Skip to content

Deployment

Carlos Roldan edited this page May 23, 2019 · 26 revisions

Deployment of Hippocrates Smart Contract

Remix

1. Click on Deploy Smart Contract

Captura de pantalla 2019-05-23 a las 14 01 35

2. Select the Gist

Captura de pantalla 2019-05-23 a las 14 20 35

3. Deploy using your Injected Web3 Provider (MetaMask)

Select Metamask for deployment

Deploy the smart contract on Mainnet. On this guide we are using rinkeby testnet for testing. Captura de pantalla 2019-05-23 a las 14 21 49

Sign the smart contract deployment

Make sure it is on Mainnet. Captura de pantalla 2019-05-23 a las 14 22 47

4. Copy the CONTRACT_ABI + CONTRACT_ADDRESS

Copy the CONTRACT_ADDRESS

Captura de pantalla 2019-05-23 a las 14 23 31

Copy the CONTRACT_ABI

Captura de pantalla 2019-05-23 a las 14 24 13

5. Paste the CONTRACT_ABI + CONTRACT_ADDRESS in Hippocrates

ezgif com-video-to-gif

Deployment of IPFS Node

Required Hardware

Go to our page in the wiki to read about how to set up an IPFS node in your android smartphone.

Computer / Laptop

Download IPFS After downloading, untar the archive, and move the IPFS binary somewhere in your executables $PATH using the install.sh script:

$ tar xvfz go-ipfs.tar.gz
$ cd go-ipfs
$ ./install.sh

Test it out: ipfs daemon

Now, open your browser and go to http://localhost:5001/webview

Nice, It works! Now is time to add a browser extension to maximize the usage of the private-offline network. Download the following web browser add-on:

Once it is downloaded, you can browse through the Hippocrates private-offline network

Deployment private-offline network

  • #f03c15 It is required to have an IPFS node running

This allows IPFS nodes to only connect to other peers who have a shared secret key. We need to generate a pre-shared-key using ipfs-swam-key-gen:

go get github.com/Kubuxu/go-ipfs-swarm-key-gen/ipfs-swarm-key-gen ipfs-swarm-key-gen > ~/.ipfs/swarm.key

To join the private-offline network you need to get the key file from the nodes you want them in the network and save it to ~/.ipfs/swarm.key.

Now it is time to set up your private bootstrap nodes.vFirst, to prevent your node from even trying to connect to the default bootstrap nodes, run: ipfs bootstrap rm --all Then add your own bootstrap peers with: ipfs bootstrap add <multiaddr>

For example: ipfs bootstrap add /ip4/104.236.76.40/tcp/4001/ipfs/QmSoLV4Bbm51jM9C4gDYZQ9Cy3U6aXMJDAbzgu2fzaDs64

What is a bootstrap node?

Bootstrap nodes are no different from all other nodes in the network apart from the function they serve data.

Optional

To be extra cautious, You can also set the LIBP2P_FORCE_PNET environment variable to 1 to force the usage of private networks. If no private network is configured, the daemon will fail to start.

Nice! We have our private-offline network ready to go.

Having some issues to understand this?

Please, go through this extender guide to deploy a private network easily.

Deployment of Hippocrates

  • #f03c15 It is required to have an IPFS node running
  • #f03c15 It is required to have an IPFS private network operative

Introduction

There are 2 types of deployment:

  1. Deployment for an health-care facility with internet access. This deployment is focused on clinics that have a minimum of internet access to have their instance and connect them through the internet. It is assumed that the facility has internet access and their staff have smartphones. IMPORTANT This does not mean that patients are required to have internet access or technological resources.

  2. Deployment for an health-care facility without internet access. This deployment is focused on clinics that have no internet access. It is a more complex deployment and it is highly experimental. It is assumed that the facility has no internet access and their staff have smartphones.

Health-care facilities with internet access

  • #c5f015 STABLE

Host Provider

Create an account to a Host Provider, on this example I will guide you as if your Host Provider would be Digital Ocean.

Create Droplet

Login to your Digital Ocean account and create a new droplet (server). We’ll be going to with One-click apps. Select NodeJS as shown below:

Next, we’ll choose the $10 plan. Though the task list app will work perfectly on the $5 plan, but we won’t be able to install the NPM dependencies because the NPM requires at least 1GB RAM for installing dependencies. Though there is a way around this by creating swap memory which is beyond the scope of this tutorial.

Next, select a data center region, we’ll go with the default:

Next, add your SSH key. If you have already added SSH keys to Digital Ocean before, you can choose from those:

If not you will need to click on the New SSH Key button to add a new SSH key. You can get your SSH key by running the command below on your local computer:

cat ~/.ssh/id_rsa.pub

The command above will print your SSH key on the terminal, which you can then copy and paste in the SSH Key Content field. Also, give your SSH key a name.

