Technology stack
Last updated
Last updated
The technology stack behind the Terminology Server consists of the following components:
The Terminology Server application
Elasticsearch as the data layer
An LDAP-compliant authentication and authorization service
Optional: A reverse-proxy handling the requests towards the REST API
Outgoing communication from the Terminology Server goes via:
HTTP(s) towards Elasticsearch
LDAP(s) towards the A&A service
Incoming communication is handled through the HTTP port of 8080.
A selected reverse proxy solution is responsible for channeling all incoming traffic through to the Terminology Server.
The currently supported version of Elasticsearch is v7.17.1 which is upward compatible with any patch releases coming on the 7.x version stream. Elasticsearch v8 is not supported yet.
The Elasticsearch cluster can either be:
a co-located, single-node, self-hosted cluster
a managed Elasticsearch cluster hosted by elastic.co
Having a co-located Elasticsearch service next to the Terminology Server has a direct impact on the hardware requirements. See our list of recommended hardware on the next page.
For authorization and authentication, the application supports any traditional LDAP Directory Servers. We recommend starting with OpenLDAP and evolving to other solutions later because it is easy to set up and maintain while keeping Snow Owl's user data isolated from any other A&A services.
A reverse proxy, such as NGINX is recommended to be utilized between the Terminology Server and either the intranet or the internet. This will increase security and help with channeling REST API requests appropriately.
With a preconfigured domain name and DNS record, the default installation package can take care of requesting and maintaining the necessary certificates for secure HTTP. See the details of this in the Configuration section.
For simplifying the initial setup process we are shipping the Terminology Server with a default configuration of a co-located Elasticsearch cluster, a pre-populated OpenLDAP server, and an NGINX reverse proxy with the ability to opt-in for an SSL certificate.