From 739f5857402005e6be7028f9e4b521eb43e0f8fb Mon Sep 17 00:00:00 2001
From: Asher Densmore-Lynn <jesdynf@gmail.com>
Date: Sun, 23 Nov 2025 13:43:14 -0600
Subject: [PATCH 1/3] 7.0.4 express for MariaDB

---
 packages/express/README.md         | 28 +++++++++++++++-------------
 packages/express/ami/ami-config.sh | 26 ++++++++++----------------
 packages/express/ami/ami-rekey.sh  | 21 +++++++++++----------
 3 files changed, 36 insertions(+), 39 deletions(-)

diff --git a/packages/express/README.md b/packages/express/README.md
index 77dcd1a0..7cd5c5fe 100644
--- a/packages/express/README.md
+++ b/packages/express/README.md
@@ -1,6 +1,10 @@
 # OpenEMR Cloud Express
 
-OpenEMR Cloud Express on the AWS Marketplace provides OpenEMR 7.0.3, an embedded MySQL server, and rotated, automatic backups of all OpenEMR configuration and health information.
+OpenEMR Cloud Express on the AWS Marketplace provides OpenEMR 7.0.4, an embedded MySQL server, and rotated, automatic backups of all OpenEMR configuration and health information.
+
+## Compatibility Note
+
+Versions of Cloud Express prior to version 7.0.4 used an older, compose v1-compatible syntax and structure. Please refer to [our prior documentation](https://github.com/openemr/openemr-devops/blob/954ab3b7a76809e4db0bf673edbcd560382dd252/packages/express/README.md) for how to interact with legacy installations.
 
 ## Installation
 
@@ -31,16 +35,16 @@ In a couple of minutes, once OpenEMR has finished the final setup procedures, it
 ### General
 
 * Need access to the containers? Connect to user `ubuntu`, sudo to root, and...
-  * Apache: `docker compose exec openemr /bin/sh`
-  * MySQL: `docker compose exec mysql /bin/bash`
+  * Apache: `docker compose -p appliance exec openemr /bin/sh`
+  * MariaDB: `docker compose -p appliance exec mysql /bin/bash`
 * Visit container volume: `docker volume ls`, `cd $(docker volume inspect <volume_name> | jq -r ".[0].Mountpoint")`
 
 #### Set Local Timezone
 
 1. See http://php.net/manual/en/timezones.php for the PHP timezone for your region.
 2. `sudo bash`
-3. `docker compose exec openemr sed -i 's^;date.timezone\ =^date.timezone = <your timezone>^' /etc/php7/php.ini`
-4. `docker compose restart openemr`
+3. `docker compose -p appliance exec openemr sed -i 's^;date.timezone\ =^date.timezone = <your timezone>^' /etc/php7/php.ini`
+4. `docker compose -p appliance restart openemr`
 
 ### HIPAA Compliance
 
@@ -48,7 +52,7 @@ Although Amazon EC2 is a [HIPAA Eligible Service](https://aws.amazon.com/complia
 
 ### Backups
 
-Duplicity is installed to the host machine to manage and rotate backups. It can be configured to send the backups it creates to off-instance storage, but currently does not attempt to do so. `/etc/cron.daily/duplicity-backups` holds the daily backup process that snapshots both the MySQL database, the OpenEMR configuration, and any patient documents that have been created, storing them in `/root/backups`.
+Duplicity is installed to the host machine to manage and rotate backups. It can be configured to send the backups it creates to off-instance storage, but currently does not attempt to do so. `/etc/cron.daily/duplicity-backups` holds the daily backup process that snapshots both the MySQL database, the OpenEMR configuration, and any patient documents that have been created, storing them in `/opt/appliance/backups/out`.
 
 Full backups are made every seven days, with incrementals for the other days. The Duplicity backups encompass the MySQL database backups.
 
@@ -56,18 +60,16 @@ Full backups are made every seven days, with incrementals for the other days. Th
 
 It is recommended, in the strongest possible terms, that you familiarize yourself with the recovery process as soon as possible. Launch a backup process, move the created backup files to a fresh instance, and try to recover them &mdash; this test, performed regularly, ensures smooth recovery in the face of catastrophe.
 
