Httpd and database error

jeff_ross wrote on Thursday, April 24, 2008:

We got this yesterday and it continues to display in the notes field.

Fault: Code: 5 Reason ‘Didn’t receive 200 OK from remote server. (HTTP/1.1
405 Method Not Allowed)’

I don’t see anything in the access or error logs for apache, though.  How can I clear it from the notes pane?  I don’t think it is actually in the notes–at least I can’t find it in the pnotes table.

Possibly related (although I’m not sure of the sequence of events because I wasn’t there) was a db error

insert failed: INSERT INTO form_physical_exam (forms_id, line_id, wnl, abn, diagnosis, comments) VALUES ( ‘207’, ‘TRTRET’, ‘1’, ‘0’, ", ‘1 month patient to call in B/P’s over the next few weeks.’) (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near’s over the next few weeks.’ ) ’ at line 1)

To my eye (which is way more used to PostgreSQL than mysql :wink: this is a simple escaping problem.  When I browse through the sql functions though, I don’t see any call to the adodb escaping functions.

I’m sure they must be somewhere, though, or this error would be popping up every time someone used an apostrophe in a comment.

Thanks,

Jeff

drbowen wrote on Thursday, April 24, 2008:

Fault: Code: 5 Reason ‘Didn’t receive 200 OK from remote server. (HTTP/1.1 405 Method Not Allowed)’

This error in the ptnotes section usually is being generated by FreeB.  Are you running FreeB and SQL-Ledger?  Perhaps the FreeB server is not connecting correctly to SQL-Ledger.

Not all of the forms have been fixed to clean up user input correctly.  This form may not do this.  Most of the troublesome apostrophe mishandling has been cleaned up (but not all).

Sam Bowen, MD

jeff_ross wrote on Friday, April 25, 2008:

Here is the actual error message from the apache system logs:

2008-04-25 11:04:32.519206500 local7.err: Apr 25 11:04:32 httpd[6545]: [error]
mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
2008-04-25 11:04:32.520045500 local7.err: Apr 25 11:04:32 httpd[6545]: [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
2008-04-25 11:04:32.520958500 local7.notice: Apr 25 11:04:32 httpd[26624]: HTTP error, got response: HTTP/1.1 400 Bad Request

I am running all of the openemr chrooted (OpenBSD) and over an ssl connection.

(As an aside, this little hitch in the git-a-long is the only problem I’ve had so far getting openemr to run in OpenBSD’s chrooted-by-default apache.)

I’ve double checked all of the config files and I don’t see anywhere that I’m not explicitly either using https: or port 443.

Can someone point me to some other FreeB docs?  Since it is a daemon started at boot, it’s possible that I’m not getting to it because of the chroot.  Does it use a socket to communicate to SQL-Ledger?  How can I tell if the two are interoperating?  SQL-Ledger is up and functioning and is accessible through the [SQL-Ledger] link on the billing page.

I’m definitely fuzzy as to how these two interoperate!

I’ll start grepping the tree for inserts and updates that aren’t escaped.  Are diff -u patches the preferred method for those of us who haven’t yet earned cvs access?

Thanks!

Jeff

drbowen wrote on Friday, April 25, 2008:

OpenBSD and a chrooted Apache environment.  Dude… you will be teaching us tricks before long!

FreeB is only required if you are going to use the billing functions.

If you are not running FreeB this is not causing this error.

FreeB is a separate package as is PostgreSQL and SQL-Ledger.

The basics of running OpenEMR requires only Apache, MySQL, PHP (including mysqli) but FreeB, PostgreSQL and SQL-Ledger are separate optional packages.  But FreeB runs as a separate server and you would possibly have to bring a lot of pieces into your chrooted environment (such as PERL).  But it would not be smart to have PERL inside the chrooted environment at all.

The failed insert should have only affected that one step. The attempted insertion of the new form_physical_exam.   Usually you get an error stating “Insert failed…”  To recover you just hit the back button and take out the apostrophe.  I use the ` character because to most normal humans it reads as an apostrophe and they never notice that it is not.  I don’t this would have caused the server error.

