hi @preetimochi , do you remember what you selected from the setup?
am sure @jesdynf will be glad to weigh in and help
There’s not a lot to go on, unfortunately. We just got finished serving a ticket on the main repo where a user on Windows was unable to connect to EC2 instances (not ours alone) for completely unclear reasons, so I know it can happen if not why.
Note that it’s not really possible for any of the Amazon packages to fail in such a way that ssh will be non-responsive, that’s just flat not going to happen and it’s pointing to problems with the network or security groups. I recommend trying to start a regular old Amazon instance in the same VPC and subnet and see if you can connect to that.
If you can’t, you know you’ve got a different problem to resolve that. If you can, then you’ve got something to compare now.
1 Like
I did not have any issues setting up OpenEMR on my local workstation.
Why AWS would not work was something I did not feel was worth the effort to spend more time on. I followed all of the guides and suggestions to make it work but the problem persisted.
I ended up creating a web portal (static public IP address) and installed OpenEMR on my server. It worked first time and has not had any issues. It was actually very easy to do and inexpensive.
Unfortunately, I have not been able to complete the setup of OpenEMR to be used in my company. (My company has other projects I’ve been busy doing.)
When I check OpenEMR, it works fine but we have not put any data into the system and start using it as an EMR system.
We will probably need to hire a consultant / developer to assist in implementation of OpenEMR in my company. I’m sure the expense of that will be worth the cost.
1 Like
I selected launch from Website & t2.micro. I tried to SSH in & it had the same error as online its timing out.
I seem to be able to SSH in on the free Lightsail version but even trying to SSH in on the Express version is timing out. I’m seeing these errors so trying to work through these - I’m on a Mac so not sure I can do the first but trying to set up the IAM instance profile.
You wouldn’t be able to connect that way, I never installed SSM Agent. (Maybe I should?)
I will note that the user you should connect with is “ubuntu”, not “root”, though that wouldn’t cause timeouts. I continue to suspect this is a network or security group issue – no other user has reported an inability to connect to an Express instance. The domain and command do look otherwise correct, however.
For the security group, I just chose the default security group settings. It seems to be passing both of the status checks. The only other thing I can think of is that Im currently located in the west coast but the instance is on east coast availability zone, would that make a difference? Also where would I have set up the ubuntu user?
You wouldn’t’ve set it up, I did when I made the instance. I gave AWS a Ubuntu 20.04 instance I configured, and then when you spun it up in your environment AWS added your key to it.
But I think you just put your finger on the problem – the “default” security group does not allow public access to servers. Create a new security group that allows inbound access to 80/443 and your ip to 22 and add it to the instance and you should be good.
(Do not /replace/ the ‘default’ security group, that’s important and it matters, just add your new group.)
This seems to be progress, never got this before. But I did as you suggested and added a new security group with inbound access to ports 80/443/22.
That’s not a problem, that’s correct – it’s using a self-signed SSL certificate, which your browser properly dislikes. You’d need to add your own SSL cert once you’ve assigned a domain. You can connect to port 80 instead (nnnnnnot for production though) to avoid this message for now, though I’d rather you just clicked through.
I’ve been able to login to OpenEMR using your suggestion of going through Port 80 & it seems to be working great, but I’m unable to SSH into the site or connect through the other methods on AWS.
I’ve been able to connect when I put my Port 22 security rule to 0.0.0.0/0, for some reason setting it to MyIP seems to have been the problem? Why would that be?
Instance Connect doesn’t use /your/ IP, it uses the mothership IP (see OpenEMR 6.1.0 Devops - #17 by jesdynf), but that doesn’t explain why direct SSH connections are giving you grief. Maybe you should connect to the instance and then see what IPs are connected to it, if it doesn’t think your IP is really your IP?
I see that we need to run the following command to find the mothership IP. But not sure where we are supposed to run this? Within the instance?
$ curl -s https://ip-ranges.amazonaws.com/ip-ranges.json| jq -r ‘.prefixes[] | select(.region==“us-east-1”) | select(.service==“EC2_INSTANCE_CONNECT”) | .ip_prefix’
Anywhere, it’s a public resource. Just make sure to put the right region in there, if you’re not in us-east-1. See the page I link from the forum post for more information.
Hey Asher,
Still having some problems with the SSH, started over with a Standard AWS Instance, I’ve done the following to debug:
- Modified the 3 security groups so they all have port 22 access
- Modified the policy so that - SendSSHPublicKey - is allowed for the instance ARM
- Made sure that I can connect with AWS Instance Connect & checked that the public key is the one I have on the server
- File not found - tried moving it into the SSH directory
- CHMOD 400 the .pem key file
The only thing that seems odd right now is that for some reason when I ssh in it seems to be looking for an ed25519 file instead of the rsa public key that I have.
I’m not sure I’m able to debug problems with your local ssh configuration, which is what “file not found” issues connecting sound like to me. AWS Standard is built on the Ubuntu 20.04 LTS instance AWS provides, it’s not anything strange or exotic, and if Instance Connect is working then sshd is functional and listening. There’s not a lot more I can say except that you should try connecting with another device maybe?
I tried looking into VPC & the internet gateway was not open, so just fixed that by adding a new route. Not sure that I did it correctly, but it seems like there are a lot of things that need to be done in order to get the Standard AWS version up & running, especially if you need access to the API.
I can’t find any straightforward documentation walking through all these steps. Do you know where that might be, because it seems like I keep stalling on simple things.
Wasn’t able to solve the SSH problem, so trying to set up a new instance with new key/pair in case its a perms issue.
Hi @preetimochi ,
I have solved this issue, in case this issue is still persisting with you please let me know.
I would be glad to assist you as I am also using the AWS Cloud Express version 7.0 and have been struggling but slowly and steadily making small snail progress with loads of issues my way.
My acheivements:
- Successful connection using OpenEMR on Chrome.
- Successful connection on Ubuntu 20… using SSH connection.
- Have dive into MySQL on Ubuntu , have seen my DB, Schema, Tables and did some query as well.
- Successfully registered Apps on Open EMR
- Achieved accessing the Swagger to retrieve 1 patient record at a time.
- Next target: Working on trying hard to access all patients which I am currently struggling.
Also as you rightly said there is no great documentation answering when we use the AWS cloud express but I wish once I am all successful will write something so other could benefit from it.
Regards,
Ayesha