Vanilla Installation
Requirements
The latest stable GNU Health Hospital Management component uses these resources:
Operating system: GNU/Linux or BSD family (FreeBSD, openBSD, …) for the server.
RDBMS Database: PostgreSQL >= 12.x
Python: >= 3.6 (highly recommended => 3.9)
uWSGI: >= 2.0
Tryton 6.0
PIP for Python3
Errata
Before you continue, please read the Errata chapter for the latest issues involved the installation or upgrade procedure.
Installing GNU Health on GNU/Linux and FreeBSD
Operating System requirements
The following table contains the instructions to setup your operating system for a standard GNU Health installation. The operating systems and their version shown in the list have been tested using the instructions for each OS.
The installation instructions for the different operating systems and distributions have been done on a fresh installation. For simplicity’s sake, the server environment was installed without a GUI. No firewall was configured (we will cover this on the security section), and OpenSSH server was installed.
The instructions – written here – have been applied and verified with the following operating systems as shown below.
Warning
Verify that you are using the operating system version documented on the following table
Operating System |
Version |
Link |
Notes |
---|---|---|---|
FreeBSD |
FreeBSD 14.0 |
||
Debian |
12 (Bookworm) |
||
Void Linux |
Rolling |
||
PureOS |
10.3 (Byzantium) |
||
openSUSE |
Leap 15.5 |
||
Ubuntu |
22.04 LTS |
Encrypting the GNUHealth database and attachment filesystem
The data stored in the database and attachment directory should be encrypted. You can encrypt the filesystems containing the PostreSQL datafiles (PGDATA) and the gnuhealth administrator $HOME directory. The attachment directory is specified by the “path” entry on the trytond.conf file, and it defaults to “/home/gnuhealth/attach”).
It’s advisable that you use block device encryption, such as LUKS in GNU/Linux. If you use ZFS (most BSD systems), it delivers native filesystem encryption.
Setting up Network Time Protocol (NTP)
In order to properly run GNU Health, you need to make sure that the time on both the server (database and central instance) and clients are properly set and in sync. The best way to do this is to keep your clock synchronized with a NTP Server .
This is a critical step, not only for the smooth functioning of GNU Health, but also because many documents will have a timestamp associated with them that can have legal value.
Creating the Operating System User
Warning
Do this step only if you didn’t create the user during the installation of the operating system.
The following steps will create the GNU Health operating system user. Please note that many operating systems give you the option to create a regular user at installation time. If you already created the “gnuhealth” operating system user, you can skip this section, otherwise, create it now.
Run the following command as root:
# adduser gnuhealth
Note
If your Operating System doesn’t include the adduser command, you can use the useradd command:
# useradd -m gnuhealth
Verify PostgreSQL authentication method
Note
You can skip this section if you made a standard installation on FreeBSD
PostgreSQL uses different authentication methods (MD5, ident, trust … ). Depending the Operating System, the postgreSQL server authentication method will vary.
The standard GNU Health installation uses the peer authentication method, so you need to check the postgreSQL authentication file configuration.
Locate the pg_hba.conf
file and verify that the peer method is set.
The location of this configuration file varies across operating systems;
under UNIX/Linux, the full pathname of the file can be obtained with the
following command, to be executed as root:
# su - postgres -c "psql -t -P format=unaligned -c 'show hba_file'"
You may need to start the postgres server at least one time as this file may be created during first startup.
An example configuration file entry specifying use of the peer method is given in the following line:
local all all peer
The following example in particular may address issues with establishing a working database connection as reported in the context of the creation of the GNU Health database upon first use of the Tryton client (see further down; Symptom: the “Create” button is not displayed):
host all all 127.0.0.1/32 peer
host all all ::1/128 peer
Make sure you edit the file as user ‘postgres’, not root. Otherwise, postgres may have trouble reading the changed file. After any changes to the file, the postgreSQL server needs to be restarted.
Many authentication errors (e.g., database connection errors) arise because of not having correctly configured this file. You can use other authentication methods, and you can adapt the tryton / GNU Health configuration file to each of them. For the sake of simplicity, we based the documentation and sample files in this book on one specific method (trust).
