Hi Folks.

This is so difficult/complex/time consuming!

Introduction. I’m trying to get a project up and running for a charity and OpenMRS appears to be a good fit for the client database that they require. I’ve spent countless hours/weeks trying to get an operational system and it has become very frustrating. :’( I’ve worked in IT Support/Consultancy for many years, though can’t get my head around the complexity and nuances of Tomcat, java etc.

Background. After many failed attempts, I finally got an installation up and running with the “Reference Application 2.11.0 Standalone Edition”, on a manually installed VPS (I maintain many servers). This only worked once a specific set of software versions was installed, for example Tomcat 7. This has allowed a Proof Of Concept but is not production ready, primarily due to not being able get SSL to run properly. Many more hours wasted. I’ve messed around so much, just to get to this point, that I doubt I could replicate it.

Documentation. Much of the information that I’ve found is geared towards ‘localhost’ i.e. running on a PC sitting at someone’s desk - not really applicable for an enterprise system.

Aims. I’m not interested in SDK, nor docker, nor any other added complications; I’m just looking for a simple deployment of openMRS, with most of the bundled modules available. It needs to run in a secure Linux (not Ubuntu bloat, preferably debian) server environment.

Current position. Rather than starting from scratch, each time I “go down a one-way street to a dead-end”, I’m starting from Turnkey Tomcat v16.1 (Tomcat on Apache | TurnKey GNU/Linux). Basically, debian 10 with Tomcat 9 and useful webmin - with a view that I shouldn’t need to upgrade anytime soon. Additionally, Turnkey provides a simple installation of Let’s Encrypt, that is utilised by Tomcat. Within Tomcat Manager, at the server, I deploy " Platform 2.4.0 WAR", which subsequently is shown as /openmrs . However, when I click on this, I get the dreaded “404 Not Found”.

Does this look correct? (repo, is to save downloading each failed attempt)

Context Path: 	/openmrs
Version (for parallel deployment): 	
XML Configuration file path: 	
WAR or Directory path: 	/home/staff/repo/openmrs.war

Thanks for any assistance.

Supplementary. A few errors from catalina.out, including some well known ones…

[warning] [SetContextPropertiesRule]{Context} Setting property 'antiJARLocking' to 'true' did not find a matching property.
[info] 2021-08-27 10:54:45,121 main ERROR Unable to create file openmrs.log java.io.IOException: Permission denied
[info] 2021-08-27 10:54:45,135 main ERROR Could not create plugin of type class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory@173441c2] unable to create manager for [openmrs.log]
[info] 2021-08-27 10:54:45,145 main ERROR Unable to invoke factory method in class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender
[info] WARN - OpenmrsUtil.getRuntimePropertiesFilePathName(2138) |2021-08-27T10:54:45,650| Unable to find a runtime properties file at /var/lib/tomcat9/openmrs-runtime.properties
[info] WARN - OpenmrsUtil.getApplicationDataDirectory(1099) |2021-08-27T10:54:45,750| Unable to write to users home dir, fallback to: /var/lib
[info] WARN - OpenmrsUtil.getRuntimePropertiesFilePathName(2166) |2021-08-27T10:54:45,752| Unable to find properties file: /var/lib/OpenMRS/openmrs-runtime.properties
[info] WARN - OpenmrsUtil.getRuntimeProperties(2099) |2021-08-27T10:54:45,754| Unable to find a runtime properties file. Initial setup is needed. View the webapp to run the setup wizard.

Yes, I’ve created /var/lib/OpenMRS, /var/lib/openmrs, /root/OpenMRS, /root/openmrs with tomcat as the owner. “View the webapp to run the setup wizard” - I would if I could. I’ve tried adding a few lines in mod_jk.conf:

JkMount /openmrs         ajp13_worker
JkMount /openmrs/*       ajp13_worker

@jnsereko my friend can you help this man? I could’ve if it had been windows, but linux is not my cup of tea, unfortunately.

