admin:server_installation_3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
admin:server_installation_3 [2023/06/01 23:33] – [Starting the Server for the first time] Mark Gloveradmin:server_installation_3 [2024/06/19 05:02] (current) – [Configuring Windows firewall on server] Kahn Wynyard
Line 4: Line 4:
 \\ **These steps need to be carried out after completing the steps described in:\\ [[admin:server_installation|20.01 mSupply client/server installation part 1]]\\ [[admin:server_installation_2|20.02 mSupply client/server installation part 2]]**  </WRAP> \\ **These steps need to be carried out after completing the steps described in:\\ [[admin:server_installation|20.01 mSupply client/server installation part 1]]\\ [[admin:server_installation_2|20.02 mSupply client/server installation part 2]]**  </WRAP>
  
 +==== Obtaining a data file ====
 +
 +If you are setting up a sync site for a synced system, then you will need to:
 +  - Generate the XML file for the sync site from the central server - refer [[synchronisation:site_export|29.04. Sync Site Export]]
 +  - If creating a single-user sync site:
 +    - Transfer the XML file to the sync site.  The Dropbox that you configured in [[admin:server_installation_2#install_dropbox|Install Dropbox]] is handy for this purpose.
 +    - Create the datafile from this XML file through [[synchronisation:site_import|29.05. Sync Site Import]].
 +  - If creating a server sync site:
 +    - Create the datafile from this XML file through [[synchronisation:site_import|29.05. Sync Site Import]]. This could be done on the server, but is normally easier to do 'locally' <wrap em>Make sure you are NOT using a version of mSupply more recent than that being installed on the server.</wrap>  Contact support@msupply.foundation to confirm which version to install.
 +    - Transfer the datafile to the sync site.  The Dropbox that you configured in [[admin:server_installation_2#install_dropbox|Install Dropbox]] is handy for this purpose.
 ==== Installing mSupply Server software ==== ==== Installing mSupply Server software ====
 === If you are upgrading from a previous version... === === If you are upgrading from a previous version... ===
Line 63: Line 73:
 <WRAP center round alert 60%> <WRAP center round alert 60%>
   * There is no point in carrying out the following steps unless you are ready to create a new mSupply data file, or you have one to load.   * There is no point in carrying out the following steps unless you are ready to create a new mSupply data file, or you have one to load.
-  * If this is a satellite site on a synced system, you should have one to load.  Instructions for generating a sync satellite data file are [[synchronisation:site_export|29.04. Sync Site Export]].+  * If this is a satellite site on a synced system, you should have one to load - refer [[admin:server_installation_3#obtaining_a_data_file|Obtaining a data file]].
 </WRAP> </WRAP>
  
Line 166: Line 176:
 === Configure cache === === Configure cache ===
  
-**Edit** > **Database Settings** > **User settings for Data file**+**Edit** > **Settings** > **User settings for Data file**
  
 {{ :admin:user_settings_-_edit.png?800 |}} {{ :admin:user_settings_-_edit.png?800 |}}
Line 266: Line 276:
  
