You can use the node.conf.yaml and server.conf.yaml configuration
files to configure the port that is used to connect to the web user
interface, and to secure the connection.
About this task
The IBM App Connect Enterprise web user interface enables you to access integration
node or integration server resources by using a web browser, and it provides integration
administrators with a method of administering those resources. For more information about the web
user interface, see IBM App Connect Enterprise web user interface. To learn some basics about administering IBM App Connect Enterprise with the web user interface, see the tutorial "Getting started
with ACEv11 - Exploring the Web UI" in the IBM App Connect
Enterprise Toolkit.
Procedure
- Open the node.conf.yaml or server.conf.yaml
configuration file for your integration node or server, by using a YAML editor.
If you do not have access to a YAML editor, you can edit the file by using a plain text editor;
however, you must ensure that you do not include any tab characters, which are invalid characters in
YAML and would cause your configuration to fail. If you are using a plain text editor, ensure that
you use a YAML validation tool to validate the content of your file.
Set the RestAdminListener properties, which control the settings
for the web user interface:
- Set the port property to the port that will be used by the web user
interface and the IBM App Connect
Enterprise Toolkit. By default, this port is set to
4414.
- Optional:
If you want to secure the connection, set the following properties:
- Set
host: 'hostname'
Specify the host
name where the integration node or integration server is running.
- If you want to use basic authentication for users logging in to the web user
interface, uncomment the following property:
- basicAuth: true
- Specify whether clients require a web user name and password (true or
false).
You will also need to create at least one username and password, by running the mqsicredentials (or mqsiwebuseradmin) command as described in the later step section
"Additional steps for security configuration".
- If you want to use SSL or TLS to secure the connection:
Set the following properties:
- sslCertificate
- Specify the path to the server certificate store, in the form
/path/to/serverPKCS.p12.
If you are using a .pem
certificate, the sslCertificate is the full path to the server certificate
key.
If you are using .p12
or .pfx
certificate, the
sslCertificate is the full path to the server certificate store file.
- sslPassword
- Specify either the name of a keystore type credential if you use the mqsicredentials command or the server certificate password alias, in
the form
adminRestApi::sslpwd
if you use the mqsisetdbparms command. . If you are using a .pem
certificate, the sslPassword is the full path to the server private key, which
must be a standard private key and not an encrypted one.
If you are using
.p12
or .pfx
certificate, the sslPassword is
the passphrase or alias to the passphrase of the certificate store.
You will also need to set the password to be used for your server certificate, by running
the mqsicredentials (or mqsisetdbparms) command as described in the later step section
"Additional steps for security configuration".
- If you want to use SSL client certificates (mutual authentication):
- requireClientCert
- Specify whether a certificate is to be requested from the client (true or false).
- caPath
- Specify the file path that contains certificate authority certificates; all files in this path
will be read.
- If you want to view message flow statistics in the web user interface, you must also
enable the reporting of message flow statistics and accounting data, as described in Configuring the collection of message flow statistics by using a .yaml configuration file. The web user interface consumes message flow statistics and accounting data
in JSON format, which means that you must include json as one of the values in the
outputFormat property in the .conf.yaml configuration
file.
- If you want to view resource statistics in the web user interface, you must enable the
reporting of these statistics as described in Managing resource statistics collection.
- Save the .yaml file. The properties that you set in the .yaml file take effect when the
integration node or server is started. If you modify these properties again, you must also restart
the integration node or server.
- Restart the integration node or server for the changes to take effect.
Additional steps for security configuration:
- If you set
basicAuth: true
, create one or more usernames and passwords
that users should specify when starting the web user interface.
- If you set
sslCertificate
and sslPassword
to use SSL or
TLS to secure the connection
In the
IBM App Connect Enterprise command console, use the
mqsicredentials command to set the password to be used for your server
certificate. For
example:
mqsicredentials --work-dir c:\workdir\ACEServ1 --create --credentialType keystore --credentialName sslpwd --password password
You do not need to specify a username. Ensure that you set the sslPassword
property in the node.conf.yaml or server.conf.yaml
configuration file to the value that you specify for credentialType in the
command.
Alternatively, you can use the
mqsisetdbparms command. For
example:
mqsisetdbparms -w c:\workdir\ACEServ1 -n adminRestApi::sslpwd -u dummy -p password
For more information about configuring use of SSL or TLS to secure the connection, see Configuring SSL or TLS for an integration node or server.
Results
You can now access the web user interface by opening a browser
and specifying the host and port that you configured in the .yaml configuration
file. For more information, see Accessing the web user interface.