OpenEMR is a comprehensive open-source electronic health record and medical practice management system. Certified by the Office of the National Coordinator for Health Information Technology (ONC), it offers integrated health records, practice management, scheduling, electronic billing, internationalization, and free support. OpenEMR can efficiently manage patient demographics, scheduling, detailed health records, prescriptions, billing, report generation, and supports multiple languages.
This guide will walk you through the installation of OpenEMR on a Ubuntu 22.04 server.
Prerequisites
- An Ubuntu 20.04 server.
- A non-root user with sudo privileges.
- A fully qualified domain name (FQDN), e.g.,
openemr.example.com. - Ensure your system is updated:
$ sudo apt update $ sudo apt upgrade
- Install necessary packages:
$ sudo apt install wget curl nano ufw software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release ubuntu-keyring unzip -y
Note: Some packages may already exist on your system.
Step 1 – Configure the Firewall
Ubuntu includes the ufw (Uncomplicated Firewall) by default. Begin by checking if the firewall is active:
$ sudo ufw status
If your firewall is inactive:
Status: inactive
To avoid losing your SSH connection, first allow SSH:
$ sudo ufw allow OpenSSH
Permit HTTP and HTTPS traffic:
$ sudo ufw allow http $ sudo ufw allow https
Enable the firewall:
$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
Re-check the firewall status:
$ sudo ufw status
An output showing active status indicates successful configuration:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 80/tcp ALLOW Anywhere 443 ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Step 2 – Install Nginx
To obtain the latest version of Nginx, acquire the official Nginx repository. Begin by importing the signing key:
$ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Add the repository source for the stable version:
$ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
Update system repositories:
$ sudo apt update
Install and verify Nginx:
$ sudo apt install nginx
$ nginx -v nginx version: nginx/1.24.0
Start Nginx:
$ sudo systemctl start nginx
Step 3 – Install MySQL
Use this command to install MySQL:
$ sudo apt install mysql-server
Verify its installation:
$ mysql --version mysql Ver 8.0.33-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
For MySQL versions 8.0.28 and above, enter the MySQL shell:
$ sudo mysql
Set up a new root password for security reasons:
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourPassword12!';
Leave the MySQL shell:
mysql> exit
Secure the installation by running this script:
$ sudo mysql_secure_installation
During this process, follow the prompts to finish securing your MySQL setup.
Step 4 – Configure MySQL
Log into the MySQL shell using your root credentials:
$ sudo mysql -u root -p
Create a database for OpenEMR:
mysql> CREATE DATABASE openemr;
Create and configure a new MySQL user:
mysql> CREATE USER 'openemruser'@'localhost' IDENTIFIED BY 'Your_password2'; mysql> GRANT ALL PRIVILEGES ON openemr.* TO 'openemruser'@'localhost'; mysql> FLUSH PRIVILEGES;
Exit the shell:
mysql> exit
Step 5 – Install PHP and its Extensions
Ubuntu 22.04 includes PHP version 8.1.2, which is slightly outdated. To install PHP 8.2, execute:
$ sudo add-apt-repository ppa:ondrej/php
Install PHP 8.2 and its necessary extensions for OpenEMR:
$ sudo apt install php8.2-fpm php8.2-mysql php8.2-bcmath php8.2-xml php8.2-zip php8.2-curl php8.2-mbstring php8.2-gd php8.2-tidy php8.2-intl php8.2-cli php8.2-soap imagemagick libtiff-tools php8.2-ldap
Confirm PHP installation:
$ php --version
PHP 8.2.7 (cli) (built: Jun 8 2023 15:27:40) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.7, Copyright (c) Zend Technologies
with Zend OPcache v8.2.7, Copyright (c), by Zend Technologies
Step 6 – Install SSL
For SSL, we will use Certbot (installed via Snapd) to generate a certificate:
Ensure Snapd is updated:
$ sudo snap install core && sudo snap refresh core
Install Certbot:
$ sudo snap install --classic certbot
Create a symbolic link for easier access:
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Generate an SSL certificate:
$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m name@example.com -d openemr.example.com
Generate a Diffie-Hellman group certificate:
$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
Check the Certbot renewal service:
$ sudo systemctl list-timers
Perform a dry run to ensure renewal tasks are successful:
$ sudo certbot renew --dry-run
The absence of errors indicates that your certificate will renew automatically.
