Differences

This shows you the differences between two versions of the page.

--- admin:server_installation_3 [2023/06/02 00:05] – [Starting the Server for the first time] Mark Glover
+++ admin:server_installation_3 [2023/08/02 00:31] (current) – [SSL Certificate] Mark Glover
@@ Line 12: / Line 12: @@
     - Create the datafile from this XML file through [[synchronisation:site_import|29.05. Sync Site Import]].
   - If creating a server sync site:
-    - Create the datafile from this XML file through [[synchronisation:site_import|29.05. Sync Site Import]]. This could be done on the server, but is normally easier to do 'locally'.  <wrap em>Make sure you are NOT using a version of mSupply more recent than that being installed on the server.</wrap>
+    - Create the datafile from this XML file through [[synchronisation:site_import|29.05. Sync Site Import]]. This could be done on the server, but is normally easier to do 'locally'.  <wrap em>Make sure you are NOT using a version of mSupply more recent than that being installed on the server.</wrap>  Contact support@msupply.foundation to confirm which version to install.
     - Transfer the datafile to the sync site.  The Dropbox that you configured in [[admin:server_installation_2#install_dropbox|Install Dropbox]] is handy for this purpose.
 ==== Installing mSupply Server software ====
@@ Line 176: / Line 176: @@
 === Configure cache ===
-**Edit** > **Database Settings** > **User settings for Data file**
+**Edit** > **Settings** > **User settings for Data file**
 {{ :admin:user_settings_-_edit.png?800 |}}
@@ Line 276: / Line 276: @@
+==== SSL Certificate ====
+The mSupply server also has a webserver as mentioned [[web_interface:using_the_web_server#msupply_web_server|here.]]
+It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the SSL certificate that has been purchased from a SSL vendor.
+Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below.
+{{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}}
+The cert.pem file contains the certificate in the following format and can have the root as well as the intermediate certificate.
+<code>
+-----BEGIN CERTIFICATE-----
+MIIGUzCCBTugAwIBAgIRAP9nsdfsfdsdfYH0oEZgg3k28WUoYQgQwDQYJKoZIhvc
+gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcassdsdmQxGDAWBgNVBAoTsdfsD1NlY3RpZ28gTGltaXRlZD
+AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
+QTAeFw0yMzA2MTYwMDAwMdsadsdDBaFw0yNDA2MTUyMzU5NTlaMCExHzAdBgNVB
+Junk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGEzdddhuyuyuyuCCA/ugAwIBAasdasdgIQfVtRJrR2uhHbdBYLvFMNpzANBg
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQsdsd2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhc
+MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
+Junk
+-----END CERTIFICATE-----
+</code>
+The the key.pem file contains
+<code>
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkasasdfqhkiG9w0BhgghAQEFAASCBKYwggSiAgEAAoIBAQCqPA
+TZB5GnFAODhHMTU+pqGD8eS6NOzWwhoyb2dvZv1w2Gh6fcprPUpATltvcMe8q+fe
++ITiYylKfcs2nNYyirr2sdfsdfSPGMKR277MW6G7etFCGjBH/Ae9gRcFk4z8Arnj
+e9oRf/UChO21bHjN9itHGIT/7ssp068EufJ+thAdDxzp3xNw70lkAXMxzsZhSJ8k
+CTvUxUF6Niul/1ZReUURCZp6coIweewerRhoLe6KXpgfuuIqtpvyOs2AcGRI6qfx
+iC20nTBKweefzPg4Uo9d6DdhQD7xdklD1SXlcTgEXpa0Cc/iUGthXWvyWyff5uB
+junk==
+-----END PRIVATE KEY-----
+</code>
+More recently we have moved towards using Caddy server software which setup a reverse proxy server which use Let's Encrypt to automatically update SSL certificates. This will avoid the need to manually watch and update expiring SSL
 ==== Installing mSupply Client ====
 Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server.
@@ Line 391: / Line 437: @@
 As part of the installation, a batch file with the name **Reset client temp folder** is installed on the desktop. This is for use if the client begins to behave incorrectly in the future, as described on the [[faq:how_to_re-set_msupply_client|]] page. It is not for use during installation so you can safely ignore it until it is needed in the future. It is safe to move the batch file to somewhere other than the desktop if needed.
 </WRAP>
+=== Forcing mSupply client to connect to a specific mSupply Server ===
+Within an organisation it is possible to have multiple mSupply server running like in the image shown below.
+{{ :admin:mutiple_msupply_client.png?300 |}}
+Now you as a administrator may require a particular mSupply client to connect to one of the server and to ignore the others. To reduce confusion to the user you may require the user to connect to a particular mSupply client.
+It is possible to direct a mSupply client application to look out for a particular mSupply server only. Let us assume that you want a certain computer to access the mSupply server with a IP address of : 192.168.3.200
+  * Install the mSupply Client.
+  * Navigate to `C:\mSupply client\Database`
+  * You will see the `EnginedServer.4DLink`  file,  use Notepad to open it.
+  * For the server path `server_path=":19813"`  Enter a valid msupply server IP like  `server_path="192.168.3.200:19813"`
+  * save the `EnginedServer.4DLink`  file
+  * Now when you start the mSupply client, it will know where the mSupply server is and will look for the IP : 192.168.3.200
+{{ :admin:solomons_4dclient_link_file-2023-06-08-t19-38.png?700 |}}
 ==== mSupply Server configuration ====