Make sure you restart your postgresql server:
# service postgresql restart
Creating the Database User
The following command switches to the postgres
administration user
and gives permissions to your newly created gnuhealth
administrator:
Execute as root:
# su - postgres -c "createuser --createdb --no-createrole --no-superuser gnuhealth"
Downloading and Installing GNU Health
Warning
Do the following steps with your newly created gnuhealth user, do not use root.
Running the GNU Health Installer
Become user gnuhealth
# su - gnuhealth
$ cd $HOME
Download GNU Health from GNU.org
$ wget https://codeberg.org/gnuhealth/his/releases/download/v4.4.1/gnuhealth-4.4.1.tar.gz
Verify the package signature
First get the signing key if you haven’t done so:
$ gpg --recv-key --keyserver keyserver.ubuntu.com 0xC015E1AE00989199
The key is issued by Luis Falcon (meanmicio at GNU) <falcon@gnu.org> and its fingerprint is ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199. This information can be seen issuing:
$ gpg --with-fingerprint --list-keys 0xC015E1AE00989199
Then, verify the signature, using the matching version number for the latest. For instance, if latest GNU Health version is 4.4.1, then
Download the detached signature:
$ wget https://codeberg.org/gnuhealth/his/releases/download/v4.4.1/gnuhealth-4.4.1.tar.gz.sig
Verify the package using the detached signature. If the file is correctly validated, the output should be something like:
$ gpg --verify gnuhealth-4.4.1.tar.gz.sig gnuhealth-4.4.1.tar.gz
gpg: Signature made Sat Dec 23 22:45:42 2023 WET
gpg: using RSA key ACBFC80FC891631C68AA8DC8C015E1AE00989199
gpg: Good signature from "Luis Falcon (PrecisionMed) <falcon@precisionmed.eu>" [ultimate]
gpg: aka "Luis Falcon (GNU Health) <falcon@gnuhealth.org>" [ultimate]
gpg: aka "Luis Falcon (GNU) <falcon@gnu.org>" [ultimate]
gpg: aka "Luis Falcon (GNU Health) <lfalcon@gnusolidario.org>" [ultimate]
The important part is the Good signature from “Luis Falcon ….”. The WARNING means that, even if the file and signature are OK and validated correctly, you aren’t trusting that key; and it’s OK. You can read more about this in The GNU Privacy Handbook, Chapter 3. Key Management.
Uncompress GNU Health HIS package
$ tar xzf gnuhealth-4.4.1.tar.gz
Change to the GNU Health installation directory matching your version
$ cd gnuhealth-4.4.1
Download the latest GNU Health installer
$ wget -qO- https://codeberg.org/gnuhealth/his/releases/download/v4.4.1/gnuhealth-setup-4.4.1.tar.gz | tar -xzvf -
Run the GNU Health Installer
$ bash ./gnuhealth-setup install
Enable the BASH environment for the GNU Health admin
Finally, enable the BASH environment for the gnuhealth user.
$ source ${HOME}/.gnuhealthrc
Activate Network Devices for the JSON-RPC Protocol
The Tryton GNU Health server listens to localhost at port 8000, not allowing direct connections from other workstations. If necessary, enter the following:
$ editconf
You can edit the parameter listen in the [web]
section, to activate the network device so workstations in your net can connect. For example, the following block
[web]
listen = *:8000
will allow to connect to the server in the different devices of your system.
Setting up a Local Directory for Attachments
By default, Tryton uses a system-wide directory to store the attachments. It is advisable, in GNUHealth to keep the attachments in the gnuhealth user space.
If necessary, edit the server configuration file trytond.conf and enter the attach directory under the [database]
section, for instance:
$ editconf
[database]
path = /home/gnuhealth/attach
As we allowed local access for PostgreSQL we will configure the access here as UNIX socket:
[database]
uri = postgresql:///
Configuring the log file (optional)
The way the server logs and tracks events is based on a log configuration file, that resides in the config directory "${GNUHEALTH_DIR}"/tryton/server/config/
.
