Improve development environment defaults and storage setup (#849)

* chore(dev-env): add env template and archive override

* Add .env.example documenting development defaults for services, storage, and optional integrations
* Rename docker-compose.override.yml to docker-compose.override.yml.bak and retain expanded rustfs/minio setup
* Ignore override file to prevent accidental inclusion in version control

* fix(core): use external MinIO endpoint for presigned URLs

* Add MINIO_PORT and MINIO_EXTERNAL_ENDPOINT defaults to expose stable host and port for browser access
* Introduce MINIO_EXTERNAL_ENDPOINT and MINIO_REGION settings for external client configuration
* Create dedicated external MinIO client for url_for to generate correct presigned URLs
* Update docker-compose overrides to pass new MinIO environment variables

* chore(s3-like-export): rename external_client to _presign_client because it was ambiguous

Author: filiperochalopes

.env.example

@@ -0,0 +1,102 @@
+# =============================================================================
+# OCL API2 - Environment Variables
+# Copy this file to .env and adjust the values for your environment.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# General
+# -----------------------------------------------------------------------------
+ENVIRONMENT=development
+DEBUG=TRUE
+# Disables the lookup of language maps on startup (speeds up dev boot)
+NO_LM=TRUE
+SERVICE_NAME=oclapi2
+
+# -----------------------------------------------------------------------------
+# API
+# -----------------------------------------------------------------------------
+API_BASE_URL=http://localhost:8000
+API_INTERNAL_BASE_URL=http://api:8000
+API_HOST=0.0.0.0
+API_PORT=8000
+API_SUPERUSER_PASSWORD=Root123
+API_SUPERUSER_TOKEN=891b4b17feab99f3ff7e5b5d04ccc5da7aa96da6
+SECRET_KEY=
+
+# -----------------------------------------------------------------------------
+# Database (PostgreSQL)
+# -----------------------------------------------------------------------------
+DB=postgres
+DB_HOST=db
+DB_PORT=5432
+DB_USER=postgres
+DB_PASSWORD=Postgres123
+
+# -----------------------------------------------------------------------------
+# Redis
+# -----------------------------------------------------------------------------
+REDIS_HOST=redis
+REDIS_PORT=6379
+
+# -----------------------------------------------------------------------------
+# Elasticsearch
+# -----------------------------------------------------------------------------
+ES_HOSTS=es:9200
+ES_SCHEME=http
+
+# -----------------------------------------------------------------------------
+# Export Storage
+# Supported backends:
+#   core.services.storages.cloud.aws.S3        (AWS S3)
+#   core.services.storages.cloud.minio.MinIO   (MinIO or any S3-compatible, e.g. RustFS)
+#   core.services.storages.cloud.azure.BlobStorage
+# -----------------------------------------------------------------------------
+EXPORT_SERVICE=core.services.storages.cloud.minio.MinIO
+
+# MinIO / RustFS (S3-compatible) — used when EXPORT_SERVICE=MinIO
+MINIO_PORT=9090
+MINIO_ENDPOINT=rustfs:9000
+MINIO_EXTERNAL_ENDPOINT=localhost:${MINIO_PORT:-9090}
+MINIO_ACCESS_KEY=rustfsadmin
+MINIO_SECRET_KEY=rustfsadmin
+MINIO_BUCKET_NAME=oclapi2-dev
+MINIO_SECURE=false
+
+# AWS S3 — used when EXPORT_SERVICE=S3
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_STORAGE_BUCKET_NAME=oclapi2-dev
+AWS_REGION_NAME=us-east-2
+
+# Azure Blob Storage — used when EXPORT_SERVICE=BlobStorage
+AZURE_STORAGE_ACCOUNT_NAME=
+AZURE_STORAGE_CONTAINER_NAME=
+AZURE_STORAGE_CONNECTION_STRING=
+
+# -----------------------------------------------------------------------------
+# Flower (Celery monitoring UI)
+# -----------------------------------------------------------------------------
+FLOWER_USER=root
+FLOWER_PASSWORD=Root123
+
+# -----------------------------------------------------------------------------
+# FHIR Validator
+# -----------------------------------------------------------------------------
+FHIR_VALIDATOR_URL=http://fhir_validator:3500
+
+# -----------------------------------------------------------------------------
+# Error tracking (optional)
+# -----------------------------------------------------------------------------
+SENTRY_DSN_KEY=
+ERRBIT_URL=
+ERRBIT_KEY=
+
+# -----------------------------------------------------------------------------
+# Email (optional)
+# -----------------------------------------------------------------------------
+EMAIL_NOREPLY_PASSWORD=
+
+# -----------------------------------------------------------------------------
+# Throttling (optional)
+# -----------------------------------------------------------------------------
+ENABLE_THROTTLING=

.gitignore

@@ -257,6 +257,7 @@ venv/
 ENV/
 env.bak/
 venv.bak/
+docker-compose.override.yml
 