-1. If necessary, place the compressed backup archive bundle in `/root/backups`.
-2. As root, launch `/root/restore.sh`, and carefully read the warning it supplies you.
+1. If necessary, place the compressed backup archive bundle in `/opt/appliance/backups/out`.
+2. As root, launch `/root/openemr-devops/packages/appliance/restore.sh`, and carefully read the warning it supplies you.
 3. Take the actions it suggests &mdash; make an image snapshot if possible &mdash; and then, once ready, edit the script as instructed and run it anew.
 4. Duplicity will unpack the MySQL backups it's holding, the OpenEMR configuration directory, and any patient documents that have been saved.
-5. XtraBackup will launch, applying the most recent full backup and all the daily incrementals.
-6. The MySQL container will be restarted to pick up the newly constructed data directory, and at this point your backups should be completely restored.
-
-See the `mysql-xtrabackup` container for more information about the `xbackup.sh` and `xrecovery.sh` scripts called by the Duplicity wrappers.
+5. The MariaDB recovery tool will launch, applying the most recent full backup and all the daily incrementals.
+6. The MariaDB container will be restarted to pick up the newly constructed data directory, and at this point your backups should be completely restored.
 
 #### Backup Cross-Compatibility
 
-OpenEMR Cloud Express backup files are cross-compatible with the [Appliance](../appliance) and [Ubuntu Installer](../lightsail) deployment packages; you should be able to migrate your practice between any of the three if you move the backups onto the target.
+OpenEMR Cloud Express backup files are cross-compatible with the [Appliance](../appliance) deployment package; you should be able to migrate your practice between any of the three if you move the backups onto the target.
 
 ### Next Steps
 
diff --git a/packages/express/ami/ami-config.sh b/packages/express/ami/ami-config.sh
index 1b61cd4d..19064ac4 100644
--- a/packages/express/ami/ami-config.sh
+++ b/packages/express/ami/ami-config.sh
@@ -1,35 +1,29 @@
 #!/bin/sh
 
 set -e
-MYSQLROOTPWD="${1:-root}"
 
 f () {
-    cd /root
     curl -s https://raw.githubusercontent.com/openemr/openemr-devops/master/packages/appliance/launch.sh | bash -s --
 
-    # wait a while for services to build
-    until docker container ls | grep -q openemr/openemr
+    until [[ -n "${CONTAINER}" ]]
     do
-        echo "waiting for container start..."
+        echo "waiting on composer start..."
         sleep 5
+        CONTAINER="$(docker compose -p appliance ps --services openemr -qa)"
     done
 
-    # shellcheck disable=SC2312
-    until docker top "$(docker ps | grep -openemr | cut -f 1 -d " ")" | grep httpd -q
+    until [[ "$(docker container inspect "${CONTAINER}" | jq '.[].State.Health.Status' -r)" == "healthy" ]]
     do
-        echo "waiting for service start..."
-        sleep 20
+        echo "waiting on service start..."
+        sleep 5
     done
 
-    docker compose -p appliance exec mysql mysql --password="${MYSQLROOTPWD}" -e "update openemr.users set active=0 where id=1;"
-    cp openemr-devops/packages/express/ami/ami-rekey.sh /etc/init.d/ami-rekey
+    # lockout default admin, set password as instance ID on next boot
+    docker compose -p appliance exec mysql sh -c 'mariadb --password=${MYSQL_ROOT_PASSWORD} -e "update openemr.users set active=0 where id=1;"'
+    cd openemr-devops/packages/express/ami
+    cp ami-rekey.sh /etc/init.d/ami-rekey
     chmod 755 /etc/init.d/ami-rekey
     update-rc.d ami-rekey defaults
-    rm -f /root/.ssh/authorized_keys /home/ubuntu/.ssh/authorized_keys
-    rm -f /home/ubuntu/.bash_history
-    sync
-    shutdown -h now
-    exit 0
 }
 
 f
diff --git a/packages/express/ami/ami-rekey.sh b/packages/express/ami/ami-rekey.sh
index c604cfa6..89f0f772 100644
--- a/packages/express/ami/ami-rekey.sh
+++ b/packages/express/ami/ami-rekey.sh
@@ -34,24 +34,25 @@ fi
 
