Openemr, LEMP on FreeBSD

gutiersa · June 7, 2018, 1:40am

@brady.miller
Hi everyone,
I previously used openemr from 2008-2014.
Currently I am trying to set up:

openemr-5.0.1_3
FreeBSD 11.1
nginx -1.14.0
Mysql-5.7
PHP-7.2

But, I am not an expert and I am stuck. Adding a patient works very well, but if I try to change user information the “save” button does not work. I think I am not passing the arguments correctly.
Here is my nginx openerm conf file:

worker_processes  auto;
error_log  /var/log/nginx/error.log;
events { 
worker_connections  1024; 
}
http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
	access_log  /var/log/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
	server_names_hash_bucket_size 128;
    keepalive_timeout  65;

    #gzip  on;
    upstream php { 
		server unix:/var/run/php-fpm.sock; 
	}
    index  index.html index.htm index.php;

# openemr.NET virtual host
# EHR site
  server {
    listen 80;
    listen [::]:80;
	server_name  example.net www.example.net;
	# redirect to ssl
	return   301 https://$server_name$request_uri;	
  }

#   openemr.NET https host
#   This is an ssl openemr site
  server {
	listen 443 ssl;
    listen [::]:443 ssl;
	server_name  example.net www.example.net;
    root /usr/home/example/domains/example.net/www;

	## redirect www to nowww
    if ($host = 'www.example.net' ) { 
		rewrite  ^/(.*)$  https://example.net/$1  permanent; 
	}   

    access_log /var/log/*/example.net_access_log main;
    error_log    /var/log/*/example.net_error_log notice;
    rewrite_log on;

#   include ssl.conf;        # default https settings
    ssl_certificate      /path/to/ssl.cert;
    ssl_certificate_key    /path/to/ssl.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

	# restrict, protect certain files
#   include globals.conf;
	# openemr specific SSL settings
#	include openemr-ssl.conf;     

	# deny access to writable files/directories
	location ~* ^/sites/*/(documents|edi|era) { 
		deny all; 
	}
	
	# deny access to admin file
	location ~* ^/admin.php {
		deny all; 
	}

	location / { 
    		try_files $uri $uri/ /index.php;
        }	
	
    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html { root   /usr/local/www/nginx-dist; } 
    
    # pass the PHP scripts to FastCGI server listening on unix socket
    location ~* \.php$ {
		try_files $uri =404;
    	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    	fastcgi_index index.php;
    	fastcgi_pass php;
        include fastcgi_params; 
    }
	# dynamic stuff goes to php-proxy
	include php-proxy.conf;
	}
  }

sorry about the formating. If anyone has any suggestions they would be greatly appreciated. thanks

Sandra

brady.miller · June 7, 2018, 4:47am

hi @gutiersa ,
I made a quick fix to the formatting of your config file in your post.
-brady

gutiersa · June 7, 2018, 5:00am

thanks so much. can you point me in the right direction, so I can learn?
Also I have to make some corrections, it turns out nginx automatically passes arguments. This could be a bug in my set up.
thanks

gutiersa · June 7, 2018, 5:56am

Never mind, it’s working now. Although I am sure I still have errors.

gutiersa · June 8, 2018, 2:04am

So I am working on the document I am posting on the wiki, but I believe I need a login.

brady.miller · June 8, 2018, 6:19am

hi @gutiersa ,

You can request a wiki account here:
https://www.open-emr.org/wiki/index.php/Special:RequestAccount

Note the emails will likely go into your spam box to verify the account, so look there if you don’t get it (and if that doesn’t work, I can manually create an account).

-brady

brady.miller · June 8, 2018, 8:14am

btw, this is very exciting stuff. Once the process is worked out, I don’t think it would be very tough for me to then extend this to dockers with a nginx docker and a php-fpm docker.

gutiersa · June 8, 2018, 7:08pm

I did this already. The confirmatory email says if the account is created I will be mailed a password. Do you create the account? or do I

Yay, got it! thanks

gutiersa · June 8, 2018, 11:54pm

@brady.miller
Why would you need two separate dockers? You could probably put them in one docker.
php-fpm is included in PHP since version 5.3.3

Ok I started the page:

https://www.open-emr.org/wiki/index.php/OpenEMR_with_nginx_and_php-fpm

brady.miller · June 9, 2018, 12:23am

Very cool stuff!!

