Additional configuration
Learn about the additional configuration steps that you must do to complete the IBM Task Mining installation.
Setting up SSL configuration on NGINX
You need to configure NGINX only if you want to install Task Mining on a dedicated server. Refer to the following topics to configure the NGINX web server:
Installing NGINX
To install NGINX, use one of the following options depending on the operating system of the web server:
-
If you want to install NGINX in Ubuntu operating system, use the following command:
apt-get install nginx -
If you want to install NGINX in Red Hat operating system, use the following command:
yum install nginx
After installing NGINX, you must activate NGINX if you did not activate it earlier. To activate NGINX, use the following command:
systemctl enable nginx
systemctl start nginx
Configure the NGINX virtual host
To configure the NGINX virtual host, you must copy the
Template Virtual Host file, which is available in the
Task Mining package, into the NGINX configuration. Use one of the
following options to copy the Template Virtual Host
file depending on the operating system of the web server:
-
If you use the Ubuntu operating system, use the following command:
cp <TM_HOME>/conf/taskminer.conf /etc/nginx/sites-available/ -
If you use the Red Hat operating system, use the following command:
cp <TM_HOME>/conf/taskminer.conf /etc/nginx/conf.d/taskminer.conf
Configure NGINX SSL
To configure NGINX SSL, do the following steps:
-
Create the
ssldirectory by using the following command:mkdir /etc/nginx/ssl -
Copy the SSL certificate to the
ssldirectory. Use one of the following options depending on the type certificate that you created:-
If you created a self-signed certificate per the steps mentioned in the Self-signed certificates topic, to which you added the hostnames of both the Process Mining and Task Mining servers, use the following command:
cp /home/pm/cert/server.* /etc/nginx/ssl/ -
If you want to create and download a certificate from a certificate authority (CA), follow the documentation of the CA that you choose. After downloading the certificate, copy the certificate in the
/etc/nginx/ssl/repository.
-
-
Update the
Template Virtual Hostfile with the filepaths of both the certificate and key that you created. Use one of the following options depending on the type of certificate that you created:-
If you created the certificate from a certificate authority (CA), use the following command:
ssl_certificate /etc/nginx/ssl/<MY_CERTIFICATE>.pem; ssl_certificate_key /etc/nginx/ssl/<MY_CERTIFICATE>.key; -
If you created a self-signed certificate, use the following command:
ssl_certificate /etc/nginx/ssl/server.pem; ssl_certificate_key /etc/nginx/ssl/server.key;
-
-
Change the server name to the hostname of the Task Mining server by using the following command:
server_name <TM_HOST>;
Activate the NGINX virtual host
To activate the NGINX virtual host, use one of the following options depending on the operating system of the web server:
-
If the operating system of the web server is Ubuntu, use the following command to activate the virtual host:
ln -s /etc/nginx/sites-available/processmining.conf /etc/nginx/sites-enabled/ -
If the operating system of the web server is Red Hat, use the following command to activate the virtual host:
chcon -t httpd_config_t /etc/nginx/ssl/*.* setsebool -P httpd_can_network_connect 1 chcon -Rt httpd_sys_content_t <TM_HOME>/tm
If the SELinux security is enabled, see the Application service startup might fail on SELinux topic for more details.
Test and restart NGINX
To test the changes to your NGINX configuration, use the following command:
nginx -T
If the test is successful, restart NGINX service by using the following command:
systemctl restart nginx
Edit NGINX configuration for Task Mining on Process Mining Server
If you want to deploy Task Mining in a dedicated server separate from the Process Mining server, you must do the following changes:
- Open
<PM_HOME>/nginx/processmining.confto edit.For more information about configuring the
processmining.conffile, see Web and SSL configuration. -
Comment out the following section:
####################################### # TM installed on same PM server ####################################### -
Uncomment the following section:
####################################### # TM installed on different PM server ####################################### -
Change the IP address of the primary DNS server,
<DNS_SERVER_IP>in the following line:resolver <DNS_SERVER_IP> valid=300s; -
Change the domain name per your Task Mining URL,
<TM_SERVER_URL>, in the following line:proxy_pass https://<TM_SERVER_URL>/api/$1$is_args$args;
Setting up firewall rules
If you are using a self-signed certificate, you must enable the
HTTPS 443 port on the firewall to get access to the
web application.
Importing certificates
The client components (Web browser and IBM Task Minings Agent) must import the certificate authority (CA) certificate to trust your server.
To import the CA certificate, copy rootCA.pem on
your workstation (Windows operating systems or MacOS).
Importing on MacOS
-
Drag and drop the file
rootCA.peminto the Applications folder, then open it. -
Double-click the certificate to open its property window, and select Always Trust for every option under the Trust header.
Importing on Windows
-
Open the Microsoft Management Console by opening the app Run and typing
mmcinto the search. -
If the User Account Control window pops up, click Yes.
-
Click on File, then in the drop-down menu click on Add/Remove Snap-In.
-
In the Available snap-ins column in the pop-up window, select Certificates > Add.
-
Ensure that My user account is selected in the pop-up window and click Finish.
-
In the Console1 window, navigate to
Console Root\Certificates - Current User\Trusted Root Certification Authorities\Certificates. Right click Certificates and in the All Tasks menu click Import. -
In the Certificate Import Wizard window, add
rootCA.pem, and ensure that Place all certificates in the following store is selected with Trusted Root Certification Authorities set as the certificate store. -
In the warning message click Yes.
pm.processmining.demo/signin is
recognized as secure.