 # wait a while for services to start
 # shellcheck disable=SC2312
-until docker container ls | grep openemr/openemr -q
+until docker container ls | grep openemr -q
 do
     sleep 5
 done
+CONTAINER="$(docker compose -p appliance ps --services openemr -qa)"
 
-# shellcheck disable=SC2312
-until docker top "$(docker ps | grep -- -openemr | cut -f 1 -d " ")" | grep -q httpd
-do
-    sleep 3
-done
+until [[ "$(docker container inspect "${CONTAINER}" | jq '.[].State.Health.Status' -r)" == "healthy" ]]
+  do
+      sleep 5
+  done
 
 # reset password
-# shellcheck disable=SC2312
-docker compose exec openemr /root/unlock_admin.sh "$(curl http://169.254.169.254/latest/meta-data/instance-id)"
+TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+INSTANCEID=$(curl -H "X-aws-ec2-metadata-token: ${TOKEN}" http://169.254.169.254/latest/meta-data/instance-id)
+docker compose -p appliance exec openemr /root/unlock_admin.sh "${INSTANCEID}"
 
 # reset SSL
-docker compose exec openemr /bin/sh -c 'rm -f /etc/ssl/private/* /etc/ssl/docker-selfsigned-configured'
-docker restart lightsail_openemr_1
+docker compose -p appliance exec openemr /bin/sh -c 'rm -f /etc/ssl/private/* /etc/ssl/docker-selfsigned-configured'
+docker compose -p appliance restart openemr
 
 # let's never speak of this again
 touch /etc/appliance-unlocked

From 8f40f69413a16cde23936b28b0185b098763c4f1 Mon Sep 17 00:00:00 2001
From: Asher Densmore-Lynn <jesdynf@gmail.com>
Date: Sun, 23 Nov 2025 14:03:45 -0600
Subject: [PATCH 2/3] shellcheck

---
 packages/express/ami/ami-config.sh | 3 ++-
 packages/express/ami/ami-rekey.sh  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/express/ami/ami-config.sh b/packages/express/ami/ami-config.sh
index 19064ac4..67d27ed5 100644
--- a/packages/express/ami/ami-config.sh
+++ b/packages/express/ami/ami-config.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 set -e
 
@@ -12,6 +12,7 @@ f () {
         CONTAINER="$(docker compose -p appliance ps --services openemr -qa)"
     done
 
+    # shellcheck disable=SC2312
     until [[ "$(docker container inspect "${CONTAINER}" | jq '.[].State.Health.Status' -r)" == "healthy" ]]
     do
         echo "waiting on service start..."
diff --git a/packages/express/ami/ami-rekey.sh b/packages/express/ami/ami-rekey.sh
index 89f0f772..419fe9d0 100644
--- a/packages/express/ami/ami-rekey.sh
+++ b/packages/express/ami/ami-rekey.sh
@@ -40,6 +40,7 @@ do
 done
 CONTAINER="$(docker compose -p appliance ps --services openemr -qa)"
 
+# shellcheck disable=SC2312
 until [[ "$(docker container inspect "${CONTAINER}" | jq '.[].State.Health.Status' -r)" == "healthy" ]]
   do
       sleep 5

From 4b8eb6eb7ac63aeceb0b9de906b90aad2190c9cd Mon Sep 17 00:00:00 2001
From: Asher Densmore-Lynn <jesdynf@gmail.com>
Date: Sun, 23 Nov 2025 14:05:58 -0600
Subject: [PATCH 3/3] shellcheck

---
 packages/express/ami/ami-config.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/express/ami/ami-config.sh b/packages/express/ami/ami-config.sh
index 67d27ed5..8e86ea98 100644
--- a/packages/express/ami/ami-config.sh
+++ b/packages/express/ami/ami-config.sh
@@ -3,6 +3,7 @@
 set -e
 
 f () {
+    # shellcheck disable=SC2312
     curl -s https://raw.githubusercontent.com/openemr/openemr-devops/master/packages/appliance/launch.sh | bash -s --
 
     until [[ -n "${CONTAINER}" ]]