Regarding dockers, plan is to see if can leverage your configs to get standard nginx docker (https://hub.docker.com/_/nginx/) and standard php-fpm docker(https://hub.docker.com/_/php/) going together for OpenEMR magic.

I’ve done something sort of similar, but way simpler on the demo farm (just to support some very simple admin php pages) :
demo_farm_openemr/nginx.conf at master · openemr/demo_farm_openemr · GitHub
(note php-serve is basically a php-fpm docker that has had openssl added to it: demo_farm_openemr/Dockerfile at master · openemr/demo_farm_openemr · GitHub)

And at some point, may even be able to incorporate an instance of it into the demo farm. The nice thing about this stuff is that we then get more folks testing out your nginx/php-fpm configuration making it better and better as time goes on.

(note this is at the bottom of my queue since not necessary, but I may not be able to help myself since dockers are so fun to work with).

gutiersa · June 9, 2018, 12:25am

Yes, they are fun!..

gutiersa · June 9, 2018, 12:38am

@brady.miller
I like the color coded formatting above, better than the wiki formatting. Is there a way to color code the wiki page?
It looks very cluttered.

brady.miller · June 9, 2018, 6:37am

hi,

I couldn’t help myself

The wiki is painful to do anything custom to say the least. Note @robert.down is working on another documentation engine (ie. a much more modern wiki), which will hopefully take OpenEMR’s wiki out of the stone age

-brady

gutiersa · June 9, 2018, 8:29am

Wow, I am impressed. Please keep checking because the ssl stuff I am still working on. I have made more changes to that particular file.

Regarding the wiki, I did think is a little tough to follow some times. I really like freebsd’s documentation (but then again it could be that I am familiar with how it is organized).
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

I think It would be nice if there were three books:
An installation and administration manual for sys admins
A user’s manual
Developer’s manual

Finally, it would be nice if the documentation/instructions for installation (and everything else, for that matter) could be in one location and one location only, that way updating that one location would work for updating the instructions everywhere. Kind of like version control for documentation/instructions.

gutiersa · June 9, 2018, 9:04am

@brady.miller
This is the equivalent install page for ngingx

OpenEMR Setup 

Step 6

Configuration of Nginx web server...

The "/path/to/document_root/sites/*/documents", "/path/to/document_root/sites/*/edi" and "/path/to/document_root/sites/*/era" directories contain patient information, and it is important to secure these directories.

	# deny access to writable directories
	location ~* ^/sites/*/(documents|edi|era) { 
		deny all; 
	}
	
	# protect special files from outside openemer login, and restrict them to superAdmins only, via an .htpasswd file
	# Pick one of the following two blockc, but not both:
	location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
		auth_basic 				"Restricted Access"; 
		auth_basic_user_file 	/path/to/.htpasswd;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
		fastcgi_pass php; 
		include fastcgi_params; 
	}
	
	# or
	
	# Alternatively all access to these files can be denied. To do so, comment above, and uncomment this block instead.
	#location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php { 
	#	deny all; 
	#	return 404; 
	#}

If you are having difficulty finding your Nginx configuration file, then refer to the 'INSTALL' manual for suggestions.


We recommend you print these instructions for future reference.

Click 'continue' for further instructions.

brady.miller · June 10, 2018, 10:16pm

hi @gutiersa ,

Won’t really be able to include the protected file stuff since that means user needs to set up a auth file etc.

I made an issue in github to track this (with goal of this being fully functional and supported option by the 5.0.2 release):

Do you have a github account?

-brady

gutiersa · June 10, 2018, 10:21pm

@brady.miller
Yes, I have a github account.
Well then use the deny all, return 404 statement, that is why I included the “or” above

gutiersa · June 10, 2018, 10:52pm

@brady.miller

Ok, I commented out the block that protects the admin pages. If you reload the nginx.conf file the admin pages will work.
check out the wiki again, I also moved some header directives. If you want to do it directly in your setup, comment out this block:

#location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
	#	auth_basic 				"Restricted Access"; 
	#	auth_basic_user_file 	/path/to/.htpasswd;
	#	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
	#	fastcgi_pass php; 
	#	include fastcgi_params; 
      #}