There is not much documentation on FreeB.  If you want to try hacking FreeB, you better talk to Rod Roark or Tekkno Genius. FreeB is written in a complex PERL tangled ball.

To me it looks like the client machine is not correctly requesting the page from https port.

Sam Bowen, MD

ajonate wrote on Friday, April 25, 2008:

That’s a real shame about FreeB. It seems that there’s a huge market gap left open with no really good open source solution for HCFA 1500 compliant billing software. With all the talent out there you would think that someone would be furiously working on it.

drbowen wrote on Friday, April 25, 2008:

I am not saying that we are just dropping FreeB.  We are replacing its functionality with native OpenEMR code.

FreeB is a complicated beast with a lot of  "write only PERL" code that does a very simple thing, generate electronic and paper claims.  It is akin to running around your left elbow to get to the door knob that is already at you right hand.  While it works, it is somewhat slow and cumbersome.

We are very close to not needing FreeB at all.  OpenEMR already does the electronic claims and passes charges to the SQL-Ledger module.   As is, OpenEMR has about 85% of the functionality of FreeB.  One relatively small piece remains.  To generate paper claims from OpenEMR (without FreeB).  At that point FreeB while be just an extra, rusty flat tire that we have been carrying around as a "necessary" spare part.

Getting rid of the FreeB means not having to install all of the extra PERL modules that FreeB requires.  We already have volunteers working on adding the practice management code to the OpenEMR Apache, MySQL, PHP environment.

Currently, to get everything installed and talking together you need a moderately-to-very skillful IT manager to get all the parts talking to each other.  Once OpenEMR is writing paper claims (without FreeB) and the practice management is brought inside the main source code, the entire installation will be dramatically easier.

Rod Roark, Andres Paglayan, and Tekkno Genius review new code and make contributions until they knoe the developer and can give better access.  I imagine diff -u patches would be fine.

Have you tried running the existing code on port 80 to see if it will work in the OpenBSD chrooted Apache environment?

While I admire what you are doing you have definitely jumped into some cold and lonely water.

Sam Bowen, MD

ajonate wrote on Friday, April 25, 2008:

Having full billing capabilities integrated into future releases of OpenEMR would be terrific, but I’m concerned that future versions will be specific to Linux. Is there any way to assure that the preservation of cross-platform compatibility remains a priority in the project?

drbowen wrote on Monday, April 28, 2008:

The following message expresses the personal ideological opinion of the author:

The nature of OpenEMR makes it very platform independent.  OpenEMR is a "web page" that depends on the underlying Apache, MySQL, PHP.  The Apache, MySQL, PHP development teams have have made great effort to remain platform independent and this has worked to our advantage.

The javascript is actually what causes the most trouble. Sun Microsystems has been heroic in their effort to make Java platform.  Microsoft on the other hand intentionally tries to make the environments less universal.  The development of c# and the dot net environments appear "at least to me" to be specifically targeted to avoid the cross platform capability of Java.

The javascript ends up being very quirky and dependent on the host browser.  We can standardize on one browser for instance “Firefox”.  But that does not prevent Microsoft from intentionally undermining these efforts and changing Internet Explorer so that IE won’t work where Firefox does.

Microsoft has never been content with controlling 95% of the world’s desktop market.  MS continually tries to go for complete and total domination of the market.  There strategy historically is one of isolationism of the MS products and not one of cooperation with cross platform use.

OpenBSD is in a somewhat similar self imposed isolation.  Albeit the motivation could not be more different.  The OpenBSD development insists on absolute line by line code security.  Nothing makes it into the OpenBSD OS without a line by line security audit.  Their amazing track record speaks for itself.

How many operating systems can brag that they have had only 2 (two, not two dozen, not two thousand, and certainly not 2 million per day), exactly 2, remote security holes in the last 10 years.  So compatibility with OpenBSD depends on the OpenBSD development team, their work load, and whether they will permit OpenBSD to perform certain functions based on their security mania.

