Getting ssl on OpenEMR Express Plus

Management and Administration
#1

Got a working instance of OpenEMR on an Amazon EC2 stack. Everything works fine except there is no ssl support.

I thought I might have to add a self-signed certificate, but I could not find the right directories.

Aha! Brady says they are in the docker, including certificates. Which they are. But the commands from within the container are so limited, I can’t really do anything except look.

And it seems that this would be built in from the start, and maybe I just need to turn something on, like run “a2enmod ssl” from the command line. Tried that, but of course that command is not supported.

Can anyone suggest how I could get ssl up and running on this?

As you can tell, I’m not a pro.

How can I add an SSL certificate to the AWS Standard version of OpenEMR
#2

cc’in this to @jesdynf and @toolbox ,
Shouldn’t SSL work out of the box on the OpenMR Express Plus stack since it’s using the standard dockers schema?

#3

@jesdynf is it possible the EC2 isn’t exposing the port? I’ll double check that the image properly self-generates and exposes the TLS magic stuff.

(EDIT: confirmed the container generates a self-signed cert at startup and exposes https on port 443)

#4

As an aside, @docaltmed, just being familiar enough to know why you might want to do something like a2enmod makes you much more of a pro than many others setting this stuff up, so don’t be discouraged! The reason that you’re finding the environment inside these containers to be pretty bare-bones is because it is. Just about all utilities that aren’t required have been stripped out to reduce bloat and attack surface. It’s also based on an alpine OS image, rather than the debian or ubuntu images you may be more familiar with, so installation of packages is done with apk add --no-cache packagename. If you’ve got any questions about the setup or how the containers work we’d be happy to go into depth!

#5

@docaltmed so I just checked with @jesdynf and confirmed that the Express instances should be exposing the right port for this. One thing they don’t do is an automatic ssl redirect though, since that might be the kind of thing a clinic might want to set up on their own (everyone’s got their own way of doing it). This might sound silly, but have you tried manually adding https:// to the beginning of the address navigating there? It should throw a security warning (due to the self-signed cert), but it should work.

2 Likes
#6

Ok, y’all are wizards because I swear I tried to get in using both https:// and 443: when I got the thing set up, and neither worked.

But now it does. I got all the TURN BACK NOW!! UNSAFE!! screaming, but past that it all works.

Thanks a bunch!

1 Like