Hi this probably a dumb question but:
Do I need to or should I install a LAMP stack on a Linux OS on one of my PCs for db access to the OEMR instance or do I install it on the instance itself?
Hello, Henry.
I’m not sure I understand your use-case here – why do you need to install a MySQL-containing LAMP stack to get access to MySQL?
Sorry I got confused, disregard. Just having trouble understanding how to access my OpenEMR instance so that I can upload existing patient demographics.
As part of the steps we take towards HIPAA compliance, Standard’s RDS instance does not have a public-routable IP address. You have four options, arranged in increasing difficulty.
- Connect to the RDS instance from the console of the RDS webserver, which has an IP inside the VPC and can reach the server. You’ll need to install mysql-client for this path.
- Establish an ssh tunnel and bounce a connection from your desktop MySQL client through the webserver instance to the RDS instance. Read up on Putty’s SSH tunnels for more about how to do this.
- Add a PHPMyAdmin container to the docker-compose that underpins Standard.
- Install a VPN instance. We suggest OpenVPN, and we have some documentation (openemr-devops/04-VPN-Access.md at master · openemr/openemr-devops · GitHub) about how to install OpenVPN from the AWS Marketplace for an installation similar to yours. (Don’t forget to adjust security groups!)
I would recommend the VPN instance, personally – it’ll make a lot of your labors down the road easier, and you can turn it off when it’s not in use – but if I had to solve this myself and in a hurry, I bet the ssh tunnel would suffice.
Thank you. Been trying these but I am stuck trying to set up the ssh tunnel, I keep getting errors for my keypair that I generated on aws. Tried restricting permissions etc. but it still says it’s not secure, so cmd line fails as well as putty.
Is there a guide specifically for the standard package for accessing the mysql client (I only see them for the lower tier packages) or for the VPN instance? The guide for VPN for the full stack doesn’t quite line up.
Thanks!
The lower tier clients have the MySQL server on the instance, so they’re not a match for Standard’s off-instance connection. I’m not sure what’s reporting as ‘insecure’, but you should be able to make a static tunnel from your desktop’s port (say) 8000 to the RDS server’s internal IP, port 3306, and then connect to the webserver instance to open the tunnel and connect your query browser to localhost:8000 and have the connection just /come out/ inside the Amazon VPC.
I can experiment with Standard to take some notes on the process, but I won’t have the time to do so until probably this weekend.
Thank you, I would definitely appreciate those notes. I tried what you suggested just now but I admit I must lack the knowledge base to fully understand what I am supposed to do.
Hey I’ve been helping Henry out with this, I found a solution: Run the phpmyadmin docker container on the ec2 instance. I’ve got it secured via port in the security group, this seems to have been the simplest solution that I could figure out.
Thanks!
2 Likes
^^^ I’d be dead without this guy lol^^^
Wow, thanks. I didn’t consider that at all.
The last remaining issue I/we have is SSL certification. The Public certs you can get through AWS don’t’ seem to work? Any advice on this last leg of my install would be appreciated 
AWS certs only work with their own load balancers. You’d have to front your instance with an ELB to use one, which I wouldn’t recommend. Look at using Let’s Encrypt, or buying a certificate from a vendor and installing it to the nginx container directly.
I tried using LetsEncrypt but I coudln’t get the certbot installed inside the openemr container…my linux-fu is very weak here, do you have some advice on getting certbot installed, or using one of the alternatives?
It’s /already/ installed, you just need to use it. Standard (and Express and Express Plus) uses our Lightsail tooling, so check there (openemr-devops/packages/lightsail at master · openemr/openemr-devops · GitHub) for some notes on getting LE up and running.
1 Like
Would I edit the /packages/lightsail/docker-compose or the /packages/standard one?
Oops! Good catch, sorry, you’ll want the one Standard used. Standard doesn’t have a MySQL container so it’s not like its siblings.
1 Like
Ok, can you verify that this docker-compse looks correct?
What’s supposed to happen in this process? Should I expect an email?
actually disregard the above, after some trial and error I think/hope I have it working. had to read through the dockerfile and the certbot instruction to connect the dots but I think I have it all figured out-ish. Thanks!
2 Likes