In my view OpenEMR is amazing in its cross platform capability though I acknowledge this is due to the efforts of the Apache, MySQL, and PHP development teams.

Sincerely,

Sam Bowen, MD

ajonate wrote on Tuesday, April 29, 2008:

"The nature of OpenEMR makes it very platform independent."

Maybe so, but I haven’t had any luck getting 2.8.3 to work on XP yet. It doesn’t seem to be able to communicate with MySQL properly.

drbowen wrote on Wednesday, April 30, 2008:

If the Microsoft product doesn’t work it’s usually because the OS has been crippled by Microsoft by withholding the drivers necessary to run the major pieces such as MySQL.  I am surprised that you have jumped from Windows XP to OpenBSD.  That’s quite a culture shock for me ;-).

Even so, there seem to have been users who got things working on MS Windows XP Professional.  My problems with XP are usually some kind of permission problem usually involving the upgrade to service pack 2.  This broke a lot of stuff.  I can’t say whether these users were running service pack 1 or 2.

I my (limited) MS experience, the Server grade OSes fare better than the desktop versions primarily because they ship with a full set of drivers.

Sam Bowen, MD

ajonate wrote on Wednesday, April 30, 2008:

It would still seem that if 2.8.1 works well with Windows XP Pro then 2.8.3 should also, unless there is something different about the way 2.8.3 communicates with MySQL. If you know anyone who has been able to get 2.8.3 working with XP then perhaps he could be encouraged to post a recipe.

openemrhq wrote on Wednesday, April 30, 2008:

I’m playing around with 2.8.3 today and will report on my success on getting it to run on Windows XP Pro/SP2. I’ll also post a recipe and/or patch if I get it running.

Dave Kennerson
OpenEMR HQ, Inc.

jeff_ross wrote on Saturday, May 03, 2008:

Following up on my original questions, so I’m skipping around the thread hijacking…

I started with OpenBSD right after my RedHat 5.2 server got rooted due to a security flaw in its bundled ssh.

If you’ve never been rooted you may have a hard time believing me when I tell you I felt like I’d been violated in a very personal way.   I cannot adequately describe the shock I had when I found new user accounts on my server, and worse, that I could no longer log in as root from the console because root’s password had been changed by the cracker.

I immediately yanked the cat5.  As I researched the exploit I found out that there was this OpenSSH bunch that was not vulnerable to the exploit that got me, and that they were closely aligned to OpenBSD.

That was in 2001, and I’ve never looked back.

So, I’ll do what it takes to get OpenEMR to work with OpenBSD because that is the only OS I run on any server.

I did put perl and all its dependencies in the chroot *for now* to try to get the OpenEMR<->FreeB<->SQl-Ledger system to work.  I will even go so far as to unchroot httpd if I have to to make this work, but my goal will always be to get it all back into the chroot before I’m done.  And believe me, I would not even consider unchrooting httpd if I were not behind an OpenBSD firewall!

In a later message in this thread Dr Bowen I think confuses me with someone coming from windows but that is (thankfully) not me.  Like most of you, I suspect, I *support* Windows but I will not run it.

I have something else to add, but I’ll start a new thread for that :-)  Before I go, though, as a coder and general purpose geek, I’d like to thank those responsible for OpenEMR.  Before I found you I was getting ready to code up a replacement for a failed Misys installation from the ground up.  Now I have a huge leg up on that whole process!

Jeff

ajonate wrote on Saturday, May 03, 2008:

RedHat 5.2, good grief. My first Linux box was RedHat 6.0 and that had to be 10 years ago.

RedHat is a good server platform, but you’re sure to get rooted if you don’t apply your security updates. That’s why RedHat provides “yum”. Not only can you issue the “yum update” command to automatically update packages with security flaws, but you can also install applications with all dependencies intact using the “yum install [any-package]” command. Yum will fetch & install the application along with any necessary supporting software that isn’t already installed in your machine.

Getting rooted is a drag. Hackers (actually they’re just “script kiddies”) only need to pay attention to the Linux security updates to learn how to invade servers. They’re looking for servers without having updates applied, but if you keep up with your yum updates you’ll stay ahead of the ankle biters.