A default version is shipped, called gnuhealth_log.conf. If necessary, enter the following into gnuhealth_log.conf:
[formatters]
keys: simple
[handlers]
keys: rotate, console
[loggers]
keys: root
[formatter_simple]
format: [%(asctime)s] %(levelname)s:%(name)s:%(message)s
datefmt: %a %b %d %H:%M:%S %Y
[handler_rotate]
class: handlers.TimedRotatingFileHandler
args: ('/home/gnuhealth/gnuhealth/logs/gnuhealth.log', 'D', 1, 30)
formatter: simple
[handler_console]
class: StreamHandler
formatter: simple
args: (sys.stdout,)
[logger_root]
level: WARNING
handlers: rotate, console
In this example (and in the standard file) the log file is written in the default logs directory. You can change it to fit your specific installation.
In order to use logging, you need to provide the –logconf option, along with the path to the log configuration file gnuhealth_log.conf as argument, when invoking the Tryton server in the next section (e.g. trytond --logconf "${GNUHEALTH_DIR}"/tryton/server/config/gnuhealth_log.conf
).
For more information, check the following resources:
Python logging facility logging tutorial: https://docs.python.org/3/howto/logging.html#.logging-basic-tutorial
Tryton Server logging documentation: https://trytond.readthedocs.org/en/latest/topics/logs.html
Initialize the database instance
Create the database
$ createdb health
Note
We use “health” as an example, choose the name of your database, but keep it short and only alphanumeric chars
Change to your newly installed system (use the alias cdexe):
$ cdexe
and initialize the instance:
$ python3 ./trytond-admin --all --database=health -vv
You will be asked to provide a password for the “admin” user.
If everything goes well, you are ready to start the GNU Health HIS node server.
Start the GNU Health HIS node
$ cd
$ ./start_gnuhealth.sh
Note
As mentioned in the previous section, use the ‘’–logconf [path]’’ option to specify the path of the logging configuration
You can execute the GNU Health server in the background (using nohup ./start_gnuhealth.sh &
) and check the output in the file nohup.out
.
Creating a Systemd service for the GNU Health server
If you use the standard installation method, you can use the following scripts to automate the startup/stop of the GNU Health instance using systemd services.
GNU Health service unit file
Create the GNU Health Unit file under /etc/systemd/system/gnuhealth.service
:
[Unit]
Description=GNU Health Server
After=network.target
[Service]
Type=simple
User=gnuhealth
WorkingDirectory=/home/gnuhealth
ExecStart=/home/gnuhealth/start_gnuhealth.sh
Restart=on-abort
[Install]
WantedBy=multi-user.target
Starting and Stopping the GNU Health service
You can issue the commands:
# systemctl start gnuhealth
or:
# systemctl stop gnuhealth
Enable the service to start at boot time
If you want to automatically start the GNU Health server whenever you start the operating system, you can enable the service with the following command:
# systemctl enable gnuhealth
Using a WSGI Server for GNU Health Hospital Management Component
GNU Health HIS uses by default the werkzeug server. This should be valid only for development scenarios. For production servers, GNU Health HIS will benefit from a Web Server Gateway Interface (WSGI), such as uWSGI and a web server that supports reverse proxy, as NGINX.
Your Trytond configuration file
Edit your trytond.conf file to meet the requirements. You can edit this file directly using the alias editconf
with the gnuhealth user.
This sample enables access both to the GTK and webclient.
[database]
uri = postgresql://localhost:5432
path = /home/gnuhealth/attach
[web]
listen = localhost:8000
root = /home/gnuhealth/sao/package
uWSGI configuration file
This is a sample for the gnuhealth uwsgi .ini (gh.ini
) file. Make sure NINGX user has the appropriate permissions to the uwsgi socket.
[uwsgi]
master = true
processes = 5
plugins = python3
socket = /tmp/uwsgi.sock
chmod-socket=660
module=trytond.application:app
Configuring NGINX as a reverse proxy for GNU Health HIS
In this sample, NINGX will listen to 8100 in HTTPS mode, to requests coming from the web clients. It also listens to port 8000 for the native GTK client.
