admin:server_installation_3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
admin:server_installation_3 [2023/07/24 11:01] – [Installing mSupply Client] Ujwal Khatryadmin:server_installation_3 [2024/06/19 05:02] (current) – [Configuring Windows firewall on server] Kahn Wynyard
Line 176: Line 176:
 === Configure cache === === Configure cache ===
  
-**Edit** > **Database Settings** > **User settings for Data file**+**Edit** > **Settings** > **User settings for Data file**
  
 {{ :admin:user_settings_-_edit.png?800 |}} {{ :admin:user_settings_-_edit.png?800 |}}
Line 277: Line 277:
  
 ==== SSL Certificate ==== ==== SSL Certificate ====
-The mSupply server also has a webserver as mentioned here :+The mSupply server also has a webserver as mentioned [[web_interface:using_the_web_server#msupply_web_server|here.]]
  
-It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the purchased SSL certificate that has been purchased from a SSL vendor. +It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the SSL certificate that has been purchased from a SSL vendor. 
  
 Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below.  Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below. 
Line 285: Line 285:
 {{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}} {{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}}
  
- +The cert.pem file contains the certificate in the following format and can have the root as well as the intermediate certificate.
  
 +<code>
 +-----BEGIN CERTIFICATE-----
 +MIIGUzCCBTugAwIBAgIRAP9nsdfsfdsdfYH0oEZgg3k28WUoYQgQwDQYJKoZIhvc
 +gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
 +BgNVBAcTB1NhbGZvcassdsdmQxGDAWBgNVBAoTsdfsD1NlY3RpZ28gTGltaXRlZD
 +AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
 +QTAeFw0yMzA2MTYwMDAwMdsadsdDBaFw0yNDA2MTUyMzU5NTlaMCExHzAdBgNVB
 +Junk
 +-----END CERTIFICATE-----
  
 +-----BEGIN CERTIFICATE-----
 +MIIGEzdddhuyuyuyuCCA/ugAwIBAasdasdgIQfVtRJrR2uhHbdBYLvFMNpzANBg
 +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
 +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
 +BAMTJVVTRVJUcnVzdCBSU0EgQsdsd2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhc
 +MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
 +Junk
 +-----END CERTIFICATE-----
 +</code>
 +
 +The the key.pem file contains 
 +
 +<code>
 +-----BEGIN PRIVATE KEY-----
 +MIIEvAIBADANBgkasasdfqhkiG9w0BhgghAQEFAASCBKYwggSiAgEAAoIBAQCqPA
 +TZB5GnFAODhHMTU+pqGD8eS6NOzWwhoyb2dvZv1w2Gh6fcprPUpATltvcMe8q+fe
 ++ITiYylKfcs2nNYyirr2sdfsdfSPGMKR277MW6G7etFCGjBH/Ae9gRcFk4z8Arnj
 +e9oRf/UChO21bHjN9itHGIT/7ssp068EufJ+thAdDxzp3xNw70lkAXMxzsZhSJ8k
 +CTvUxUF6Niul/1ZReUURCZp6coIweewerRhoLe6KXpgfuuIqtpvyOs2AcGRI6qfx
 +iC20nTBKweefzPg4Uo9d6DdhQD7xdklD1SXlcTgEXpa0Cc/iUGthXWvyWyff5uB
 +junk==
 +-----END PRIVATE KEY-----
 +</code>
 +
 +More recently we have moved towards using Caddy server software which setup a reverse proxy server which use Let's Encrypt to automatically update SSL certificates. This will avoid the need to manually watch and update expiring SSL 
 ==== Installing mSupply Client ==== ==== Installing mSupply Client ====
 Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server. Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server.
Line 383: Line 417:
 To locate an mSupply server on a network mSupply client broadcasts over the subnet on random UDP ports from 49157 and above. As such inbound UDP ports from 49157 upwards should be opened on the server firewall. If these UDP ports are not open on the server then the clients cannot automatically find the server. However clients can still be manually directed to the server IP address by holding alt when client is opening, and entering the IP address in the network address field of the custom tab. To locate an mSupply server on a network mSupply client broadcasts over the subnet on random UDP ports from 49157 and above. As such inbound UDP ports from 49157 upwards should be opened on the server firewall. If these UDP ports are not open on the server then the clients cannot automatically find the server. However clients can still be manually directed to the server IP address by holding alt when client is opening, and entering the IP address in the network address field of the custom tab.
  
-The default ports for client/server communication in mSupply server are TCP 19812 19813. +The default ports for client/server communication in mSupply server are TCP 1981219813 & 19814
-The server firewall will require inbound TCP ports 19812 and 19813 to be opened (however these ports can be changed in mSupply server if required).+The server firewall will require inbound TCP ports 1981219813 and 19814 to be opened (however these ports can be changed in mSupply server if required).
 </WRAP> </WRAP>
  
  • Last modified: 2023/07/24 11:01
  • by Ujwal Khatry