I have looked for the apache2 folder and cant find it in the server. The website launches when I go to the URL but when I ssh into the server to look for the files associated with the website I cant find them under the normal location /var/www/html/. Does anyone know where the files sit when you do the Standard Edition install with AWS?
I was able to install Nano in Alpine linux. I am totally new to Docker, is there a easier way to access the container like I do the AWS instance? Also I tried to be able to access the RDS db and made it public but still cant seem to get it to connect, it continues to time out. I made changes to open it up but still not working. Any ideas or something to point me in the right direction? Ive been looking at youtube videos and read a bunch of other sites that all say the same thing but for some reason it doesnt work. do I need to ask about assigning a public IP to that RDS instance to be able to access it? Thank you for any all help you or anyone can provide.
FROM phpmyadmin/phpmyadmin
RUN a2enmod ssl
RUN sed -ri -e 's,80,443,' /etc/apache2/sites-available/000-default.conf
RUN sed -i -e '/^<\/VirtualHost>/i SSLEngine on' /etc/apache2/sites-available/000-default.conf
RUN sed -i -e '/^<\/VirtualHost>/i SSLCertificateFile /certs/cert.pem' /etc/apache2/sites-available/000-default.conf
RUN sed -i -e '/^<\/VirtualHost>/i SSLCertificateKeyFile /certs/privkey.pem' /etc/apache2/sites-available/000-default.conf
RUN sed -i -e '/^<\/VirtualHost>/i SSLCertificateChainFile /certs/fullchain.pem' /etc/apache2/sites-available/000-default.conf
EXPOSE 443
Everything Stephen suggested is great and probably how you should proceed, but I have some extra notes.
In AWS Standard, your webserver is public and your database is private, which is proper. I do /not/ recommend making the database public. That said, if you chose to do so, you’ll also have to change the networking security groups attached to the RDS instance to enable remote access; that’s what I suspect you didn’t do. (If you must do this, at least confine the keyhole to your current IP.)
However, there are two other perfectly serviceable methods to get access to a private RDS instance as long as you’ve got a public shell in the same VPC. You can shell in to the instance with ssh and use the mysql command-line client, with the RDS instance hostname and the username and password you assigned the server during CloudFormation configuration, or you can use ssh tunneling to bounce a connection from your desktop MySQL client through to the remote RDS instance via that same web server. (The specifics of how to arrange this are not difficult to Google.)
One last method I’ll mention for completeness sake is configuring a VPN, which is normally overkill but might be more appropriate for a Standard user than an Express user.
Ok I got everything situated with accessing the database instance. I have been searching high and low on how to get letsencrypt ssl cert. I didnt insert the variable domain.com or email address because this was the first time Ive ever touched this application. I ran the certbot renew and such but is there a way to run the basic commands for it setup? like snap install --classic certbot or ln -s /snap/bin/certbot /usr/bin/certbot. I really do not want to rebuild the whole stack again and lose the Patients we already loaded. Thank for all of your help everyone.
If you’ve got the domain records set up to point to the instance, what I’d recommend you do is shell into the OpenEMR container and operate certbot directly.
@jesdynf I have been trying to do that exactly. But I cant find info to make it work. I was able to see the version of certbot and such but what commands do I run to make it work. The Ubuntu commands dont work and I was able to get another server running with certbot but it was Ubuntu.
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for emr.mycovidhealth.net
Performing the following challenges:
http-01 challenge for emr.mycovidhealth.net
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
certbot certonly -d emr.mycovidhealth.net
select option 2 which hits the webroot then it ask for the directory
/var/www/localhost/htdocs/openemr
I then went to add the cert directory
/etc/letsencrypt/live/emr.mycovidhealth.net/fullchain.pem
/etc/letsencrypt/live/emr.mycovidhealth.net/privkey.pem
to the openemr.conf file and ssl.conf file in /etc/apache2/conf.d
I cant figure out how to get the apache2 server to restrart
I tried /etc/init.d/apache2 restart and it fails.
The container doesn’t use the init scripts, it launches the Apache httpd directly – docker-compose launched the container, so you’ll want to interfere with Docker directly. https://docs.docker.com/engine/reference/commandline/restart/ for what you’re after.
@jesdynf Thank you for helping me by pointing me any and all info. I am going to post the steps below to help anyone that might need help in the future.
Let’s Encrypt certbot commands for AWS OpenEMR Standard Stack Install