Nuxeo LTS 2025 Stack

Development Snapshot

This stack is under active development. It is not yet in production.

The Nuxeo LTS 2025 stack is the modernized content platform for SureClinical. It replaces the legacy SC Nuxeo 5.6 stack and provides:

A Nuxeo LTS 2025 document server (content store, repository, Automation API)
A Nuxeo Web UI browser frontend — embedded via iframe in the SureCentric Project Desktop
An APISIX reverse proxy gateway as the single browser entry point
A Logto identity provider for dev-only OIDC login
A Cloudflare tunnel for dev-only external access

This stack is the deveopment baseline for validating Nuxeo 2025 + SureCentric integration before the SC legacy stack is retired.

Production Baseline

The Nuxeo server image is built from the pinned Nuxeo LTS 2025.12 release:

Property	Value
Pinned commit	`cca344490e20f8f87bb550c4e5c27f04a3e273fa`
Release	`2025.12` — released Dec 16 2025
GitHub source	`https://github.com/SureClinical/Nuxeo/2025/Nuxeo-Prod-2025.12`
Local source path	`/Users/jetstart/dev/sureclinical/Nuxeo/2025/Nuxeo-Prod-2025.12`

important

Always build from the pinned 2025.12 commit. Do not use the moving 2025 branch head — it contains post-release development that has not been validated.

Docker Compose Stack: `nuxeo-webui-2025-local`

Compose file: upstream/nuxeo/2025/Nuxeo-webui-2025-local/docker-compose.yml

Container	Image	Port	Role
`nuxeo-webui-app-2025`	`nuxeo-sc-2025:local`	`28080→8080`	Nuxeo LTS 2025 server
`nuxeo-webui-db-2025`	`postgres:16`	`25432→5432`	Nuxeo database
`nuxeo-webui-apisix-local`	`apache/apisix:3.11.0-debian`	`25080→9080`	API gateway (browser entry point)
`nuxeo-web-ui-local`	`nuxeo-web-ui:3.1.29-local`	—	Nuxeo Web UI (served via APISIX)
`nuxeo-webui-cloudflared`	`cloudflare/cloudflared:latest`	—	Dev-only external tunnel
`nuxeo-webui-logto`	`svhd/logto:latest`	—	Dev-only OIDC identity
`nuxeo-webui-logto-postgres`	`postgres:17-alpine`	`26434→5432`	Logto database

Start the stack

cd upstream/nuxeo/2025/Nuxeo-webui-2025-local
docker compose up

To include Logto:

docker compose --profile auth up

GCP Image Registry

Both images are published to the SC shared Docker registry at:

us-east1-docker.pkg.dev/sc-internal/sc-docker/sureclinical/

Available images

Image	GCP Tag	Size
`nuxeo-sc-2025:local`	`nuxeo-sc-2025:2025.12`	~1.8 GB uncompressed
`nuxeo-web-ui:3.1.29-local`	`nuxeo-web-ui:3.1.29`	—

Developer setup — pull from GCP

gcloud auth configure-docker us-east1-docker.pkg.dev

docker pull us-east1-docker.pkg.dev/sc-internal/sc-docker/sureclinical/nuxeo-sc-2025:2025.12
docker pull us-east1-docker.pkg.dev/sc-internal/sc-docker/sureclinical/nuxeo-web-ui:3.1.29

# Re-tag to match docker-compose.yml
docker tag us-east1-docker.pkg.dev/sc-internal/sc-docker/sureclinical/nuxeo-sc-2025:2025.12 nuxeo-sc-2025:local
docker tag us-east1-docker.pkg.dev/sc-internal/sc-docker/sureclinical/nuxeo-web-ui:3.1.29 nuxeo-web-ui:3.1.29-local

Load from archive (if not using GCP)

docker load -i /path/to/nuxeo-sc-2025-local.tar.gz

The archive file is at: /Users/jetstart/dev/sureclinical/Nuxeo/2025/Nuxeo-sc-2025-local/nuxeo-sc-2025-local.tar.gz

Key Nuxeo Configuration

Config files are in upstream/nuxeo/2025/Nuxeo-webui-2025-local/conf.d/.

`20-webui-proxy.conf` — APISIX proxy settings

# Public URL seen by browsers (via APISIX)
nuxeo.url=http://localhost:25080/nuxeo

# Trust APISIX as a reverse proxy for CSRF validation
nuxeo.security.csrf.trustProxies=apisix

# Allow CORS from the APISIX origin
nuxeo.cors.urls=http://localhost:25080

# Dev-only: allow non-secure cookies over plain HTTP
nuxeo.bind.secure=false

SureNetwork integration properties

When this stack is running alongside the SureNetwork stack, add to nuxeo.conf:

suredms.network.api.url=http://network-service:8880
suredms.network.api.username=user
suredms.network.api.password=1234qwER
suredms.network.api.admin_username=admin
suredms.network.api.admin_password=1234qwER
suredms.network.api.external_username=external
suredms.network.api.external_password=1234qwER

Local URLs

Service	URL
Nuxeo server (direct)	`http://localhost:28080/nuxeo`
Nuxeo Web UI + APISIX	`http://localhost:25080`
Logto admin (optional)	`http://localhost:25080/logto-admin/`

SureDMS Extensions — Porting Status

The Nuxeo server image currently runs a base Nuxeo 2025 instance. The SureDMS-specific backend extensions are being ported from Nuxeo 5.6.

Module	Priority	Status
`suredms-nuxeo-mobile-api`	Tier 1	🔄 Pending port
`suredms-nuxeo-doctypes`	Tier 1	🔄 Pending port
`suredms-nuxeo-security`	Tier 1	🔄 Pending port
`suredms-nuxeo-management`	Tier 1	🔄 Pending port
`suredms-nuxeo-project`	Tier 1	🔄 Pending port
`suredms-nuxeo-database`	Tier 1	🔄 Pending port
`suredms-nuxeo-deployment-profile`	Tier 1	🔄 Pending port
`suredms-nuxeo-workflow-platform`	Tier 2	⏳ Later
`suredms-nuxeo-flex`	Tier 2	⏳ Later

Future Integration with SureCentric Platform

This stack is the target replacement for the SC Legacy Nuxeo 5.6 stack.

Planned convergence:

Tier 1 SureDMS extensions are ported and installed into this image
SureDrive (AngularJS) iframe connects to this Nuxeo 2025 backend instead of the legacy 5.6 stack
Full login and document navigator path validated on Nuxeo 2025
SC legacy (sc stack) is retired — Nuxeo 2025 becomes the only Nuxeo
This stack's database (PostgreSQL 16) absorbs the SC legacy database
The four-stack topology collapses toward a unified compose

See Platform Roadmap for the full phase plan.

Production Baseline​

Docker Compose Stack: nuxeo-webui-2025-local​

Start the stack​

GCP Image Registry​

Available images​

Developer setup — pull from GCP​

Load from archive (if not using GCP)​

Key Nuxeo Configuration​

20-webui-proxy.conf — APISIX proxy settings​

SureNetwork integration properties​

Local URLs​

SureDMS Extensions — Porting Status​

Future Integration with SureCentric Platform​