Step 7 – Download OpenEMR
From the OpenEMR download page, acquire the latest version:
$ wget https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/7.0.1/openemr-7.0.1.tar.gz
Extract and move the files to the Nginx root directory:
$ tar -pxzf openemr-7.0.1.tar.gz sudo mkdir /var/www/html -p sudo mv openemr-7.0.1 /var/www/html/openemr
Set appropriate permissions:
$ sudo chown -R nginx:nginx /var/www/html/openemr
Step 8 – Configure PHP-FPM
Edit the following configuration file:
$ sudo nano /etc/php/8.2/fpm/pool.d/www.conf
Modify these lines to configure PHP processes to use the Nginx user:
user = nginx group = nginx listen.owner = nginx listen.group = nginx
Save changes and exit.
Improve PHP-FPM settings for better performance:
$ sudo sed -i 's/max_execution_time = 30/max_execution_time = 60/' /etc/php/8.2/fpm/php.ini $ sudo sed -i 's/max_input_time = 60/max_input_time = -1/' /etc/php/8.2/fpm/php.ini $ sudo sed -i 's/memory_limit = 128M/memory_limit = 512M/' /etc/php/8.2/fpm/php.ini $ sudo sed -i 's/post_max_size = 8M/post_max_size = 30M/' /etc/php/8.2/fpm/php.ini $ sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 30M/' /etc/php/8.2/fpm/php.ini $ sudo sed -i 's/;max_input_vars = 1000/max_input_vars = 3000/g' /etc/php/8.2/fpm/php.ini $ sudo sed -i 's/;mysqli.allow_local_infile = On/mysqli.allow_local_infile = On/g' /etc/php/8.2/fpm/php.ini
Restart PHP-FPM:
$ sudo systemctl restart php8.2-fpm
Adjust PHP session permissions:
$ sudo chgrp -R nginx /var/lib/php/sessions
Step 9 – Configure Nginx
Open the Nginx configuration file for editing:
$ sudo nano /etc/nginx/conf.d/openemr.conf
Insert the following Nginx server block configuration:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name openemr.example.com;
access_log /var/log/nginx/openemr.access.log;
error_log /var/log/nginx/openemr.error.log;
# SSL
ssl_certificate /etc/letsencrypt/live/openemr.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/openemr.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/openemr.example.com/chain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
root /var/www/html/openemr;
index index.php;
location / {
try_files $uri $uri/ /index.php;
}
# Pass PHP Scripts To FastCGI Server
location ~* \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Depends On The PHP Version
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
}
# deny access to writable files/directories
location ~* ^/sites/*/(documents|edi|era) {
deny all;
return 404;
}
# deny access to certain directories
location ~* ^/(contrib|tests) {
deny all;
return 404;
}
# Alternatively all access to these files can be denied
location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
deny all;
return 404;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
}
# enforce HTTPS
server {
listen 80;
listen [::]:80;
server_name openemr.example.com;
return 301 https://$host$request_uri;
}
Set the necessary server names setting in the nginx configuration file:
$ sudo nano /etc/nginx/nginx.conf
Add this line:
server_names_hash_bucket_size 64;
Test the Nginx configuration syntax:
$ sudo nginx -t
Restart Nginx to apply changes:
$ sudo systemctl restart nginx
Step 10 – Finalize the OpenEMR Installation
Access the installation page at https://openemr.example.com and follow the setup instructions. Proceed through the steps on your web browser, providing database and user credentials as required. Complete each setup stage as directed by the installation prompts.
Conclusion
By following this guide, you have successfully installed and configured OpenEMR on a Ubuntu 22.04 server. For questions or further inquiries, feel free to post comments below.
FAQ
- Can I install OpenEMR on another version of Ubuntu?Yes, the installation steps are similar for other Ubuntu versions, though you may need to adjust instructions according to package versions and availability.
- Is it necessary to use Nginx or can I use Apache?You can use either Nginx or Apache. This guide focuses on Nginx, but OpenEMR also supports Apache setups.
- What should I do if I encounter errors during installation?Double-check each step for accuracy. Ensure all commands, filenames, and paths are correct. If issues persist, consult OpenEMR’s community support or forums for assistance.
- Can I configure additional security settings for OpenEMR?Yes, additional security configurations can be applied, such as more restrictive file permissions, enhanced firewall rules, and setting up a VPN for access.