Additional configuration

Install NGINX

To install NGINX, use one of the following options depending on the operating system of the web server:

• If you want to install NGINX in Ubuntu operating system, use the following command:

  apt-get install nginx
  

• If you want to install NGINX in Red Hat operating system, use the following command:

  yum install nginx
  

After installing NGINX, you must activate NGINX if you did not activate it earlier. To activate NGINX, use the following command:

systemctl enable nginx
systemctl start nginx

Configure the NGINX virtual host

To configure the NGINX virtual host, you must copy the Template Virtual Host file, which is available in the Task Mining package, into the NGINX configuration. Use one of the following options to copy the Template Virtual Host file depending on the operating system of the web server:

• If you use the Ubuntu operating system, use the following command:

  cp <TM_HOME>/conf/taskminer.conf /etc/nginx/sites-available/
  

• If you use the Red Hat operating system, use the following command:

  cp <TM_HOME>/conf/taskminer.conf /etc/nginx/conf.d/taskminer.conf
  

Configure NGINX SSL

To configure NGINX SSL, do the following steps:

1. Create the ssl directory by using the following command:

   mkdir /etc/nginx/ssl
   

2. Copy the SSL certificate to the ssl directory. Use one of the following options depending on the type certificate that you created:

   • If you created a self-signed certificate per the steps mentioned in the Self-signed certificates topic, to which you added the hostnames of both the Process Mining and Task Mining servers, use the following command:

     cp /home/pm/cert/server.* /etc/nginx/ssl/
     

   • If you want to create and download a certificate from a certificate authority (CA), follow the documentation of the CA that you choose. After downloading the certificate, copy the certificate in the /etc/nginx/ssl/ repository.

3. Update the Template Virtual Host file with the filepaths of both the certificate and key that you created. Use one of the following options depending on the type of certificate that you created:

   • If you created the certificate from a certificate authority (CA), use the following command:

     ssl_certificate /etc/nginx/ssl/<MY_CERTIFICATE>.pem;
     ssl_certificate_key /etc/nginx/ssl/<MY_CERTIFICATE>.key;
     

   • If you created a self-signed certificate, use the following command:

     ssl_certificate /etc/nginx/ssl/server.pem;
     ssl_certificate_key /etc/nginx/ssl/server.key;
     

4. Change the server name to the hostname of the Task Mining server by using the following command:

   server_name <TM_HOST>;
   

Activate the NGINX virtual host

To activate the NGINX virtual host, use one of the following options depending on the operating system of the web server:

• If the operating system of the web server is Ubuntu, use the following command to activate the virtual host:

  ln -s /etc/nginx/sites-available/processmining.conf /etc/nginx/sites-enabled/
  

• If the operating system of the web server is Red Hat, use the following command to activate the virtual host:

  chcon -t httpd_config_t /etc/nginx/ssl/*.*
  setsebool -P httpd_can_network_connect 1
  chcon -Rt httpd_sys_content_t <TM_HOME>/tm
  

If the SELinux security is enabled, see the Application service startup might fail on SELinux topic for more details.

Test and restart NGINX

To test the changes to your NGINX configuration, use the following command:

nginx -T

If the test result is good, restart NGINX service by using the following command:

systemctl restart nginx

Edit NGINX configuration for Task Mining on Process Mining Server

When you introduce changes to the processmining.conf file, make sure you do it correctly. For more information, see Configuration file editing guidelines.

If you want to deploy Task Mining in a dedicated server separate from the Process Mining server, you must do the following changes:

1. Open <PM_HOME>/nginx/processmining.conf to edit.

For more information about configuring the processmining.conf file, see the Web and SSL configuration topic.

2. Comment out the following section:

   	#######################################
   	# TM installed on same PM server
   	#######################################
   

3. Uncomment the following section:

   	#######################################
   	# TM installed on different PM server
   	#######################################
   

4. Change the IP address of the primary DNS server, <DNS_SERVER_IP> in the following line:

   resolver <DNS_SERVER_IP> valid=300s;

5. Change the domain name per your Task Mining URL, <TM_SERVER_URL>, in the following line:

   proxy_pass https://<TM_SERVER_URL>/api/$1$is_args$args;

Importing on MacOS

1. Drag and drop the file rootCA.pem into the Applications folder, then open it.

2. Double-click the certificate to open its property window, and select Always Trust for every option under the Trust header.

Importing on Windows

1. Open the Microsoft Management Console by opening the app Run and typing mmc into the search.

2. If the User Account Control window pops up, click Yes.

3. Click on File, then in the drop-down menu click on Add/Remove Snap-In.

4. In the Available snap-ins column in the pop-up window, select Certificates > Add.

5. Ensure that My user account is selected in the pop-up window and click Finish.

6. In the Console1 window, navigate to Console Root\Certificates - Current User\Trusted Root Certification Authorities\Certificates. Right click Certificates and in the All Tasks menu click Import.

7. In the Certificate Import Wizard window, add rootCA.pem, and ensure that Place all certificates in the following store is selected with Trusted Root Certification Authorities set as the certificate store.

8. In the warning message click Yes.

To verify that you have correctly set the configuration for either MacOS or Windows, open your browser and check that the website pm.processmining.demo/signin is recognized as secure.