Example Apache Server Installation
for Centricity
®
Electronic Medical Record
—browser & mobile access
GE HealthcareIntroduction
These instructions describe how to install and configure an Apache server to provide encryption and a firewall when you use Centricity® Electronic Medical
Record—browser and mobile access.
Before you begin
Before you install and configure the Apache server:
Install Centricity® EMR 9.1 or 9.2
Installation and configuration steps
1 Install Apache software:
a Download the best available version from http://httpd.apache.org.
b Using the Apache-provided executable, install the full software package. When prompted, select the default location.
2 Verify the Apache installation is correctly installed: a Start Apache. In a command window, type:
httpd –k restart
or
navigate to Start>Programs>Administrative Tools>Services. Click on the Apache server listing, right click and select Restart.
Note: This installation does not represent a complete security
implementation. For more information regarding security guidelines, refer to
Centricity Electronic Medical Record—browser and mobile access Security Considerations or Preparing and Maintaining Centricity Electronic Medical Record. For more information regarding the software, refer to:
http://www.jboss.org/community/docs/DOC-12529 http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html http://www.openssl.org
http://httpd.apache.org
Note: These directions are for use with Apache HTTP Server 2.2.11 and the download link:
Win32 Binary including OpenSSL 0.9.8i.
Other versions may require modified or additional steps.
Note: These steps assume the Apache software is installed on the same server as JBoss.
b Test the installation:
Test http (port 80 access.) If the installation is correctly configured, the
window appears. In the browser address bar, type:
http://<hostname>
Test https (port443 access.) Since you have not yet configured https, the
browser should be unable to find the browser page. In the browser address bar, type:
https://<hostname>
3 Obtain an SSL certificate. You can purchase a certificate or create a certificate for testing purposes by using OpenSSL. To create a certificate:
a Install OpenSSL:
i Navigate to http://www.openssl.org/related/binaries.html The link on the page redirects to:
http://www.slproweb.com/products/Win32OpenSSL.htm
ii Select Win32 OpenSSL v0.9.8k Light from the list, double click and select Run to install.
b Create certificate:
i In a command window, navigate to the directory Apache\bin and type at the prompt:
set OPENSSL_CFG=./openssl.cnf
ii When the prompt returns, type:
openssl req -new -x509 -nodes -out server.crt -keyout server.key
Answer the prompts to receive a certificate file server .crt
4 Copy the apache/conf directory tree to another directory as a back-up starting reference.
Note: You can find the hostname by opening a command window and at the prompt, typing:
hostname
Note: Figure 1 shows an error message you may receive. Ignore the message and click OK to continue the installation.
Figure 1: Error message
Note: For more information on the types of ssl certificates (.crt), see http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
5 Configure JBoss:
a Modify the file: Program Files\Centricity Practice Solution 90\JBoss Application Server\jboss\jboss\server\default\deploy
\jboss-web.deployer\server.xml to add the jvmRoute and change port 8009 to 9009. Add the bolded text:
<!-- Define an AJP 1.3 Connector on port 9009 --> <Connector port="9009" address="${jboss.bind.address}" protocol="AJP/1.3"emptySessionPath="true"
enableLookups="false" redirectPort="8443" />
<Engine name="jboss.web" defaultHost="localhost"
jvmRoute="nodeA">
b Save and close the file. c Restart JBoss:
Navigate to Start>Programs>Administrative Tools>Services Click on the JBoss server listing, right click and select Restart.
6 Populate the Apache htdocs directory. For each deployment (for example, the training database and the production database), copy the contents of
jboss\server\default\deploy\<deployname>.emrgwt.war to htdocs\Centricity\<deployname>\emrgwt
Figure 2 shows an example of Apache htdocs directory population. Figure 2: Populating Apache htdocs
Note: The default configuration has two deployments, for example, logician-tut and logician-ml.
Each time you update the Centricity—browser and mobile software via the SetStage “Install/update Service Layer” utility, repeat this step to update the Apache htdocs directory with the new content.
7 Configure the Apache server:
a Edit the configuration file apache/conf/httpd.conf. Add this text to the bottom of the file:
#load SSL
LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
# ajp proxy stuff
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
<Proxy balancer://mycluster> Order deny,allow
Deny from all Allow from 127.0.0.1 </Proxy>
ProxyPass /Centricity/<deployname-tut>/EMRGWTServices
ajp://localhost:9009/Centricity/<deployname-tut>/EMRGWTServices ProxyPass /Centricity/<deployname-ml>/EMRGWTServices
ajp://localhost:9009/Centricity/<deployname-ml>/EMRGWTServices
# Redirect emr.html for convenience
Redirect /Emrtut.html /Centricity/<deployname-tut>/emrgwt/Emr.html Redirect /emrtut.html /Centricity/<deployname-tut>/emrgwt/Emr.html Redirect /Emr.html /Centricity/<deployname-ml>/emrgwt/Emr.html Redirect /emr.html /Centricity/<deployname-ml>/emrgwt/Emr.html
c In the directory apache2/conf, create a new file named workers.properties and add this text:
# Define list of workers that will be used # for mapping requests
# The configuration directives are valid # for the mod_jk version 1.2.18 and later #
worker.list=loadbalancer,status
# Define NodeA
# modify the host as your host IP or DNS name. worker.nodeA.port=9009
worker.nodeA.host=localhost worker.nodeA.type=ajp13 worker.nodeA.lbfactor=1
# worker.nodeA.connection_pool_size=10 (1)
# Load-balancing behavior worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=nodeA
# Status worker for managing load balancer worker.status.type=status
d Save and close the file.
e In the directory apache2/conf, create a new file named uriworkermap.properties and add this text:
# Simple worker configuration file #
# Mount the Servlet context to the ajp13 worker /jmx-console=loadbalancer
/jmx-console/*=loadbalancer /web-console=loadbalancer /web-console/*=loadbalancer
f Save and close the file.
8 Verify the Apache installation is correctly installed: a Start Apache. In a command window, type:
httpd –k restart
or
navigate to Start>Programs>Administrative Tools>Services. Click on the Apache server listing, right click and select Restart.
b Test the installation:
Test http (port 80 access.) If the installation is correctly configured, the
window appears. In the browser address bar, type:
http://<hostname>
Test https (port443 access.) If the installation is correctly configured, the
window appears. In the browser address bar, type:
9 Secure the server: a Disable port 80:
i Edit the file httpd.conf:
#Listen 80
ii Save and close the file.
b Enable Windows firewall or other mechanism to limit access to server to only the desired ports (in this example, port 443).
c Test the installation.
i In the browser address bar, type: http://<hostname>/emr.html
If the installation is correctly configured, the window does not appear because port 80 is disabled.
ii In the browser address bar, type: https://<hostname>/emr.html
If the installation is correctly configured, the window appears. d Engage your security team to test and monitor to ensure your site is secure.
