I’ve done some testing and noted the following bugs:
Ubuntu 14.04 now uses /var/www/html/ rather than /var/www/ for apache.
Planned solution is to place a soft symbolic link at /var/www/html/openemr, which directs to /var/www/openemr (via command ‘sudo ln -s /var/www/openemr /var/www/html/openemr’). Note the code interface/globals.php to collect the $web_root also needs to be optimized for this to work (https://github.com/bradymiller/openemr/commit/99601fe1220fb6978edad3536e06812fd8ace325). Also need to configure the paths in apache to not allow access (documents, edi, era, etc) with the /var/www/html/openemr… and /var/www/openemr… paths.
Ubuntu 12.10 and greater decided to do away with the /etc/apache2/httpd.conf file and instead need to place stuff to not allow access to (documents, edi, era) at the end of the /etc/apache2/apache2.conf file.
Need to also test it on most recent Debian (considering Debian is a rolling stable OS with some common sense, so would likely not do what ubuntu is doing (ie. changing paths and configuration files), am guessing it will work fine still on most recent Debian (but do plan to test it).
Goal is to get this stuff done, but if don’t have the resources, then will likely need to drop support for the Ubuntu package in the future.
Note that the original code breaks when have the following setup(this happens when I place a symbolic link in /var/www/html/openemr that is directed to /var/www/openemr, which is for ubuntu 14.04):
apache_document_root: /var/www/html
webserver_root: /var/www/openemr
web_root: /emr
(note how the web_root is incorrect because it simply uses the number of characters in apache_document_root to calculate the web_root(from webserver_root), thus removing too many characters; note web_root should be /openemr)
The above commit will give the following:
apache_document_root: /var/www/html
webserver_root: /var/www/openemr
web_root: /openemr
(the above commit calculates the number of same characters (from left to right) in the apache_document_root and webserver_root strings and then uses this number to collect the web_root from webserver_root. This algorithm won’t break for the normal use case (ie. no soft links used).
Debian 7 testing (this is just for record purposes).
OpenEMR ubuntu/debian package works and Debian 7 still uses /var/www as apache directory.
However, in this case, also the /etc/apache2/httpd.conf file no longer exists and need to place the apache security settings in the /etc/apache2/apache2.conf file.
Thanks for the observation. It would be appreciated if the wiki for installing OpenEMR on Ubuntu is updated with this information for those who want to use Ubuntu 14.04.
are you offering help on creation of the WIKI pages on UBUNTU packages? Please ask Brady for permission if you don’t have it yet and start including the latest!
Important information indeed for the UBUNTU package users.
Never have felt the despair more than after the latest of Brady. Yes indeed the solutions could be around the corner and I could make many red fields into green!
But since you did not see the advantage of a spreadsheet with green, orange, and yellow, why invest time in something that is possible not needed and even better, is out of date, before I can make the updates.
Brady, this thing with the symlink and setting $web_root seems way too complicated to me. I think it will lead to more problems than it solves. You can instead change the Apache config to set documentroot to /var/www, or tell the user to do that.
Also look at what happens when you install phpmyadmin. Its web directory is actually installed to /usr/share, and /etc/apache2/conf-available and conf-enabled have a file added to access it via an Alias and take care of other Apache configuration. Perhaps openemr should do something similar (future goal, not now).
At this point, this is all preliminary (for example, Rod has some good thoughts below that I plan to look into). On the website/wiki, I’ve basically made it clear that the current package is not compatible with Ubuntu 14.04 along with a statement that we are currently working on a compatible package.
Note the change in commit above to “calculating” the $web_root should be more accurate with these changes (ie. in normal use case will still work, however in several use cases where users use soft links it will also work; note I do recall somebody in the past on the forums stating that OpenEMR did not work with soft links).
I’ll try out the phpmyadmin package and look into the conf-available and conf-enabled stuff, since this may be a nice way to ensure direction to /var/www/openemr even on ubuntu 14.04 (would like to avoid migrating the directory since this would require much more work and testing) and perhaps allow inclusion of the directory permissions easier.
Probably not a good idea to auto change apache ubuntu 14.04 setting to path /var/www/ from /var/www/html since may cause security issues (ie. opening stuff to public that was not meant to be) and also would hate to have users need to do anything manually like that (which, again, may be bad advice if a user unknowingly opens stuff to the public that shouldn’t be).
Another consideration is to make the OpenEMR package an official debian package, but that would also involve more effort (and guessing would need to migrate the package to another directory such as /usr/share in that scenario).
I think the main take home right now is that this will take some time, so recommend avoiding the OpenEMR package for ubuntu 14.04 for now.
To clarify above,
For now, recommend avoiding the ubuntu OpenEMR package for ubuntu 14.04. The tarball method will work just fine on ubuntu 14.04.
-brady
Hi Brady, yes I looked at the commit and do understand it, but got a headache in the process.
Longer term, doing it similarly to phpmyadmin would also mean figuring out a better place to put the “sites” directories, documents etc. Maybe something like /etc/openemr plus a global setting for file storage location.
Don’t forget to give stomach protection. We need to get a solution, not an active bleeding ulcer! Keep your eyes open to watch the details… White tablets can go green or red in a wink ;-))
Including the following Alias and directory permissions in newly created /etc/apache2/conf-enabled/openemr-apache.conf and /etc/apache2/conf-available/openemr-apache.conf files seems to work (Do note that the above webroot fix in interface/globals.php is still required (for the same reason as the soft link method), so will need to get that commit in and tested a bit.):
#OpenEMR default Apache configuration
Alias /openemr /var/www/openemr
<Directory "/var/www/openemr/sites/*/documents">
order deny,allow
Deny from all
</Directory>
<Directory "/var/www/openemr/sites/*/edi">
order deny,allow
Deny from all
</Directory>
<Directory "/var/www/openemr/sites/*/era">
order deny,allow
Deny from all
</Directory>
Brady - Been following the thread with interest. Was a package maintainer
for RPM stuff on a commercial project in the past so point me to the Debian
package files so that I can start taking a look (and tweaking how they are
built). Cleaner method for this is probably:
Package with a preinstall script that gathers if on less than x version
of Ubuntu and decides to place ‘openemr’ in /var/www/html instead of
/var/www. I remember how to work this in RPM (relative dirs and placing
files in particular locations), shouldn’t be that much different on the
Debian side of the house.
Installed configuration files for apache (as you noted above) and not
mucking around with the apache2.conf or the like (poor form).
In my past experience as a sysadmin symlinks (while helpful) usually point
out a quick fix.
cheers
ian
Including the following Alias and directory permissions in newly created
/etc/apache2/conf-enabled/openemr-apache.conf and
/etc/apache2/conf-available/openemr-apache.conf files seems to work (Do
note that the above webroot fix in interface/globals.php is still required
(for the same reason as the soft link method), so will need to get that
commit in and tested a bit.):
#OpenEMR default Apache configurationAlias /openemr /var/www/openemr<Directory “/var/www/openemr/sites//documents">
order deny,allow
Deny from all<Directory "/var/www/openemr/sites//edi”>
order deny,allow
Deny from all<Directory “/var/www/openemr/sites/*/era”>
order deny,allow
Deny from all
Thanks for offering to help. It would be much tougher to support OpenEMR version upgrading if we don’t keep it in one place. The package pieces are in the codebase here:
(note I am process of modifying the scripts: see soon to come post below)