I can give you the openmrs-runtime.properties file, which you can edit according to your system properties. Here’s a paste bin link: openmrs-runtime.properties - Pastebin.com . Name the file exactly like this : “openmrs-runtime.properties”.

Thanks. I could go with this approach but it is messy: I’d need to manually setup mySQL database/user (simple enough) and the initial database tables would then have to be created. I might be able to shoehorn in my standalone ‘working’ one. I much prefer to follow an “official” route i.e. run the initial setup phase of the Enterprise edition via https://myserver.domain.com/openmrs

(I normally manage e-commerce applications and find Magento a horrible bloated complicated beast. I much prefer relatively simple PHP applications. )

((Fortunately, I gave up on Windows servers, approx. 20 years ago.))

Oh sorry for this! I can imagine how it took me a month to run my first openmrs SDk instance but when learned the trick … In a a nutshell its all about the versions you are running for instance you are running RefApp 2.11 which requires Java/OpenJDK 1.8 and MySQL 5.6, 5.7 per this guide Is there any specific guide you are following? Besides that, do mind sharing the entire error log using pastebin?

Yep, distinct versioning is a PITA, especially if downgrades are required! Best coding practice is to not expect exact version matching and allow later releases to be used, where compatibility is available.

Mariadb is now the de facto standard on most linux distributions and is almost a complete drop-in replacement.

On Turnkey Linux 16.1:

java --version
openjdk 11.0.9.1 2020-11-04
OpenJDK Runtime Environment (build 11.0.9.1+1-post-Debian-1deb10u2)
OpenJDK 64-Bit Server VM (build 11.0.9.1+1-post-Debian-1deb10u2, mixed mode, sharing)

mysql --version
mysql  Ver 15.1 Distrib 10.3.27-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Pastebin has Cloudflare issues, at this moment in time.

On the system that I can’t get SSL to work:

java --version
openjdk 11.0.12 2021-07-20
OpenJDK Runtime Environment (build 11.0.12+7-post-Debian-2deb10u1)
OpenJDK 64-Bit Server VM (build 11.0.12+7-post-Debian-2deb10u1, mixed mode, sharing)
mysqld --version
mysqld  Ver 5.6.49 for linux-glibc2.12 on x86_64 (MySQL Community Server (GPL))

Pastebin back up:

Note: not the entire file, which continues to grow but a snapshot, just after a tomcat restart.

openmrs.log If I knew where this was trying to get created, then I could manually add the path to one of those xml files, that determines which paths are writeable (wherever that one is again.)

Please note that https://openmrs.org/2020/11/29/openmrs-reference-application-2-11-0-released/ doesn’t explicitly say which versions of environment software needs to be used.

When you look through this link you will see somewhere Note: This release Require java 1.8 and because RefApp is build on platform 2.3.2 you will see Note: This platform release requires Java/OpenJDK 1.8 and MySQL 5.6, 5.7

Am sorry I didn’t have a chance to know what is on your browser but I want to believe the platform installation was successful. Just a reminder, with platform 2.x line the legacy UI was moved into a module. So to see the login window that I believe you are looking for, you have to download the legacyui module, drop it in the modules folder, and restart tomcat.

As mentioned, the openmrs application isn’t even found in Tomcat, when clicked upon…

Not Found

The requested URL was not found on this server. In other words, a 404 error.

“…drop in the modules folder…” - where? /var/lib/tomcat9/webapps/openmrs/WEB-INF/bundledModules ?

See what I mean about a lack of documentation, especially with regards to installing at enterprise level? I don’t need anyone to host nor manage a server, just a step-by-step installation with a secure https connection.

(I do appreciate you trying to help.)

I’m nearing the end of my tether in trying to get this to work and apologise if I seem a bit annoyed. It should be simple.

I’ll build yet another VPS from scratch - do you suggest Ubuntu (even though it’s not a good server environment), in order to be able to install specific versions of mySQL and java/JDK? Is there any documentation on getting Let’s Encrypt to work with Tomcat, without jumping through hoops, creating proprietary Tomcat keys etc.?

