Situation
Installed Standard on AWS (twice). Both times when I visit the pubic IP address I get “Check that you can ping the server xxxxxxxxxxxx.ca-central-1.rds.amazonaws.com”
I can ssh into the EC2 server, then, from there, see the database server. I can login via the mysql client using “openemr” and the password I initially set.
I’m at a complete loss.
Help
OpenEMR Version
I’m using OpenEMR version 5.0.2
Browser:
I’m using: Chrome
Operating System
I’m using: Mac OS
Logs
Did you check the logs? Was there anything pertinent in them? Paste them here (surround with three backticks (```) for readability
@brady.miller , I may need help on this one. Error duplicated as user described.
Stack internal networking confirmed OK, 3306 is open within and without the container.
mysql -h s...f.us-east-1.rds.amazonaws.com -u openemr -p... --ssl : SSL connection OK
All of the logs look good – container setup, container configuration, and initial network configuration.
Generating a RSA private key
.++++
...........++++
writing new private key to '/etc/ssl/private/selfsigned.key.pem'
-----
Running quick setup!
<b>Configuration:</b><br/>
driver = <b>mysqli_mod</b>,<br/>
host = <b>s...f.us-east-1.rds.amazonaws.com</b>,<br/>
user = <b>openemr</b>,<br/>
database = <b>openemr</b>,<br/>
table prefix = <b>gacl_</b>Testing database connection...<br/>
<font color="green"><b>Success!</b></font> Connected to "<b>mysqli_mod</b>" database on "<b>s...f.us-east-1.rds.amazonaws.com</b>".<br/>
Testing database type...<br/>
<font color="green"><b>Success!</b></font> Compatible database type "<b>mysqli_mod</b>" detected!<br/>
Making sure database "<b>openemr</b>" exists...<br/>
<font color="green"><b>Success!</b></font> Good, database "<b>openemr</b>" already exists!<br/>
<font color="green"><b>Success!</b></font>
First Step of Access Control Installation Successful!!!<br><br/>
<html>
<head>
<title>OpenEMR ACL Setup</title>
<link rel=STYLESHEET href="interface/themes/style_blue.css">
</head>
<body>
<b>OpenEMR ACL Setup</b>
<br>
All done configuring and installing access controls (php-GACL)!
</body>
</html>
OpenEMR configured.
Setup Complete!
Setting user 'www' as owner of openemr/ and setting file/dir permissions to 400/500
Default file permissions and ownership set, allowing writing to specific directories
Removing remaining setup scripts
Setup scripts removed, we should be ready to go now!
Love OpenEMR? You can now support the project via the open collective:
> https://opencollective.com/openemr/donate
Starting cron daemon!
Starting apache!
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this message
There is just one problem I can find. Despite SSL apparently working (per mysql client test), it looks like something might be askew for PHP.
/var/log/apache2 # tail -f error.log
[Fri Sep 13 03:26:31.898579 2019] [php7:warn] [pid 87] [client ...:57072] PHP Warning: failed loading cafile stream: `/var/www/localhost/htdocs/openemr/sites/default/documents/certificates/mysql-ca' in /var/www/localhost/htdocs/openemr/library/ADODB_mysqli_log.php on line 188
[Fri Sep 13 03:26:31.898624 2019] [php7:warn] [pid 87] [client ...:57072] PHP Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /var/www/localhost/htdocs/openemr/library/ADODB_mysqli_log.php on line 188
[Fri Sep 13 03:26:31.898636 2019] [php7:warn] [pid 87] [client ...:57072] PHP Warning: mysqli_real_connect(): [2002] (trying to connect via (null)) in /var/www/localhost/htdocs/openemr/library/ADODB_mysqli_log.php on line 188
[Fri Sep 13 03:26:31.898645 2019] [php7:warn] [pid 87] [client ...:57072] PHP Warning: mysqli_real_connect(): (HY000/2002): in /var/www/localhost/htdocs/openemr/library/ADODB_mysqli_log.php on line 188
[Fri Sep 13 03:26:31.900941 2019] [php7:notice] [pid 87] [client ...:57072] PHP custom error: from openemr library/sql.inc - Unable to set up UTF8 encoding with mysql database:
[Fri Sep 13 03:26:31.900967 2019] [php7:notice] [pid 87] [client ...:57072] Unable to set strict sql setting:
I guess at this point I have to ask about how we configured MySQL SSL – for this particular application, it should not be necessary for us to supply a special CA file, although we can do so if it’ll get this user up and going. (How did the initial configuration succeed?)
Todd, the following should work for you to fix this deployment until we straighten out what’s going wrong here. SSH to the instance (you’ll need to add your IP to the appropriate EC2 security group), and execute…
sudo bash
# connect to the docker container
docker exec -it $(docker ps | grep _openemr | cut -f 1 -d " ") /bin/sh
cd /var/www/localhost/htdocs/openemr/sites/default/documents/certificates
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -O mysql-ca
Sorry for the trouble!
(Edit: Actually, it might be simpler yet – chown the already existing certificate file to 1000 (apache) instead of 100 and you might be able to zoom along with that alone.)
No, I found it. The underlying container changed structure and a hardcoded uid failed.
# I'm not convinced this is stable
chown 100 /mnt/docker/volumes/standard_sitevolume/_data/default/documents/certificates/mysql-ca
Spoilers: It was not. I’m not 100% sure I can change how it works, though, so this might recur in future updates, boo. I’ll start the process of getting a new version to Amazon tomorrow.