David Le
Back to Blog
UncategorizedFebruary 17, 2026·4 min read

Roadmap: Production, Security, and Scaling

InteropNimbus is currently running in a single-node Docker Compose setup. The roadmap for production hardening includes several key areas.

D

David Le

Production Hardening

InteropNimbus is currently running in a single-node Docker Compose setup. The roadmap for production hardening includes several key areas.

Content Security Policy

Adding strict CSP headers to the Nginx configuration:

  • default-src 'self' — only load resources from the same origin
  • script-src 'self' — prevent inline scripts and third-party script injection
  • connect-src — whitelist only the Keycloak and API endpoints
  • frame-ancestors 'none' — prevent clickjacking

Rate Limiting

Traefik middleware for rate limiting API requests:

  • Per-IP rate limits on the authentication endpoints
  • Separate limits for API calls vs. static asset requests
  • Graduated response: slow down before blocking

Centralized Logging

Forward application and Keycloak audit logs to a centralized system:

  • Loki for log aggregation (already running for other services)
  • Structured JSON logs from Nginx access logs
  • Keycloak authentication events for security monitoring

Scaling Path

Kubernetes Migration

The current Docker Compose setup works for a single node, but the architecture is designed to be Kubernetes-ready:

  • Stateless frontend — the Nginx container can scale horizontally with no shared state
  • External auth — Keycloak runs independently, so frontend replicas share the same auth provider
  • Health checks — already configured for K8s liveness and readiness probes

The migration path follows the same pattern used for FhirHub's K3s deployment (covered in that blog series).

Monitoring

Planned monitoring stack:

  • Prometheus — metrics collection from Traefik, Keycloak, and application endpoints
  • Grafana — dashboards for request rates, error rates, and authentication metrics
  • Alerting — PagerDuty or Slack notifications for SLA breaches

Traefik already exposes Prometheus metrics:

metrics:
  prometheus:
    entryPoint: metrics
    addEntryPointsLabels: true
    addServicesLabels: true
    addRoutersLabels: true

Feature Roadmap

Near-Term

  • Channel management — start, stop, and restart Mirth channels from the dashboard
  • Message search — full-text search across message content
  • FHIR write operations — create and update FHIR resources

Medium-Term

  • CI/CD pipeline — automated builds, tests, and deployments on push
  • E2E testing — Playwright tests against mock APIs
  • Dark mode — Tailwind's dark mode support is already configured

Long-Term

  • Multi-tenant — support multiple Mirth Connect instances per organization
  • Webhook notifications — alert on channel errors or SLA breaches
  • Plugin architecture — extensible dashboard widgets for custom integrations

Building InteropNimbus — Part 7 of 8

PreviousNext

Related Projects

Featured

FhirHub

An open-source clinical data platform built on FHIR R4 that unifies patient demographics, vitals, labs, medications, and conditions into a single interface with SMART on FHIR authentication and role-based access.

Next.js
React
TypeScript
.NET 8
+9
View Details
Featured

InteropNimbus

A healthcare interoperability monitoring dashboard for Mirth Connect and HAPI FHIR. Provides real-time channel health, message tracing, and FHIR gateway visibility with enterprise SSO via Keycloak.

React 19
TypeScript
Vite 7
Tailwind CSS v4
+6
View Details
View all projects →