Post-Installation Steps for ThingWorx Flow
This applies to all installation scenarios.
Before you begin using ThingWorx Flow, complete the following post-installation steps:
1. If you have installed ThingWorx Flow on RHEL, add your <user> to the twxflow group to run pm2.
2. To implement custom connectors, use the Flow SDK. For more information, see Deploying Connectors.
3. Configure the host (NGNIX server) with a CA-signed certificate
By default, the installer generates a self-signed SSL certificate for the host. To change the certificate to a signed trusted third-party SSL certificate issued by a trusted Certification Authority (a CA-signed certificate), replace the orchestration.csr file as follow:
a. Stop the ThingWorxFlowNginx service.
b. Navigate to the following path:
<ThingWorx Flow Installation directory>\SSL
c. Use orchestration.csr certificate request file to obtain a certificate from Certificate Authority.
d. Follow the Certificate Authority instructions.
e. Replace the existing orchestration.crt file with the certificate generated by Certificate Authority.
f. Start the ThingWorxFlowNginx service.
For more information on making ThingWorx Flow work properly with connected applications using self-signed certificate, see Make ThingWorx Flow work properly when self-signed certificate is used for connected applications.
4. Ensure SSO settings are done correctly
Complete the dedicated instructions only for the installation of ThingWorx Flow mentioned in Configure the sso-settings.json file.
5. Configure PingFederate
If you are using PingFederate, then add the OAuth redirect URI (https://<ThingWorx Flow Nginx host-name>:<ThingWorx Flow Nginx port-number>/Thingworx/oauth2_authorization_code_redirect) to the OAuth ThingWorx Flow client that acts as the service provider.
6. If ThingWorx Flow is using an OAuth connector, for example, Windchill as a resource provider, then you must also provide the OAuth redirect URI as https://<ThingWorx Flow Nginx host-name>:<ThingWorx Flow Nginx port-number>/Thingworx/Oauths/oauth/return.
7. Scale ThingWorx Flow
To scale ThingWorx Flow, you need to modify the following settings, as per your operating system:
 |
Before you make any changes, review the software running on your system.
|
◦ Set the ephemeral ports for services on your operating system between 5000 and 65535.
For information about ephemeral ports and its range, see The Ephemeral Port Range.
◦ Reduce TIME_WAIT on sockets to 30 seconds.
For more information, see Windows: Time Wait setting or Linux: Time Wait setting.
8. Make ThingWorx Flow work properly when self-signed certificate is used for connected applications
Starting from ThingWorx Flow 8.5.15, and later versions, for any application, either third party applications or other PTC applications that are connected to ThingWorx Flow and configured with a self-signed certificate, the self-signed certificate must be appended to extra.crt file. Follow the steps below to append extra.crt file.
These connected application could be connected to ThingWorx Flow as: ThingWorx Flow connectors (that is Windchill, Integrity, SAP), or as CAS/IDP (that is PingFederate, ADFS, Azure AD) that is used for OAuth communication, or as Load Balancer that is used for HA architecture.
|
|
If the connected application is configured with a single CA-signed certificate, then skip the steps described below. Users will be able to use ThingWorx Flow properly.
However, if the CA-signed certificate has certificate chains and one of its intermediate certificates is a self-signed certificate, follow the steps below for the intermediate self-signed certificate.
|
|
|
For Linux, self-signed certificates must be 2048 bit length.
|
To append the certificate, follow these steps:
a. Stop the ThingWorx Flow service.
For Linux, run the following command:
sudo systemctl stop ThingWorx-Flow.service
b. Navigate to <ThingWorx Flow Installation directory>\SSL and edit extra.crt file.
This file includes the content for all connected applications self-signed certificates.
c. Save the self-signed certificate content in PEM format.
|
|
You can use the Chrome browser to get the self-signed certificate in PEM format (Base 64 encoded), by exporting the self-signed certificate.
|
d. Copy the self-signed certificate content to extra.crt file.
e. Repeat steps b to d for every connected application’s self-signed certificate.
f. Append and save the content of the self-signed certificate to extra.crt file. Make sure to add a new line between each certificate.
g. Start the ThingWorx Flow service.
For Linux, run the following command:
sudo systemctl start ThingWorx-Flow.service
9. Configuring Rotating Activity Logs
If you are using ThingWorx Flow 8.5.13 or later, you have the option to configure rotating logs.
In deploymentConfig.json file , under LOGGING edit the following values.
|
Parameter
|
Value
|
Description
|
|---|---|---|
|
MAX_LOG_SIZE
|
This must be number of bytes, kb, mb, and gb. When using the units, add 'k', 'm', or 'g' as a suffix and must directly follow the number. The default value is 10M.
|
This is to set log file size. Maximum size of the file after which the logs will rotate.
|
|
MAX_LOG_FILES
|
This value must be a number and the amount of the log files must be slight higher than what is configured. The default value is 10.
|
This is to set maximum number of logs to keep.
|
|
ROTATION_DATE_PATTERN
|
This must be a string representing the date format according to Moment.js Documentation to be used for rotating. The default value is set to YYYY-MM-DD which mean the log will rotate daily regardless to its size.
|
The meta characters used in this string will dictate the frequency of the file rotation.
|
Separate all log variables using comma.
The logs are available under > folder.