.3.0.jar:lib/validation-api-1.0.0.GA.jar:lib/wstx-asl-4.0.0.jar:lib/xalan-2.7.2.jar:lib/xml-apis-1.3.03.jar:lib/xml-io-1.0.3.jar:lib/xmlbeans-2.6.0.jar:lib/xoai-common.jar:lib/xoai-data-provider-4.2.0.jar:ext-lib/*.jar ch.systemsx.cisd.openbis.dss.generic.DataStoreServer
Check connectivity to the database.
$ docker exec -it openbis psql -h postgres15 -U openbis openbis_prod -c "select id,user_id,email from persons";
Password for user openbis:
id | user_id | email
----+-----------+-------
1 | system |
2 | etlserver |
3 | admin |
(3 rows)
References
- openBIS: a flexible framework for managing and analyzing complex data in biology research
- openBIS official documentation
- openBIS official Docker image
- Docker Engine
- Docker Compose
- PostgreSQL official image
- NGINX Documentation
- HAProxy Documentation
- Apache HTTP Server Documentation
License
Copyright 2023-2025 Uruk-Hai
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Docker Pull Command
docker pull osgiliath/openbis