Finally, choose a hostname for the droplet and click the Create button. After some couple of seconds, you’ll have your new server up and running on Ubuntu 16.04 and NodeJS version 6.11.2.

Also, note the IP address of the server as we’ll be using it to access the server.

You need to copy your public key to your new server. Enter the command below on your local computer:

cat ~/.ssh/id_rsa.pub This will print your SSH key to the terminal, which you can then copy.

Next, we need to create a new directory called .ssh and restrict its permission:

mkdir ~/.ssh chmod 700 ~/.ssh Next, within the .ssh directory, create a new file called authorized_keys:

touch ~/.ssh/authorized_keys Next, open the file with vim:

vim ~/.ssh/authorized_keys Next, paste your public key (copied above) into the file. To save the file, hit esc to stop editing, then :wq and press ENTER.

Next, restrict the permissions of the authorized_keys file with this command:

chmod 600 ~/.ssh/authorized_keys Type the command below to return to the root user:

exit Now your public key is installed, and you can use SSH keys to log in as your user.

To make sure you can log in as the new user with SSH. Enter the command below in a new terminal on your local computer:

ssh root@IP_ADDRESS If all went well, you’ll be logged in to the server as the new user with SSH.

Notice the server currently have NodeJS version 6.11.2, but AdonisJS v4.0 requires NodeJS v8.0 or greater. So we need to upgrade it to the latest version. We’ll do that using an NPM package called n. This will allow us to install multiple versions for NodeJS which we can easily choose from as the case may be. Enter the commands below on the server:

// install n package globally npm install -g n

// install latest version of Node.js which v8.6.0 as at this tutorial n latest If we check NodeJS version we’ll still see v6.11.2. Though we already installed the latest version, for the this to take effect enter the command below:

bash This is will simply start another bash instance. It’s more like restarting bash.

Install Nginx

We’ll install Nginx as the web server to be used for the reverse proxy which will allow us to access the app directly with an IP address or domain instead of tacking port to the IP address. Eg. 102.123.83.29:5000.

sudo apt-get update
sudo apt-get install nginx

Because we chose One-click apps while creating our droplet, ufw firewall is setup for us and running. Now, we need to open firewall for only HTTP since we are not concerned with SSL in this tutorial:

sudo ufw allow 'Nginx HTTP'

Install MySQL

Next, we need to install MySQL and set up the database and user to be used by the task list app.

sudo apt-get install mysql-server Enter a root password when prompted. Next, we'll finish configuring MySQL:

sudo mysql_secure_installation Enter the necessary options when prompted.

With the MySQL setup, we need to create a database and a user.

First, login to the MyQSL server:

mysql -u root -p Provide the root password you enter above while installing MySQL. Once you are logged in, create a new database:

CREATE DATABASE hippocrates; Also, create a new user:

CREATE USER 'mezie'@'localhost' IDENTIFIED BY 'password'; Replace mezie and password with your user and password respectively.

Next, we need to grant the new user priviledges to the tables on the new database:

GRANT ALL ON adonis_tasks.* TO 'mezie'@'localhost'; For the changes to take effect, run:

FLUSH PRIVILEGES; With the initial setups out of the way, let’s now focus on the app itself. We are going to clone the app unto the server directly in the user's home directory (that is, /home/mezie in my case):

Install the repository from the GitHub repository

sudo git clone https://github.com/whiteyhat/Hippocrates Next, we install the dependencies:

cd Hippocrates npm install Next, create .env file:

vim .env And paste the following into it:

// .env

HOST=127.0.0.1
PORT=3333
NODE_ENV=production
APP_URL=http://${HOST}:${PORT}
CACHE_VIEWS=false
APP_KEY=FrgXLI40GsCmTujkiF8anX7FbfqZWMri
DB_CONNECTION=mysql
DB_ALLOW_EMPTY_PASSWORD=no
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=<your_mysql_user>
DB_PASSWORD=<your_mysql_password>
DB_DATABASE=hippocrates
SESSION_DRIVER=cookie
HASH_DRIVER=bcrypt
SUDO_PASSWORD=<your_sudo_passwordr>

Save the file and exit vim.

Next, we need to run database migrations. First, let’s install the Adonis CLI so we can make use of it great features:

npm i -g @adonisjs/cli Once installed, let’s run the migrations:

adonis migration:run --force Because we are on production, we have to use the --``force flag.

Install PM2

We’ll install it globally through NPM:

sudo npm install -g pm2 With PM2 installed, we can start the app with it:

pm2 start server.js Once the app is started you will get an output from PM2 indicating the app has started.