 # Spyder project settings
 .spyderproject

core/services/storages/cloud/minio.py

@@ -14,12 +14,22 @@ class MinIO(CloudStorageServiceInterface):
     def __init__(self):
         super().__init__()
         self.endpoint = settings.MINIO_ENDPOINT
+        self.external_endpoint = settings.MINIO_EXTERNAL_ENDPOINT or self.endpoint
         self.access_key = settings.MINIO_ACCESS_KEY
         self.secret_key = settings.MINIO_SECRET_KEY
         self.bucket_name = settings.MINIO_BUCKET_NAME
         self.secure = settings.MINIO_SECURE
         self.client = Minio(endpoint=self.endpoint, access_key=self.access_key, secret_key=self.secret_key,
                             secure=self.secure)
+        # Dedicated client for presigned URL generation.
+        # Uses the external endpoint so the signature carries the publicly accessible host.
+        # Region is set explicitly to avoid a network round-trip for region discovery
+        # (the external endpoint is not reachable from inside the container).
+        # All other operations use self.client (internal endpoint) since they run server-side.
+        self._presign_client = Minio(
+            endpoint=self.external_endpoint, access_key=self.access_key, secret_key=self.secret_key,
+            secure=self.secure, region=settings.MINIO_REGION
+        ) if self.external_endpoint != self.endpoint else self.client
         # Ensure the bucket exists
         if not self.client.bucket_exists(self.bucket_name):
             self.client.make_bucket(self.bucket_name)
@@ -77,11 +87,14 @@ def upload_base64(self, doc_base64, file_name, append_extension=True, public_rea
 
     def url_for(self, file_path):
         """
-        Generates a presigned URL for the given file.
+        Generates a presigned URL for the given file using the external client so the
+        signature is computed with the publicly accessible host (MINIO_EXTERNAL_ENDPOINT).
+        Falls back to the internal client when no external endpoint is configured.
         """
         try:
-            return self.client.get_presigned_url(method='GET', bucket_name=self.bucket_name, object_name=file_path) \
-                if file_path else None
+            return self._presign_client.get_presigned_url(
+                method='GET', bucket_name=self.bucket_name, object_name=file_path
+            ) if file_path else None
         except S3Error as e:
             raise Exception(f"Could not generate presigned URL for file {file_path}. Error: {e}") from e  # pylint: disable=broad-exception-raised
 

core/settings.py

@@ -625,6 +625,8 @@ def get_set_from_env(name):
 
 # MINIO storage settings
 MINIO_ENDPOINT = os.environ.get('MINIO_ENDPOINT', '')
+MINIO_EXTERNAL_ENDPOINT = os.environ.get('MINIO_EXTERNAL_ENDPOINT', '')
+MINIO_REGION = os.environ.get('MINIO_REGION', 'us-east-1')
 MINIO_ACCESS_KEY = os.environ.get('MINIO_ACCESS_KEY', '')
 MINIO_SECRET_KEY = os.environ.get('MINIO_SECRET_KEY', '')
 MINIO_BUCKET_NAME = os.environ.get('MINIO_BUCKET_NAME', '')

docker-compose.override.yml docker-compose.override.yml.bakdocker-compose.override.yml renamed to docker-compose.override.yml.bak

@@ -1,12 +1,25 @@
 services:
+  rustfs:
+    image: rustfs/rustfs
+    ports:
+      - ${MINIO_PORT:-9000}:9000
+      - 9001:9001
+    environment:
+      - RUSTFS_ROOT_USER=${MINIO_ACCESS_KEY-rustfsadmin}
+      - RUSTFS_ROOT_PASSWORD=${MINIO_SECRET_KEY-rustfsadmin}
+    volumes:
+      - rustfs-data:/data
+    restart: "no"
   db:
     ports:
       - 5432:5432
     restart: "no"
+    command: postgres -c max_connections=300
   redis:
     ports:
       - 6379:6379
     restart: "no"
+    command: /opt/bitnami/scripts/redis/run.sh --maxmemory 4096mb
   api:
     build: .
     ports:
@@ -20,9 +33,18 @@ services:
       - es
       - celery
       - flower
+      - rustfs
     environment:
       - ENVIRONMENT=development
       - DEBUG=${DEBUG-TRUE}
+      - NO_LM=TRUE
+      - EXPORT_SERVICE=core.services.storages.cloud.minio.MinIO
+      - MINIO_ENDPOINT=rustfs:9000
+      - MINIO_EXTERNAL_ENDPOINT=${MINIO_EXTERNAL_ENDPOINT-localhost:${MINIO_PORT:-9000}}
+      - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY-rustfsadmin}
+      - MINIO_SECRET_KEY=${MINIO_SECRET_KEY-rustfsadmin}
+      - MINIO_BUCKET_NAME=${MINIO_BUCKET_NAME-oclapi2-dev}
+      - MINIO_SECURE=${MINIO_SECURE-false}
   celery:
     build: .
     volumes:
@@ -93,3 +115,8 @@ services:
     ports:
       - 9200:9200
     restart: "no"
+    environment:
+      - m=4gb
+
+volumes:
+  rustfs-data: