‍OpenEMR is a powerful open-source electronic health record and medical practice management tool. It offers a wide range of features, including integrated health records, scheduling, electronic billing, multi-language support, and more. If you’re looking to install OpenEMR on a server running Ubuntu 22.04, this comprehensive guide will walk you through the process step by step. With the help of Shape.host, a leading provider of Linux SSD VPS solutions, you can easily set up OpenEMR and start managing your health business efficiently.

Prerequisites

Before you begin the installation process, make sure you have the following:

• A server running Ubuntu 20.04
• A non-root sudo user
• A fully qualified domain name (FQDN) like openemr.example.com

Ensure that your system is up to date by running the following commands:

$ sudo apt update
$ sudo apt upgrade

You’ll also need to install some necessary packages. Run the following command to install the required packages:

$ sudo apt install wget curl nano ufw software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release ubuntu-keyring unzip -y

Step 1 – Configure Firewall

The first step is to configure the firewall on your Ubuntu server. By default, Ubuntu comes with ufw (Uncomplicated Firewall) installed. To check if the firewall is running, use the following command:

$ sudo ufw status

If the firewall is inactive, you’ll need to enable it. Start by allowing SSH, HTTP, and HTTPS ports:

$ sudo ufw allow OpenSSH
$ sudo ufw allow http
$ sudo ufw allow https

Once you’ve allowed the necessary ports, enable the firewall:

$ sudo ufw enable

Verify the status of the firewall to ensure it’s active:

$ sudo ufw status

Step 2 – Install Nginx

Ubuntu 22.04 ships with an older version of Nginx. To install the latest version, you’ll need to add the official Nginx repository. Follow these steps to install Nginx:

1. Import Nginx’s signing key:

$ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

2. Add the Nginx repository for the stable version:

$ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

3. Update the system repositories:

$ sudo apt update

4. Install Nginx:

$ sudo apt install nginx

5. Verify the installation:

$ nginx -v

6. Start the Nginx server:

$ sudo systemctl start nginx

Step 3 – Install MySQL

Ubuntu 22.04 comes with the latest version of MySQL. Use the following command to install it:

$ sudo apt install mysql-server

To check the version of MySQL, run:

$ mysql --version

This step is essential for MySQL versions 8.0.28 and above. Enter the MySQL Shell:

$ sudo mysql

Set the password for the root user. Make sure to use a strong password with a mix of numbers, uppercase and lowercase letters, and special characters:

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourPassword12!';

Exit the shell:

mysql> exit

Run the MySQL secure install script to further secure your MySQL installation:

$ sudo mysql_secure_installation

Follow the prompts to set the desired security options for your MySQL server.

Step 4 – Configure MySQL

Log in to the MySQL shell using the root user and the password you set in the previous step:

$ sudo mysql -u root -p

Create a database for OpenEMR:

mysql> CREATE DATABASE openemr;

Create an SQL user account:

mysql> CREATE USER 'openemruser'@'localhost' IDENTIFIED BY 'Your_password2';

Grant all privileges on the database to the user:

mysql> GRANT ALL PRIVILEGES ON openemr.* TO 'openemruser'@'localhost';

Flush the privileges to apply the changes:

mysql> FLUSH PRIVILEGES;

Exit the shell:

mysql> exit

Step 5 – Install PHP and Its Extensions

Ubuntu 22.04 includes PHP 8.1.2 by default, but we’ll install the latest version, PHP 8.2, using Ondrej’s PHP repository. Follow these steps to install PHP and the required extensions for OpenEMR:

1. Add Ondrej’s PHP repository:

$ sudo add-apt-repository ppa:ondrej/php

2. Update the system repositories:

$ sudo apt update

3. Install PHP and its extensions:

$ sudo apt install php8.2-fpm php8.2-mysql php8.2-bcmath php8.2-xml php8.2-zip php8.2-curl php8.2-mbstring php8.2-gd php8.2-tidy php8.2-intl php8.2-cli php8.2-soap imagemagick libtiff-tools php8.2-ldap

4. Verify the installation:

$ php --version

Step 6 – Install SSL

To secure your OpenEMR installation, you’ll need to install an SSL certificate. We’ll use Certbot, a tool for automatically generating and managing SSL certificates. Here’s how to install Certbot:

1. Run the following commands to ensure your version of Snapd is up to date:

$ sudo snap install core && sudo snap refresh core

2. Install Certbot:

$ sudo snap install --classic certbot

3. Create a symbolic link to the /usr/bin directory:

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

4. Generate an SSL certificate using Certbot:

$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m email testexample.com -d openemr.example.com

The above command will download the certificate to the /etc/letsencrypt/live/openemr.example.com directory on your server.

5. Generate a Diffie-Hellman group certificate:

$ sudo openssl dhparam-dsaparam-out /etc/ssl/certs/dhparam.pem4096

6. Check the Certbot renewal scheduler service:

$ sudo systemctl list-timers

Make sure the snap.certbot.renew.service is scheduled to run.

7. Perform a dry run of the SSL certificate renewal process:

$ sudo certbot renew --dry-run

If there are no errors, your certificate will renew automatically when needed.

Step 7 – Download OpenEMR

Visit the OpenEMR download page and grab the link for the latest version. Use the  wget command to download OpenEMR to your server:

$ wget https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/7.0.1/openemr-7.0.1.tar.gz

Extract the downloaded files:

$ tar -pxzf openemr-7.0.1.tar.gz

Create the web directory for OpenEMR:

$ sudo mkdir /var/www/html -p

Move the extracted files to the web directory:

$ sudo mv openemr-7.0.1 /var/www/html/openemr

Change the ownership of the OpenEMR directory to the Nginx user:

$ sudo chown -R nginx:nginx /var/www/html/openemr

Step 8 – Configure PHP-FPM

Open the PHP-FPM configuration file for editing:

$ sudo nano /etc/php/8.2/fpm/pool.d/www.conf

Find the lines user = www-data and group = www-data and change them to user = nginx and group = nginx respectively.

