ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Installing OpenEMR 6 on Oracle Linux 8

    Scheduled Pinned Locked Moved IT Discussion
    openemroracle linuxoracle linux 8openemr 6
    3 Posts 1 Posters 602 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by JaredBusch

      So, I was tasked to install OpenEMR (https://www.open-emr.org/) on Oracle Linux 8.

      First things first, when installing Oracle Linux 8, it has a number of differences from CentOS 8 and RHEL 8. Nothing major, but different. I might post about it later if I feel like it.

      Once your minimal install is ready, you log in with SSH and run everything as listed below.

      Install Oracle's EPEL repo

      sudo dnf install -y oracle-epel-release-el8

      Enable Oracle's CodeReadyBuilder repo

      sudo dnf config-manager --enable ol8_codeready_builder

      Update the system to current (also forces dnf makecache)

      sudo dnf upgrade -y --refresh

      Install all of the required system packages

      sudo dnf install -y wget httpd mod_ssl mariadb-server tar @php:7.4 php-mbstring php-xml php-json php-pdo php-gd php-pecl-zip php-soap php-mysqlnd php-ldap ImageMagick ImageMagick-devel php-devel php-pear make

      Install the imagick PHP plugin

      • This is interactive, you ill need to hit enter once
      sudo pecl install imagick

      Set the module to load with PHP

      echo "extension=imagick.so" | sudo tee -a /etc/php.d/20-imagick.ini

      Modify some PHP settings base don the OpenEMR wiki

      • Only changing things different than default in OEL8)
      # https://www.open-emr.org/wiki/index.php/FAQ#What_are_the_correct_PHP_settings_.28can_be_found_in_the_php.ini_file.29.3F
sudo sed -i 's/^#\?\(max_execution_time\).*$/\1 = 60/' /etc/php.ini
sudo sed -i 's/^#\?\(max_input_time\).*$/\1 = -1/' /etc/php.ini
sudo sed -i 's/^;#\?\(max_input_vars\).*$/\1 = 3000/' /etc/php.ini
sudo sed -i 's/^#\?\(memory_limit\).*$/\1 = 512M/' /etc/php.ini
sudo sed -i 's/^#\?\(post_max_size\).*$/\1 = 30M/' /etc/php.ini
sudo sed -i 's/^#\?\(upload_max_filesize\).*$/\1 = 30M/' /etc/php.ini
sudo sed -i 's/^#\?\(error_reporting\).*$/\1 = E_ALL \& ~E_NOTICE \& ~E_STRICT \& ~E_DEPRECATED/' /etc/php.ini
sudo sed -i 's/^;#\?\(mysqli.allow_local_infile\).*$/\1 = On/' /etc/php.ini

      Open the firewall to HTTPS and HTTP

      • hardening will be a separate post
      sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

      Start and enable mariadb

      sudo systemctl enable --now mariadb

      Secure mariadb.

      • These commands do what mysql_secure_installation does interactively
      sudo mysql -e "UPDATE mysql.user SET Password=PASSWORD('SomeSecure30CharacterPassword') WHERE User='root';"
sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
sudo mysql -e "DELETE FROM mysql.user WHERE User='';"
sudo mysql -e "DROP DATABASE test;"
sudo mysql -e "FLUSH PRIVILEGES;"

      Start and enable Apache

      sudo systemctl enable --now httpd

      Change to the web directory

      cd /var/www/html

      Download OpenEMR

      sudo wget https://gigenet.dl.sourceforge.net/project/openemr/OpenEMR%20Current/6.0.0/openemr-6.0.0.tar.gz

      Extract OpenEMR

      sudo tar -pxvzf openemr-6.0.0.tar.gz

      Remove the downloaded file

      sudo rm openemr-6.0.0.tar.gz

      Rename the extracted directory to remove the version number

      sudo mv openemr-6.0.0/ openemr

      Set apache as the owner of everything.

      sudo chown -R apache:apache /var/www/html

      Recursively set the folder httpd_sys_rw for SELinux

      sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/openemr(/.*)?"
sudo restorecon -FR /var/www/html/openemr/

      Create an Apache conf file for the instance

      sudo nano /etc/httpd/conf.d/openemr.conf

      And paste this in.

      LoadModule rewrite_module modules/mod_rewrite.so
LoadModule allowmethods_module modules/mod_allowmethods.so

## Security Options
# Strong HTTP Protocol
HTTPProtocolOptions Strict
Protocols http/1.1
# Don't Reveal Server
ServerSignature off
ServerTokens Prod
Header unset Server
# No ETag
FileETag None
Header unset ETag
# Set HSTS and X-XSS protection
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header set X-XSS-Protection "1; mode=block"
# Narrow document root
DocumentRoot /var/www/html/openemr
ErrorLog /var/log/httpd/emr.domain.com_error_log
CustomLog /var/log/httpd/emr.domain.com_access_log combined


<Directory /var/www/html/openemr>
    # Only allow these HTTP Methods
    AllowMethods GET POST PUT DELETE HEAD OPTIONS
    # No indexes anywhere
    Options -Indexes
    AllowOverride FileInfo
    Require all granted
</Directory>

<Directory "/var/www/html/openemr/sites">
    AllowOverride None
</Directory>

<Directory "/var/www/html/openemr/sites/*/documents">
    Require all denied
</Directory>

#######################################
### Uncomment the following 3 lines ###
### with #'s below to enable HTTPS  ###
### redirection & require HTTPS only ##
#######################################
<VirtualHost *:80>
    #RewriteEngine On
    #RewriteCond %{HTTPS} off
    #RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>

<VirtualHost _default_:443>
    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on
    SSLHonorCipherOrder on
    #   Used following tool to produce below ciphers: https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.39&openssl=1.1.1&hsts=yes&profile=modern
    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    SSLProtocol -ALL +TLSv1.2
    SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</VirtualHost>

      Reboot your system

      sudo reboot

      Open your web browser and go to the installed location

      • Use IP address until you get SSL setup
        https://12.34.56.78

      Run the initial configuration wizard

      8fff61da-3daa-4e55-91b7-b83617f8641b-image.png

      1 Reply Last reply Reply Quote 1
      • JaredBuschJ
        JaredBusch
        last edited by JaredBusch

        Maybe reserved for SSL and better SELinux notes.
        Depends on how much more of this I have to setup.

        1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch
          last edited by JaredBusch

          Eventually a patch will come out for OpenEMR. Pathcing is pretty simply.

          Check for a patch file

          As of this writing patch 2 is out:
          https://www.open-emr.org/wiki/index.php/OpenEMR_Patches

          Download the patch file

          cd /var/www/html/openemr
sudo wget https://www.open-emr.org/patch/6-0-0-Patch-2.zip
sudo unzip 6-0-0-Patch-2.zip

          Answer A to replace all files.

          8cd42203-f824-483b-b74b-d9a34a59fcc1-image.png

          Delete the downloaded patch file

          sudo rm 6-0-0-Patch-2.zip

          Set apache as the owner of everything again.

          sudo chown -R apache:apache /var/www/html

          Recursively set the folder httpd_sys_rw for SELinux again

          sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/openemr(/.*)?"
sudo restorecon -FR /var/www/html/openemr/

          Run the SQL Patch page

          https://12.34.56.78/sql_patch.php

          Delete the SQL patch file

          sudo rm sql_patch.php

          Update completed.

          1 Reply Last reply Reply Quote 3
          • 1 / 1
          • First post
            Last post