  
 +==== SSL Certificate ====
 +The mSupply server also has a webserver as mentioned [[web_interface:using_the_web_server#msupply_web_server|here.]]
 +
 +It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the SSL certificate that has been purchased from a SSL vendor. 
 +
 +Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below. 
 +
 +{{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}}
 +
 +The cert.pem file contains the certificate in the following format and can have the root as well as the intermediate certificate.
 +
 +<code>
 +-----BEGIN CERTIFICATE-----
 +MIIGUzCCBTugAwIBAgIRAP9nsdfsfdsdfYH0oEZgg3k28WUoYQgQwDQYJKoZIhvc
 +gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
 +BgNVBAcTB1NhbGZvcassdsdmQxGDAWBgNVBAoTsdfsD1NlY3RpZ28gTGltaXRlZD
 +AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
 +QTAeFw0yMzA2MTYwMDAwMdsadsdDBaFw0yNDA2MTUyMzU5NTlaMCExHzAdBgNVB
 +Junk
 +-----END CERTIFICATE-----
 +
 +-----BEGIN CERTIFICATE-----
 +MIIGEzdddhuyuyuyuCCA/ugAwIBAasdasdgIQfVtRJrR2uhHbdBYLvFMNpzANBg
 +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
 +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
 +BAMTJVVTRVJUcnVzdCBSU0EgQsdsd2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhc
 +MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
 +Junk
 +-----END CERTIFICATE-----
 +</code>
 +
 +The the key.pem file contains 
 +
 +<code>
 +-----BEGIN PRIVATE KEY-----
 +MIIEvAIBADANBgkasasdfqhkiG9w0BhgghAQEFAASCBKYwggSiAgEAAoIBAQCqPA
 +TZB5GnFAODhHMTU+pqGD8eS6NOzWwhoyb2dvZv1w2Gh6fcprPUpATltvcMe8q+fe
 ++ITiYylKfcs2nNYyirr2sdfsdfSPGMKR277MW6G7etFCGjBH/Ae9gRcFk4z8Arnj
 +e9oRf/UChO21bHjN9itHGIT/7ssp068EufJ+thAdDxzp3xNw70lkAXMxzsZhSJ8k
 +CTvUxUF6Niul/1ZReUURCZp6coIweewerRhoLe6KXpgfuuIqtpvyOs2AcGRI6qfx
 +iC20nTBKweefzPg4Uo9d6DdhQD7xdklD1SXlcTgEXpa0Cc/iUGthXWvyWyff5uB
 +junk==
 +-----END PRIVATE KEY-----
 +</code>
 +
 +More recently we have moved towards using Caddy server software which setup a reverse proxy server which use Let's Encrypt to automatically update SSL certificates. This will avoid the need to manually watch and update expiring SSL 
 ==== Installing mSupply Client ==== ==== Installing mSupply Client ====
 Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server. Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server.
Line 361: Line 417:
 To locate an mSupply server on a network mSupply client broadcasts over the subnet on random UDP ports from 49157 and above. As such inbound UDP ports from 49157 upwards should be opened on the server firewall. If these UDP ports are not open on the server then the clients cannot automatically find the server. However clients can still be manually directed to the server IP address by holding alt when client is opening, and entering the IP address in the network address field of the custom tab. To locate an mSupply server on a network mSupply client broadcasts over the subnet on random UDP ports from 49157 and above. As such inbound UDP ports from 49157 upwards should be opened on the server firewall. If these UDP ports are not open on the server then the clients cannot automatically find the server. However clients can still be manually directed to the server IP address by holding alt when client is opening, and entering the IP address in the network address field of the custom tab.
  
-The default ports for client/server communication in mSupply server are TCP 19812 19813. +The default ports for client/server communication in mSupply server are TCP 1981219813 & 19814
-The server firewall will require inbound TCP ports 19812 and 19813 to be opened (however these ports can be changed in mSupply server if required).+The server firewall will require inbound TCP ports 1981219813 and 19814 to be opened (however these ports can be changed in mSupply server if required).
 </WRAP> </WRAP>
  
Line 381: Line 437:
 As part of the installation, a batch file with the name **Reset client temp folder** is installed on the desktop. This is for use if the client begins to behave incorrectly in the future, as described on the [[faq:how_to_re-set_msupply_client|]] page. It is not for use during installation so you can safely ignore it until it is needed in the future. It is safe to move the batch file to somewhere other than the desktop if needed.  As part of the installation, a batch file with the name **Reset client temp folder** is installed on the desktop. This is for use if the client begins to behave incorrectly in the future, as described on the [[faq:how_to_re-set_msupply_client|]] page. It is not for use during installation so you can safely ignore it until it is needed in the future. It is safe to move the batch file to somewhere other than the desktop if needed. 
 </WRAP> </WRAP>
 +
 +=== Forcing mSupply client to connect to a specific mSupply Server ===
 +
 +Within an organisation it is possible to have multiple mSupply server running like in the image shown below.
 +
 +{{ :admin:mutiple_msupply_client.png?300 |}}
 +
 +Now you as a administrator may require a particular mSupply client to connect to one of the server and to ignore the others. To reduce confusion to the user you may require the user to connect to a particular mSupply client. 
 +
 +It is possible to direct a mSupply client application to look out for a particular mSupply server only. Let us assume that you want a certain computer to access the mSupply server with a IP address of : 192.168.3.200
 +
 +  * Install the mSupply Client.
 +  * Navigate to `C:\mSupply client\Database`
 +  * You will see the `EnginedServer.4DLink`  file,  use Notepad to open it.
 +  * For the server path `server_path=":19813" Enter a valid msupply server IP like  `server_path="192.168.3.200:19813"`
 +  * save the `EnginedServer.4DLink`  file
 +  * Now when you start the mSupply client, it will know where the mSupply server is and will look for the IP : 192.168.3.200
 +
 +{{ :admin:solomons_4dclient_link_file-2023-06-08-t19-38.png?700 |}}
  
 ==== mSupply Server configuration ==== ==== mSupply Server configuration ====
  • Last modified: 2023/06/01 23:33
  • by Mark Glover