Skip to content

Debian/Ubuntu installation

External repository setup

HCW@Home relies on third party repositories as there is no recent version of mongo or nodejs into official repositories.

apt install curl gnupg ca-certificates lsb-release

# NodeJS Repository
APT_URL="${VERSION}.x $(lsb_release -sc) main"

curl -fsSL ${KEY_URL} | gpg -o /etc/apt/trusted.gpg.d/${PACKAGE}.gpg --dearmor
echo "deb [signed-by=/etc/apt/trusted.gpg.d/${PACKAGE}.gpg] ${APT_URL}" > /etc/apt/sources.list.d/${NAME}.list
apt update
apt install ${PACKAGE}

# MongoDB Repository
DIST_NAME=$(lsb_release -si)
COMPONENT=$(if [ ${DIST_NAME} == "Ubuntu" ] ; then echo "multiverse" ; else echo "main" ; fi )
APT_URL="${DIST_NAME,} $(lsb_release -sc)/mongodb-org/${VERSION} ${COMPONENT}"

curl -fsSL ${KEY_URL} | gpg -o /etc/apt/trusted.gpg.d/${PACKAGE}.gpg --dearmor
echo "deb [signed-by=/etc/apt/trusted.gpg.d/${PACKAGE}.gpg] ${APT_URL}" > /etc/apt/sources.list.d/${NAME}.list
apt update
apt install ${PACKAGE}
systemctl enable --now mongod

After those commands are done, you should have up and running mongo service.

Install Redis

Redis is an on memory database, it's used to temporary store information like session. Installation of redis server must be shared between backends (if several one are deployed), but we are assuming here we are installing on one server. The installation is very simple:

apt install redis-server

Install antivirus

Antivirus limits the risk to propagate malware through HCW@Home. It will check any attachments give by patient or doctor during the consultation. Antivirus can be install on same server or on external server.

apt install clamav-daemon

Check that service is up.

systemctl start clamav-daemon
systemctl status clamav-daemon

Install coturn server

Coturn is an open-source project that provides a TURN and STUN server implementation. Both TURN and STUN are protocols that help in NAT traversal for WebRTC applications.

Coturn setup can be achieve in different mode, we assume that we are installing on same server than Backend, but it's strongly recommanded to install on different server.

apt install coturn

Now adjust the file /etc/turnserver.conf like this.

# Enable only if your server is behind a NAT.
external-ip=<you machine ip>

# Adjust only if you want to use another port.

# Ensure to enable fingerprint and long term credential.

# Adjust the port range that turn is allowed to use. The port range must be opened from the
# firewall as UDP and TCP.

# Choose a realm, can be formatted like

# Configure a user and a password, this is required to be 
# allowed to use the turn relay capabilities. <user>:<password>

If you don't want to put clear password in configuration file, you can encode the password with the following command.

turnadmin -k -u <user> -r <realm> -p <pass>

This command returns an encoded password starting by 0xabc..., replace mypass by the returned value, ensure to keep 0x in front of the password.


Keep in mind this user and password configured here as it will be used later by Mediasoup server.

Install HCW@Home repository and package

HCW@Home is composed of four main components:

  • One Backend
  • One Frontend dedicated for Doctors
  • One Frontend dedicated for Patient
  • One Frontend dedicated for Administrators

Those components can be installed on same server or on differents one. Here we will explain how to install on same server.

cat > /etc/apt/sources.list.d/hcw.list << EOF
deb [arch=amd64 trusted=yes] focal main
deb [arch=amd64 trusted=yes] focal main
deb [arch=amd64 trusted=yes] focal main
deb [arch=amd64 trusted=yes] focal main

Now, refresh the list of packages with the following command.

apt update

Finally, you can install the thre component on one command

apt install hcw-athome-patient hcw-athome-backend hcw-athome-caregiver hcw-athome-admin

Install and configure web server

Now you have an up and running HCW@Home system, you must install a web server. We tested Nginx web server even if it should work with others like Apache.