Do you all run your confidential patient data on Windows and/or local PCs, rather than on a security hardened Linux server? Just asking.

For the benefit of others, here’s the convoluted steps to get unsecured basics running on (outdated) Ubuntu 18.04.5 LTS, with outdated java/JDK 1.8 and outmoded mySQL 5.7. The numbers at the left-hand side indicate the number of steps that I took to get there! There were initial OS setup steps eg. securing ssh and unneeded steps that I’ve omitted.

   18  apt install curl unzip
   22  sudo wget https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
   24  mkdir /opt
   25  mv *.deb /opt
   26  cd /opt
   29  apt install gnupg
   30  sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb
   31  apt update
   32  apt install mysql-server
   33  mysql_secure_installation
   37  sudo apt install openjdk-8-jdk openjdk-8-jre
   39  cat >> /etc/environment <<EOL
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
JRE_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre
EOL

   40  wget https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.109/bin/apache-tomcat-7.0.109.tar.gz
   41  sudo tar xzf apache-tomcat-7.0.109.tar.gz
   42  sudo mv apache-tomcat-7.0.109 tomcat7
   43  echo "export CATALINA_HOME="/opt/tomcat7"" >> ~/.bashrc
   44  source ~/.bashrc
   45  cd /opt/tomcat7
   46  sudo ./bin/startup.sh
   49  vi /etc/init.d/tomcat7
#!/bin/bash

### BEGIN INIT INFO
# Provides:        tomcat7
# Required-Start:  $network
# Required-Stop:   $network
# Default-Start:   2 3 4 5
# Default-Stop:    0 1 6
# Short-Description: Start/Stop Tomcat server
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

start() {
 sh /opt/tomcat7/bin/startup.sh
}

stop() {
 sh /opt/tomcat7/bin/shutdown.sh
}

case $1 in
  start) start;;
  stop)  stop;;
  restart) stop; start;;
  *) echo "Run as $0 "; exit 1;;
esac

   50  chmod 755 /etc/init.d/tomcat7
   51  update-rc.d tomcat7 defaults
   52  systemctl restart tomcat7
   53  vi /etc/init.d/tomcat7
   69  vi /opt/tomcat7/conf/tomcat-users.xml
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<user username="myadminuser" password="mysecretpassword" roles="manager-gui,admin-gui"/>

   70  systemctl restart tomcat7
   85  adduser staff --ingroup staff
   86  cd /home/staff
   88  mkdir repo
   89  cd repo
   90  mkdir platform2.4
   91  cd platform2.4
   92  wget -O openmrs.war https://downloads.sourceforge.net/project/openmrs/releases/OpenMRS_Platform_2.4.0/openmrs.war?ts=gAAAAABhKjROvEvFXfmg58yJUSgKhdknP49W_J0BUuIprg6UaZV46lqldC_X5WEPopYXlRA0jfiUbJcS5qw6eMCg-kAoiF94Ow%3D%3D&r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fopenmrs%2Ffiles%2Freleases%2FOpenMRS_Platform_2.4.0%2Fopenmrs.war%2Fdownload
   93  cd ..
   94  mkdir platform2.3.2
   95  mkdir reference-addons
   96  cd reference-addons
   97  wget -O reference-apps-2.11.0.zip https://downloads.sourceforge.net/project/openmrs/releases/OpenMRS_Reference_Application_2.11.0/referenceapplication-addons-2.11.0.zip?ts=gAAAAABhKjU8AyulzDuNfYkuaOZxINrp2ADRKzMPWu76g46hx8_5E60v3lv4H_7_dXnzXATtW__USmp_YANVMaMdv6niFYbSEw%3D%3D&r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fopenmrs%2Ffiles%2Freleases%2FOpenMRS_Reference_Application_2.11.0%2Freferenceapplication-addons-2.11.0.zip%2Fdownload
   99  cd ..
  100  cd platform2.3.2
  101  wget -O openmrs https://downloads.sourceforge.net/project/openmrs/releases/OpenMRS_Platform_2.3.2/openmrs.war?ts=gAAAAABhKjWLY3Ie1VhKvEqS0aQIQW-O2685GhCgT4QT2gyqeWr0706l-bC30FfkTvzo-kmtIIkHN2b1R7lYXK1x1zOrganaZA%3D%3D&r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fopenmrs%2Ffiles%2Freleases%2FOpenMRS_Platform_2.3.2%2Fopenmrs.war%2Fdownload
  104  cd /opt/tomcat7
  115  cd webapps
  119  vi $CATALINA_HOME/webapps/host-manager/META-INF/context.xml
  <!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->
  120  vi $CATALINA_HOME/webapps/manager/META-INF/context.xml
  <!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->
  121  systemctl restart tomcat7
http://your.server.com:8080

