admin:server_installation_3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
admin:server_installation_3 [2023/06/12 11:55] – [Forcing mSupply client to connect to a specific mSupply Server] Ujwal Khatryadmin:server_installation_3 [2023/08/02 00:31] (current) – [SSL Certificate] Mark Glover
Line 176: Line 176:
 === Configure cache === === Configure cache ===
  
-**Edit** > **Database Settings** > **User settings for Data file**+**Edit** > **Settings** > **User settings for Data file**
  
 {{ :admin:user_settings_-_edit.png?800 |}} {{ :admin:user_settings_-_edit.png?800 |}}
Line 276: Line 276:
  
  
 +==== SSL Certificate ====
 +The mSupply server also has a webserver as mentioned [[web_interface:using_the_web_server#msupply_web_server|here.]]
 +
 +It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the SSL certificate that has been purchased from a SSL vendor. 
 +
 +Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below. 
 +
 +{{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}}
 +
 +The cert.pem file contains the certificate in the following format and can have the root as well as the intermediate certificate.
 +
 +<code>
 +-----BEGIN CERTIFICATE-----
 +MIIGUzCCBTugAwIBAgIRAP9nsdfsfdsdfYH0oEZgg3k28WUoYQgQwDQYJKoZIhvc
 +gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
 +BgNVBAcTB1NhbGZvcassdsdmQxGDAWBgNVBAoTsdfsD1NlY3RpZ28gTGltaXRlZD
 +AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
 +QTAeFw0yMzA2MTYwMDAwMdsadsdDBaFw0yNDA2MTUyMzU5NTlaMCExHzAdBgNVB
 +Junk
 +-----END CERTIFICATE-----
 +
 +-----BEGIN CERTIFICATE-----
 +MIIGEzdddhuyuyuyuCCA/ugAwIBAasdasdgIQfVtRJrR2uhHbdBYLvFMNpzANBg
 +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
 +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
 +BAMTJVVTRVJUcnVzdCBSU0EgQsdsd2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhc
 +MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
 +Junk
 +-----END CERTIFICATE-----
 +</code>
 +
 +The the key.pem file contains 
 +
 +<code>
 +-----BEGIN PRIVATE KEY-----
 +MIIEvAIBADANBgkasasdfqhkiG9w0BhgghAQEFAASCBKYwggSiAgEAAoIBAQCqPA
 +TZB5GnFAODhHMTU+pqGD8eS6NOzWwhoyb2dvZv1w2Gh6fcprPUpATltvcMe8q+fe
 ++ITiYylKfcs2nNYyirr2sdfsdfSPGMKR277MW6G7etFCGjBH/Ae9gRcFk4z8Arnj
 +e9oRf/UChO21bHjN9itHGIT/7ssp068EufJ+thAdDxzp3xNw70lkAXMxzsZhSJ8k
 +CTvUxUF6Niul/1ZReUURCZp6coIweewerRhoLe6KXpgfuuIqtpvyOs2AcGRI6qfx
 +iC20nTBKweefzPg4Uo9d6DdhQD7xdklD1SXlcTgEXpa0Cc/iUGthXWvyWyff5uB
 +junk==
 +-----END PRIVATE KEY-----
 +</code>
 +
 +More recently we have moved towards using Caddy server software which setup a reverse proxy server which use Let's Encrypt to automatically update SSL certificates. This will avoid the need to manually watch and update expiring SSL 
 ==== Installing mSupply Client ==== ==== Installing mSupply Client ====
 Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server. Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server.
Line 409: Line 455:
   * Now when you start the mSupply client, it will know where the mSupply server is and will look for the IP : 192.168.3.200   * Now when you start the mSupply client, it will know where the mSupply server is and will look for the IP : 192.168.3.200
  
-{{ :admin:solomons_4dclient_link_file-2023-06-08-t19-38.png?600 |}}+{{ :admin:solomons_4dclient_link_file-2023-06-08-t19-38.png?700 |}}
  
 ==== mSupply Server configuration ==== ==== mSupply Server configuration ====
  • Last modified: 2023/06/12 11:55
  • by Ujwal Khatry