# Virtual host for demo web client using TLS and listening in 8100
server {
listen 8100 ssl;
server_name your_hostname;
ssl_certificate /path/to/your/gnuhealth.crt;
ssl_certificate_key /path/to/your/gnuhealth.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi.sock;
}
}
# Virtual host for GNU Health GTK Client on 8000
server {
listen 8000;
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi.sock;
}
}
Putting everything together and booting the GNU Health Server
Once you have configured the three elements (Trytond server, uwsgi and NGINX) is time to put in into production
Make sure your NGINX server is running:
Start uWSGI with the corresponding gnuhealth .ini file:
$ uwsgi $HOME/gh.ini --enable-threads &
Installation of the GNU Health Client
GNU Health Client installation with pip3
Install the system requirements for your operating system. To do so follow the instructions under Operating System-Specific Notes -> Your operating system -> ‘Requirements for GTK client’.
Update PATH. To make changes permanent, add this line in
$HOME/.bashrc
$ export PATH=$HOME/.local/bin:$PATH
Reload the updated BASH environment:
$ source $HOME/.bashrc
If using Python3.11 or newer (e.g. on Debian 12) see Allow local pip installation in order to allow user wide pip installation.
Update pip3
$ pip3 install --upgrade --user pip
Install GNU Health client
$ pip3 install --user --upgrade gnuhealth-client
The following command will boot your GNU Health client:
$ gnuhealth-client
Alternative Methods
System Packages
Instead from source as described above, you can install the GNU Health Client from pre-build packages as well. openSUSE offer packages that you can install with your systems package manager. Make sure you get the current gnuhealth-client version 4.4.
Microsoft Windows and macOS
Note
As GNU Health is free/libre software, developed primarily for free/libre operating systems and with the philosophy of free software in mind, it is recommended to use free/libre software with GNU Health, and GNU/Linux or other free/libre operating system for the client. The development of all GNU Health components (server, client, plugins, Thalamus, GNU Health Federation) is done and focused on Free / Libre operating systems.
If you use Microsoft Windows or macOS, you can try using the Tryton 6.0 client, which may be compatible with GNU Health 4.4. Keep in mind that the windows client does not have the GNU Health commands, nor the plugins like GNU Health GNUPG crypto or GNU Health Camera and Federation Resource Locator.
Download the Tryton client executable (Windows) and follow the instructions.
Logging into the Application
Now that you’re back at the login screen, you’ll notice that the selected profile is the one you’ve just created. Fill in the login form:
User name: the one you used previously (usually
admin
)Password: the one entered twice in the previous section
Login credentials for The Demo database: Connection to the GNU Health HIS and LIMS
Installing the Default Modules
From this point on, you will use the client for almost every process. Start with the installation of the basic functionality:
#. After you’ve created the database, the system will ask you to create some new users. You can skip this step for now.
#. You are then presented with a list of modules that will provide the functionality you desire. If you don’t see the Modules window, navigate to it on the left side: Administration → Modules → Modules.
Select the
health_profile
module, and click on Mark for installation.Click on the Action icon and select Perform Pending Installation/Upgrade:
Tryton will automatically select all the dependent modules required for the installation:
#. Click on Start Upgrade. This process will take a while, depending on the computer where GNU Health is being installed on. Once it’s done, the following message appears.
Creating a Company
The next thing you need to do is to create the initial company, that will be your health center. You will be presented with a wizard to create it.
Press F3
to create a new company.
Note
At the party form, please make sure you set the institution attribute. You will link this company to your main health institution later on. Please refer to the screenshot provided in this section for details.
Disabling demo users in production environments
Warning
For security reasons, you must deactivate demo users in production environments.
GNU Health comes with a set of pre-defined users for demo purposes. They all
have the prefix demo_
(demo_doctor
, demo_front_desk
, demo_nurse
… ).
To deactivate the users:
Navigate to Administration > Users > Users in the sidebar.
In filters, choose
Login: demo_
andActive: True
Unset the “active” flag of each of them (untick the “Active” boxes).
The demo users are now de-activated in your environment.
Look at the screenshot captioned Deactivation of demo users in production environments for an example (the Active checkboxes haven’t been unticked).
Customizing the GNU Health Client
For GNU/Linux and other free operating systems, the GNU Health GTK client configuration file can be found at:
$HOME/.config/gnuhealth/<VERSION>/gnuhealth-client.conf
For example:
$HOME/.config/gnuhealth/4.4/gnuhealth-client.conf
Completion
Congratulations! You have completed the initial installation of GNU Health. In the next chapter we will discuss how to add functionality by installing additional modules.