To launch PM2 on system startup or reboot, enter the command below:

pm2 startup systemd You’ll get the following output:

[PM2] Init System found: systemd
[PM2] To setup the Startup Script, copy/paste the following command:
sudo env PATH=$PATH:/usr/local/bin /usr/local/lib/node_modules/pm2/bin/pm2 startup systemd -u mezie --hp /home/mezie

Copy and run the last command from the output above:

sudo env PATH=$PATH:/usr/local/bin /usr/local/lib/node_modules/pm2/bin/pm2 startup systemd -u mezie --hp /home/mezie Now PM2 will start at boot up.

Set Up Nginx as a Reverse Proxy Server

Finally, we set up Nginx as a reverse proxy server. To this, run:

sudo vim /etc/nginx/sites-available/default

Within the server block, you should have an existing location/block. Replace the contents of that block with the following configuration:

// /etc/nginx/sites-available/default

...
location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://127.0.0.1:3333;
    proxy_set_header Host $http_host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
}

Save and exit vim.

Test to make sure there are no syntax errors in the configuration by running:

sudo nginx -t Then restart Nginx:

sudo systemctl restart nginx Now you should be able to access the app with your IP_ADDRESS. You should get something similar to the image below:

Health-care facilities without internet access

  • #FCE404 EXPERIMENTAL

Install the repository from the GitHub repository: sudo git clone https://github.com/whiteyhat/Hippocrates Add it to your IPFS node: ipfs add -r Hippocrates

This returns the hashes of each document. The latest hash is the file hash of the content. Remember that your content is accessible at http://<your_ip_address>:8080/ipfs/<content_hash>.

Download the required dependencies npm i. Install a package manager to deploy Hippocrates by typing sudo npm install pm2 -g. Then deploy the node in your server typing pm2 start Hippocrates/server.js

Nodes do not have internet access

If there is no internet access, the process is slightly longer. Hippocrates architecture is divided into a frontend and backend application. The frontend is located at Hippocrates/public while the backend is located dynamically in Hippocrates/* with the start endpoint in Hippocrates/server.js

You are required to configure your IPFS node to serve P2P HTTP Proxy as a backend. The p2p command needs to be enabled in the in config:

> ipfs config --json Experimental.Libp2pStreamMounting true

Now, on the client, the p2p HTTP proxy needs to be enabled in the config:

> ipfs config --json Experimental.P2pHttpProxy true

Remember our architecture: 1 "server" node with peer ID $SERVER_ID and 1 "client" node.

On the "server" node:

First, start your application and have it listen for TCP connections on port 3333.

Then, configure the p2p listener by running:

> ipfs p2p listen --allow-custom-protocol /http /ip4/127.0.0.1/tcp/3333

This will configure IPFS to forward all incoming HTTP (via URL:/http) streams to 127.0.0.1:3333 (opening a new connection to 127.0.0.1:$3333 per incoming stream).

On the "client" node:

Next, have your application make a HTTP request to 127.0.0.1:3333/p2p/$SERVER_ID/http/$FORWARDED_PATH. This connection will be forwarded to the service running on 127.0.0.1:3333 on the remote machine (which needs to be an HTTP server!) with path $FORWARDED_PATH.

Example

On "server" node:

> echo -e "HTTP/1.1 200\nContent-length: 11\n\nHippocrates is here to save lives!!" | nc -l -p 3333

On "client" node:

> curl http://localhost:8080/p2p/$SERVER_ID/http/ You should now see the resulting HTTP response: Hippocrates is here to save lives!!

Now, you are ready to start using Hippocrates. Go to http://127.0.0.1:8080/ipfs/$HASH_OF_INDEX.HTML It is time to access the platform and log yourself in to become the admin user.

Access

Web3 Requirement

Mobile

As described in the assumptions sections, Hippocrates assumes that at least health-care facilities staff have access to minimum technology infrastructure, such as a smartphone. Hence, Hippocrates can be accessed through mobile clients such as HTC Exodus or a simple web browser app Coinbase Wallet Browser.

Mobile clients that support Web3 are required to provide secure and frictionless authentication for qualified healthcare practitioners based on self-sovereign identity.

Computer / Laptop

As described in the assumptions sections, Hippocrates assumes that at least health-care facilities staff have access to minimum technology infrastructure, such as a computer. Hence, Hippocrates can be accessed through a web browser client such as Brave or Mozilla Firefox. It is important to have the MetaMask extension installed in the web browser.

Login

The website is deployed you should see something like this:

It is important to unlock the metal mask to allow Hippocrates to recognise your public address. When you click on login for the first time. You are creating a new user as an admin.

User types

Admin

Admin users are the only user role who can add and delete users. This is designed to serve the health-care facilities interests, so it is a private network of only qualified health-care practitioners with no open access to others outside the facility.

Staff

Staff users are qualified health-care practitioners added to Hippocrates by an admin user. They have access to their profile, the public identities from other staff for the passport validation guidelines and permissions to generate new passports.