Saturday, October 10, 2009

Connecting to OSCAR over the internet

The following information is aimed at technical users who know what they are doing but don't want to re-invent the wheel. If you don't know what you are doing, then never, never, never try this with an OSCAR server that has real patient data on it.

You can connect to your OSCAR EMR over the internet, securely, from home.

You can do this simply by having your server on a fixed IP address and opening up port 8443 on your server to incoming traffic and then typing 'https://yourseveripaddress:8443/oscar' into your browser.

However, this allows anyone to access your login page.

A more secure method is to use an SSH tunnel to connect to your server. This means that only port 22 (the secure SSH port) is open to the outside world.


We'll assume for this post that your server SSH is securely set up (you have fail2ban installed to protect against brute-force attacks, only port 22 is open on your firewall, and you have your SSH users set up securely). We'll also assume that you have your router and fixed IP address set up.


1. Set up the SSH tunnel on the computer that you are going to use to log in (linux or mac):

Open up terminal and type:

ssh -D 8080 -fN yourUsername@$yourServerIP

You will be asked for your password for the server.

This opens an SSH tunnel from your computer to your OSCAR program on the remote machine.



2. Set up firefox to use the tunnel

Install the foxyproxy firefox add on via tools -> add ons

Set up a new proxy as follows in the foxyproxy options:

Mode: use proxies based on their pre-defined patterns and priorities

Click on Add New Proxy

Under Proxy Details tab enter:
Select Manual Proxy Configuration
Host: localhost
Port: 8080
Tick SOCKS proxy v5

Under the URL patterns tab click add new pattern:
Pattern name: OSCAR
URL pattern (include the *s): https://localhost:8443/oscar*


Save the pattern and the new proxy.


3. Connect to OSCAR

Type https://localhost:8443/oscar into your address bar.

You will be asked to confirm that you trust the server SSL certificate - confirm the exception and if all is well you will be connected to your login page.






More info:
SSH guide: http://unixwiz.net/techtips/ssh-agent-forwarding.html

How to use a key to avoid having to type your password each time:
http://www.debian-administration.org/articles/152
Posted by at 9:22 AM 0 comments
Subscribe to: Posts (Atom)