[Health-dev] Minor improvements for HMIS node & Thalamus packages?

[Gerald Wiese]

Hey,

I'm working on ansible scripts for an automatic deployment of GNU Health. At 
some points I'm changing things where I
think it would be better to change it in the official packages/documentation.

1) Logging in the systemd service regarding both the wikibooks documentation 
and the shipped script when downloading
from https://ftp.gnu.org/gnu/health/

The line

"ExecStart=/home/gnuhealth/start_gnuhealth.sh"

could be changed into

"ExecStart=/home/gnuhealth/start_gnuhealth.sh --logconf 
/home/gnuhealth/gnuhealth/tryton/server/config/gnuhealth_log.conf"

2) When installing Thalamus via pip in etc/thalamus_uwsgi.ini the line "plugins 
= http,python" is missing

3) For venv and http vs. https in uwsgi it's somehow a matter of taste what to 
use. In my oppinion it's better to only
use http as internal port when running Thalamus as a non privileged user (and 
then use a https reverse proxy for remote
access). Before I edited the documentation it was suggested to put cert&key in 
/opt/gnuhealth/certs/ and this path is
already part of the shipped thalamus_uwsgi.ini. But I think the non privileged 
user should not have access to the
private key and as far as I know nginx & apache2 are already designed in a way 
where privileges are only used to access
the private key and privileged ports but drop those privileges directly 
afterwards. And the private key can stay in a
directory where other users don't have read permissions. Thus I propose to 
change "https = ..." into "http = 0.0.0.0:8080".

4) Talking about downloads from https://ftp.gnu.org/gnu/health/ above... I was 
wondering what is the current suggested
way of installing the hmis node and for exmaple the crypto plugin, downloading 
from this link or using pip?

Greets

Gerald