Find the lines listen.owner = www-data and listen.group = www-data and change them to listen.owner = nginx and listen.group = nginx respectively.

Save the file and exit the editor.

Increase the execution time for PHP-FPM and PHP-CLI to 60 seconds:

$ sudo sed -i 's/max_execution_time = 30/max_execution_time = 60/' /etc/php/8.2/fpm/php.ini

Set the value of max_input_time to -1 to disable the time limit:

$ sudo sed -i 's/max_input_time = 60/max_input_time = -1/' /etc/php/8.2/fpm/php.ini

Increase the memory limit for PHP-FPM:

$ sudo sed -i 's/memory_limit = 128M/memory_limit = 512M/' /etc/php/8.2/fpm/php.ini

Increase the file upload size:

$ sudo sed -i 's/post_max_size = 8M/post_max_size = 30M/' /etc/php/8.2/fpm/php.ini
$ sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 30M/' /etc/php/8.2/fpm/php.ini

Increase the number of maximum input variables:

$ sudo sed -i 's/;max_input_vars = 1000/max_input_vars = 3000/g' /etc/php/8.2/fpm/php.ini

Allow accessing local files with LOAD DATA statements:

$ sudo sed -i 's/;mysqli.allow_local_infile = On/mysqli.allow_local_infile = On/g' /etc/php/8.2/fpm/php.ini

Restart the PHP-FPM service:

$ sudo systemctl restart php8.2-fpm

Change the group of the PHP sessions directory to Nginx:

$ sudo chgrp -R nginx /var/lib/php/sessions

Step 9 – Configure Nginx

Create and open the Nginx configuration file for OpenEMR:

$ sudo nano /etc/nginx/conf.d/openemr.conf

Paste the following code into the file:

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  openemr.example.com;

    access_log  /var/log/nginx/openemr.access.log;
    error_log   /var/log/nginx/openemr.error.log;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/openemr.example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/openemr.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/openemr.example.com/chain.pem;
    ssl_session_timeout  1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    # use https://blog.cloudflare.com/announcing-1111 Cloudfare+Apnic labs, It is free and secure
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;

    root /var/www/html/openemr;

    index index.php;

    location / {
        try_files $uri $uri/ /index.php;
    }

    # Pass PHP Scripts To FastCGI Server
    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_index  index.php;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Depends On The PHP Version
        fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        include fastcgi_params;
    }

    # deny access to writable files/directories
    location ~* ^/sites/*/(documents|edi|era) {
        deny all;
        return 404;
    }

    # deny access to certain directories
    location ~* ^/(contrib|tests) {
	    deny all;
        return 404;
    }

    # Alternatively all access to these files can be denied
    location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
        deny all;
        return 404;
    }

    location =https://shape-host.b-cdn.net/favicon.ico?x32662 {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt  {
        log_not_found off;
        access_log off;
    }

    location ~ /\. {
        deny all;
    }
}

# enforce HTTPS
server {
    listen       80;
    listen       [::]:80;
    server_name  openemr.example.com;
    return 301   https://$host$request_uri;
}

Save the file and exit the editor.

Open the main Nginx configuration file for editing:

$ sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;:

server_names_hash_bucket_size 64;

Save the file and exit the editor.

Verify the Nginx configuration file syntax:

$ sudo nginx -t

If the syntax is correct, restart the Nginx service:

$ sudo systemctl restart nginx

Step 10 – Install OpenEMR

Now it’s time to complete the OpenEMR installation. Follow these steps:

1. Open the URL https://openemr.example.com in your browser.
2. On the setup screen, check the file permissions and ensure they are ready to proceed. If you see the word “ready” in green, click the blue button to proceed to step 1.
3. On the next page, select the option “I have already created the database” and click the button to proceed to step 2.
4. Fill in the database credentials you configured in step 4, and enter your administrator account credentials. Make sure your username is at least 12 characters long. You can enable two-factor authentication (2FA) here, but it’s recommended to set it up later. Click the button to create the database and user account.
5. The installation status and your username and password will be displayed on the next page. Click the button to proceed to step 4.
6. On the next page, verify the recommended values for PHP settings. Ignore any incorrect values for max_input_time and max_execution_time. You can verify the current values using the following commands:

$ php -i | grep"max_input_time"
$ php -i | grep"max_execution_time"

7. Once you’re satisfied, click the button to proceed to step 5.
8. The next step lists Apache server settings, which you can ignore since you’re using Nginx. Click the button to proceed to the next page.
9. Here, you’ll be asked to select a theme for the administration panel. Select the “Keep Current” option and click the button to proceed. You can change the theme later in the administration panel.
10. The last page provides final notes about the software and your account credentials. Click the “Start” button to open the login page.
11. Enter your credentials and click the “Login” button to access the OpenEMR dashboard.

If you didn’t configure two-factor authentication during the installation, you can do so by clicking the avatar icon at the top right and selecting the “MFA Management” option.

Congratulations! You have successfully installed OpenEMR on your Ubuntu 22.04 server with the assistance of Shape.host. You can now start utilizing OpenEMR to streamline your health business operations.

For reliable and high-performance Linux SSD VPS solutions, consider Shape.host. Their secure and scalable hosting services are designed to meet the specific needs of healthcare professionals and organizations. Visit Shape.host to learn more about their offerings.