There are a lot of advantages to using Linux over OpenBSD, particularly with RedHat. The security update program is sophisticated (and free), it has a huge installed base, it has the best variety of software for any UNIX platform, and Fedora is free & makes a terrific commercial server platform (no matter what ANYONE tells you!).

mbrody wrote on Sunday, May 04, 2008:

Well I may as well put in my 2 cents.

Fedora Core is a wonderful release…  but it has developmental code in it, and whereas I do run Fedora on servers that I use internally,  I am hesitant to put it on a production box.  If you are going to use a RHEL derivitive on a production box I strongly recommend CentOS.

Michael

drbowen wrote on Sunday, May 04, 2008:

I started with RedHat 5.2.  1999.

No operating system, commercial or free, has the security record of OpenBSD.

There are ease of use issues with OpenBSD compared to any operating system.  But you can’t have it both ways.  You either have better security or you have more convenience.  OpenBSD is the security standard by which all others are compared.

Thanks, Jeff, for clearing up my misunderstanding.

Back to your original question:

****
We got this yesterday and it continues to display in the notes field.

Fault: Code: 5 Reason ‘Didn’t receive 200 OK from remote server. (HTTP/1.1
405 Method Not Allowed)’
****

When I see this error code it means that FreeB is not talking correctly to SQL-Ledger.  Given the complexity of your setup I would think that starting with the simplest installation first and then adding the pieces one at a time would help debug the situation better? 

I clearly understand your desire for security so don’t take this the wrong way, but have you tried the straight install on the OpenBSD without the chroot environment?

Sam Bowen, MD

mike-h30 wrote on Sunday, May 04, 2008:

I finally was able to get SQL Ledger working with OpenEMR on Suse Linux Enterprise Server 10 - SP1 and now I also notice this same error in the notes section. 

Fault: Code: 5 Reason 'Didn’t receive 200 OK from remote server. (HTTP/1.1 500 Internal Server Error)

I did not install FreeB.  I thought installing FreeB was optional.

Please advise.

-Mike

mike-h30 wrote on Sunday, May 04, 2008:

Here is my Apache error log.  I followed the SQL Ledger installation from Brady’s manual.

[Sun May 04 17:59:04 2008] [error] [client 127.0.0.1] Can’t locate Frontier/Responder.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/i586-linux-thread-multi /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at /usr/local/sql-ledger/ws_server.pl line 8.
[Sun May 04 17:59:04 2008] [error] [client 127.0.0.1] BEGIN failed–compilation aborted at /usr/local/sql-ledger/ws_server.pl line 8.
[Sun May 04 17:59:04 2008] [error] [client 127.0.0.1] Premature end of script headers: ws_server.pl
[Sun May 04 17:59:04 2008] [error] [client 192.168.1.89] HTTP error, got response: HTTP/1.1 500 Internal Server Error, referer: http://192.168.1.89/openemr-2.8.3/interface/patient_file/summary/patient_summary.php
[Sun May 04 17:59:04 2008] [error] [client 192.168.1.89] PHP Notice:  Undefined variable: all in /srv/www/htdocs/openemr-2.8.3/library/pnotes.inc on line 39, referer: http://192.168.1.89/openemr-2.8.3/interface/patient_file/summary/patient_summary.php

jeff_ross wrote on Monday, May 05, 2008:

Looks like you need to install Frontier::Responder from CPAN.

If you have trouble getting it to install, try this (as root, to install it into the normal perl locations)

perl -MCPAN -e "CPAN::Shell->force(qw(install Frontier::Responder));"

There are other perl modules you need for SQL-Ledger as well, so you may need to change the package in the line above and repeat.

Jeff

mike-h30 wrote on Monday, May 05, 2008:

Thanks Jeff! 

I will try that.  I skipped over the FreeB install instructions from Brady’s manual because I was not intending to use paper claim processing.   Installing Frontier::Responder is referenced there. 

Should I install all of the FreeB perl dependencies even though I am not planning on using FreeB?