At least I can access the OpenMRS initialsetup and don’t feel that I’ve added too much unnecessary files/software.

Now to look at how Turnkey Tomcat implements Let’s Encrypt and try to apply it here.

Notes:

• The OpenMRS mySQL database and user needs setup.
• /home/staff/repo holds two versions of openmrs and reference add-ons, for possible deployment.
• Webmin or Adminer may be installed to ease administration.

Hope this helps someone, including me.

Am sorry! I should have shared with you this guide OpenMRS SDK - Documentation - OpenMRS Wiki before I believe it would have saved you great.

I would love if someone helped create an AWS image that would allow anyone to stand up a fully configured system in the cloud. I have one that I use for OpenMRS 1.6.6 for managing CIEL dictionary work, but why haven’t we done this?

Thanks. Though that includes SDK, which is of no interest to me and has “Maven” whatever extra complications that brings.

AWS is one one the last places that I’d store confidential information. It also hosts a heap of spammers/crackers and port scanners. Where data integrity (security and confidentiality) is concerned, it is safer to stay away from these type of systems, IMHO.

Note that the definition for Cloud Computing is used and abused a lot. It doesn’t necessarily mean data integrity/high availability/resilience.

My current trials with Ubuntu are using a server provider’s ISO template. Even that isn’t good enough for production use, as you never know if there’s a backdoor. My intention is to rebuild a similar VPS, following my saved steps but with an official ISO and an encrypted plus optimised disc layout.

The good news is that I now have a secured, Let’sEncrypt https connection to OpenMRS, after a few more hours worth of searching around the internet. I’ll present the steps here, once I have removed some bad information that I found, in respect of automation.

Part 2 - Getting Let’s Encrypt Working with Tomcat

Note: An ambiguously worded Common Name field during the cert creation needs to be the FQDN of your server.

  131  cd /home/staff
...
  145  apt install certbot
  147  mkdir /usr/share/tomcat
  148  keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/share/tomcat/.keystore -keysize 2048
  149  keytool -certreq -alias tomcat -file request.csr -keystore /usr/share/tomcat/.keystore
  150  certbot certonly --csr request.csr
  155  keytool -import -trustcacerts -alias tomcat -file /home/staff/0001_chain.pem -keystore /usr/share/tomcat/.keystore
  159  cp /opt/tomcat7/conf/server.xml /opt/tomcat7/conf/server.xml.nossl
  160  vi /opt/tomcat7/conf/server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" KeystoreFile="/usr/share/tomcat/.keystore" KeystorePass="your-keystore-password" />

  161  systemctl restart  tomcat7
https://your.server.com:8443

Part 3 should be the non-ideal method of updating the Tomcat proprietary SSL key.

[ I’ve broken openMRS, when trying to remove some extraneous modules: I don’t need to exchange data with other installations etc. It’s a shame that the Reference Add-ons aren’t a little bit pared down. So, I guess I’ll start again from scratch, this time with a better (manual) disc layout. ]