Installation of Nginx is straight forward

apt install nginx

If you don't have reverse proxy server in front of your Nginx, you might need to install certbot for issuing SSL certificates. You can install the following package

apt install python3-certbot-nginx

By default, HCW@Home doesn't install Nginx configuration, but you can use the ready configuration from doc folder. Don't forget to adjust the configuration based on your needs.

wget -O /etc/nginx/sites-enabled/hcw-patient.conf
wget -O /etc/nginx/sites-enabled/hcw-doctor.conf
wget -O /etc/nginx/sites-enabled/hcw-admin.conf
rm /etc/nginx/sites-enabled/default

Update the files :

listen       80;
server_name  <replace by your domain>;
root   /usr/share/hcw-athome/admin; # or patient or caregiver for depending of config file you are updating;
proxy_pass; # Update if installed on same server, or different IP if separate sever.

The last command removes the fallback default configuration provided by Nginx.

If you now want to issue certificate, run the following command and follow the usual cerbot process. If you need more information about this process, read the official documentation:

certbot --nginx

Configure HCW@Home

Now that every component are ready, we can update the main configuration file /etc/hcw-athome/hcw-athome.conf. Most of the part are self explanatory, you are free to adjust according to your specific configuration.

Also adjust the socket or port Clamav can be reached. If you use socket, you might need to first add HCW@Home system user to Clamav group to be able to communicate with the Daemon.

adduser hcwhome clamav

Check now the socket path, by default it should be /var/run/clamav/clamd.ctl, so you can adjust this path in HCW@home configuration with this command.

sed -i 's|/var/run/clamd.scan/clamd.sock|/var/run/clamav/clamd.ctl|g' /etc/hcw-athome/hcw-athome.conf

Once updated, you can restart and check for logs with the following commands.

systemctl enable --now hcw-athome
systemctl restart hcw-athome

Check logs

journalctl -f -u hcw-athome -n 200

If you see the following line, it means your server is ready.

Aug 23 13:15:33 hcw-athome-dev node[546330]: debug: -------------------------------------------------------
Aug 23 13:15:33 hcw-athome-dev node[546330]: debug: :: Wed Aug 23 2023 13:15:33 GMT+0000 (Coordinated Universal Time)
Aug 23 13:15:33 hcw-athome-dev node[546330]: debug: Environment : production
Aug 23 13:15:33 hcw-athome-dev node[546330]: debug: Port        : 1337
Aug 23 13:15:33 hcw-athome-dev node[546330]: debug: -------------------------------------------------------

Create first admin account

You must have a least one admin account before being able to login on the admin interface (then being able to create other user). Create the first user with mongo request.

use hcw-athome;
db.user.insertOne({email:"",  firstName:"Admin", lastName:"",  role: "admin",  createdAt: new Date().getTime(), password: "$2b$10$uip0TKwn.kbO1s1C3jO0au4ymxjkgd.kg9ueH2oV02I4gJBKzH.2m", "updatedAt": new Date().getTime(), "username" : "", phoneNumber: ""})

This command will create user with login "" and password "admin".

If you need to customize this passsword and you have nodejs installed (or you do on your server), you can use the following script, by example into password.js, don't forgot to update 'not hashed password'.

const bcrypt = require('bcrypt');

bcrypt.hash('not hashed password', 10, function(err, hash) {
  if(err) console.log(err)

You will need to install bcrypt with the following command.

npm install bcrypt

Then run the script with:

node password.js

Install Media server with Mediasoup

Mediasoup is a media server used to send flow between participant.

cat > /etc/apt/sources.list.d/mediasoup.list << EOF
deb [trusted=yes] bullseye main

Refresh the list of available package.

apt update

Now install the package

apt install mediasoup-api

Now adjust the file /etc/mediasoup-api/mediasoup-api.conf, don't forgot to define the following lines with your coturn configuration previously defined.

Most values are self explanatory, once you done your changes, restart the service with the following command.

systemctl status mediasoup-api

If you prefer want to serve Mediasoup API with Nginx (recommanded), you can create a new Nginx file (by example /etc/nginx/sites-enabled/mediasoup.conf) and use the following template.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;

server {
    server_name <domain>;

    location / {
        proxy_set_header Host $host;
        proxy_pass https://localhost:3443;
        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;

        proxy_connect_timeout 120m;
        proxy_send_timeout 120m;
        proxy_read_timeout 120m;

    listen 80;

Don't forget to update the part. If you need to issue certbot certificate, use again the following command.

certbot --nginx

Mediasoup declaration in HCW@Home

If you have only one mediasoup server, you can simply configure it into HCW@Home configuration file.


If you have more than one server, you can add all from admin interface from "Mediasoup" menu.

alt text