-
Notifications
You must be signed in to change notification settings - Fork 3
Server Installation
When it comes to installing into production or a QA environment, there are naturally lots of options. This is one solution for what has worked for us.
This solution has the following features:
- The server is running Ubuntu Server 14.04 without a X-Server component.
- The server is located on the clinic premises on a local network, i.e. it does not have a pubic IP address.
- The web application is required to use SSL for all communications with web clients (laptops/desktops/tablets).
- The database is located on the server (though it could be on another server at the premises without issue naturally).
- The web application is not directly exposed to the network but instead listens on localhost only. Traffic with the clients is handled through a reverse proxy on the server.
- The server hosts an Nginx instance which serves as a reverse proxy for the web application.
- The application will run as a service.
- A domain name will be purchased for the server and a valid SSL certificate obtained for it. Though the server will not be publicly accessible, the non-self-signed SSL certificate will enable to browser clients to connect to the web application without issuing warnings as browsers do when connecting to self-signed certificates.
- The server will run a DNS service in order to provide name resolution to the clients on the local network for the domain name that the server uses. This will allow the SSL connection to work properly.
- The wireless router(s) will be configured to offer all DHCP clients the midwife-EMR server local IP address as the primary DNS server in order to insert the local IP address for the domain name instead of the public IP address (which may be parked, etc.).
The same as the basic installation above plus ...
- Nginx
- Linux server
- We are using Ubuntu Server 14.04
- iptables
- Uncomplicated Firewall makes this easy.
- DnsMasq
Note: See Installation for details because they all apply for server installation too.
sudo apt-get update
sudo apt-get install curl build-essential openssl libssl-dev git python
sudo apt-get install mysql-server
sudo useradd -m -s /bin/bash -d /var/local/mercy1 mercy1
This uses nvm (see Installation for details).
sudo -i -u mercy1
git clone git://github.com/creationix/nvm.git ~/.nvm
printf "\n\n# NVM\nif [ -s ~/.nvm/nvm.sh ]; then\n\tNVM_DIR=~/.nvm\n\tsource ~/.nvm/nvm.sh\nfi" >> ~/.bashrc
NVM_DIR=~/.nvm
source ~/.nvm/nvm.sh
Find out what the recent versions of Node are and install.
nvm ls-remote
nvm install v0.10.32
nvm alias default 0.10
nvm use 0.10
See Installation for these instructions because they are the same. The application should be installed somewhere that the dedicated user account has rights to access (like it's home directory).
See Installation for these instructions because they are the same.
See Installation for these instructions because they are the same with the exception that you might consider using config.production.js as your configuration file instead of config.development.js.
In addition, the application should be configured to listen on the local
interface only. One way to do this while still allowing the application to
have the proper host name (corresponding to the domain name) is to set the
domain name, e.g. example.com, in /etc/hosts/ as 127.0.0.1. Then set
cfg.host.name to the domain name in the configuration file. Combined with the
DNS setup (addressed elsewhere) this will allow the application to serve
clients using SSL without browsers warnings. Just as importantly, this allows
the application to listen on the local interface only which allows the
application to be exposed to the local network via the reverse proxy (see
below).
Again see Installation for these instructions because they are the same. Make sure that the application is running correctly, i.e. accessing the database, CSS is being served, etc.
Make sure the application is not running and become root again.
Note: these instructions assume Ubuntu with Upstart.
Create a file named /etc/init/mercy.conf or whatever you want to name it.
Put something like the following into the file. Naturally adjust the username,
directories, location of node, etc. per your environment.
description "Midwife-EMR Server"
author "Your Name"
start on runlevel [2345]
stop on runlevel [016]
setuid mercy1
setgid mercy1
env NODE_ENV=production
export NODE_ENV
chdir /var/local/mercy1/mercy1
pre-start script
dt=$(date)
echo "---------------------------------------------------------"
echo "$dt Starting Midwife-EMR Server"
echo "---------------------------------------------------------"
end script
pre-stop script
dt=$(date)
echo "---------------------------------------------------------"
echo "$dt Stopping Midwife-EMR Server"
echo "---------------------------------------------------------"
end script
exec /var/local/mercy1/.nvm/v0.10.32/bin/node cluster.js
- Start the service with
sudo service mercy start. - Check that it is still running with `sudo service mercy status'.
- Check the logs at `/var/log/upstart/mercy.log'.
- Log into the application at localhost and test it.
- If the application is only listening on the local interface, you might test that the application is responding correctly using an SSH port-forward or curl with the -k option.
Using a reverse proxy, the SSL key and certificate need to be installed in two locations for Nginx and the Midwife-EMR application.
The key and certificate files are installed in <ApplicationRoot>/cert/ and
the corresponding entries in the appropriate configuration file in
<ApplicationRoot>/config/ needs to be updated accordingly. Be sure to
include any intermediate CAs that are necessary.
The key and certificate files are installed in /etc/nginx/ssl (at least in
the default Ubuntu configuration) for Nginx.
Create a file called mercyapp in /etc/nginx/sites-available/ with the
following content (revised according to your tastes).
# -------------------------------------------------------------------
# mercyApp
#
# Nginx server configuration for the Midwife-EMR application.
# -------------------------------------------------------------------
# HTTP Server
server {
listen 192.168.2.20:80;
server_name mercyserver.org;
location / {
proxy_pass http://localhost:8000;
# The application will redirect to it's SSL non-standard port so we
# rewrite it to the port Nginx is listening on.
proxy_redirect https://mercyserver.org:44300 https://mercyserver.org:443;
}
}
# HTTPS Server
server {
listen 192.168.2.20:443 ssl;
server_name mercyserver.org;
ssl_certificate /etc/nginx/ssl/mercyserver.org.crt.pem;
ssl_certificate_key /etc/nginx/ssl/mercyserver.org.key.pem;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://localhost:44300;
proxy_redirect https://mercyserver.org:44300 https://mercyserver.org:443;
}
}
Naturally, you will need to adjust IP addresses, ports, domain names, etc for your situation. The above setup will reverse proxy the Midwife-EMR application on both the SSL and non-SSL ports. (When the Midwife-EMR application is configured to use SSL, it only uses the non-SSL port to forward requests to the SSL port for login.)
Start, test, and adjust until satisfied.
It is a good idea to put some firewall rules in place for the server, but that won't be covered here.
This software has a GPLv3 License.