Silent Installation with TLS

Use the System Manager command-line interface (CLI) to generate configuration and secrets files, encrypt/decrypt secrets files, and to install or uninstall components. Each command outputs basic information in the command prompt window when run and logs all information in Seq. If errors occur, you can troubleshoot by checking the log in Seq.

Prerequisites

To use the CLI for an install, you must have the following prerequisites in place:

The application server where you will complete the install, configured with the prerequisites for Nintex Process Discovery.
The Seq server.
MariaDB and MongoDB installed.
While the System Manager supports an all-in-one installation, you will still need to separately install MongoDB and MariaDB. You have the option to install them on the same server or a remote server. However, it is recommended to install them on a remote server for optimal performance.
Ensure that you have access to the server hosting MariaDB and MongoDB databases and that you have full credentials, including usernames and passwords, for these databases.

To ensure proper functionality, you must establish an open connection between all three servers.
The Nintex System Manager executable file (NintexSystemManagerSetup.exe) already run.
The installation bundle zip file (for example, nintex-pd-23.8.0-full).
The license file for the Process Discovery Console (License.llk).
The certificate files, such as the Personal Information Exchange file (e.g., kryonaws_full_chain.pfx).

We support different certificate file options: PFX (PKCS#12), CERT, KEY, and PEM files. Make sure to have the necessary files for your chosen option, and ensure that each server in a multi-server installation has a certificate installed.

To execute any commands, you must use CMD (Command Prompt) run as administrator.

Installation Flow

Before proceeding with the CLI installation, ensure that you have run the System Manager executable file (NintexSystemManagerSetup.exe). This step is essential to set up the required configurations and dependencies for a successful CLI installation.

The steps below show the order an installation must follow. See the full reference to commands and arguments, with descriptions and examples, in the CLI Commands table below. The command syntax is: nintex-sysmgr-cli <command> <arguments>.

(Optional) Store the installation bundle and Nintex System Manager executable file in the same directory. While this step is optional, it can help with easier management. You can achieve this by specifying the desired destination directory using the appropriate command arguments.
Run CMD as an administrator.
Navigate to the folder that contains the Nintex System Manager executable (NintexSystemManagerSetup.exe).
Run the configTemplate command to generate a config.json file.

Edit these config.json file values:

The parameters in the table listed below are required for the installation to be successful.
Default values for other components are preconfigured and shouldn't need to be edited.

Original Value	Update Value
['SERVER_FQDN']	Replace the default values with your own server details: server_FQDN.DOMAIN
['CUSTOMER_DOMAIN']	Set to your domain: domain.com
['LOGS', "SEQ_ADDRESS"]	Replace with the remote Seq server URL: http://seqserver_FQDN:port
['LOGS', "SEQ_API_KEY"]	By default, this JSON parameter is empty, and you can fill it in as needed. For instructions, see API Keys.
['MYSQL', 'MYSQL_SERVER']	Replace the default values with the remote MySQL server FQDN.
['MONGO', 'MONGODB_SERVER']	Replace the default values with the remote MongoDB server FQDN.
['AEROBASE', 'KEYCLOAK_SSL': false]	Set to 'True'.
['NGINX', 'NGINX_PORT': 80]	Set to the NGINX port defined during your installation. Default port is '433'.
['SSL', 'SSL_PFX_FILE_SOURCE']	If `SSL_USE_PFX` equals to 'true', set to the kryonaws_full_chain.pfx location path.
['SSL', 'SSL_CRT_FILE_SOURCE']	If `SSL_USE_PFX` equals to 'false', set to the CRT file location path.
['SSL', 'SSL_KEY_FILE_SOURCE']	If `SSL_USE_PFX` equals to 'false', set to the KEY file location path.
['SSL', 'PEM_FILE_SOURCE']	If `SSL_USE_PFX` equals to 'false', set to the PEM file location path.

When a parameter name is enclosed by dollar signs ($), the system automatically populates it with the information from the parameter that it is referred to. Specifically, any text or value between the dollar signs will be interpreted as a reference to another parameter, and its content will be used to fill in the referenced parameter.

In the following example, $MONGODB_SERVER$ will be replaced with the Server location details from the parameter: SERVER_FQDN.

Run the secretsTemplate command to generate a secrets.json file.
Edit any secrets you wish to change and set the relevant secrets for remote third parties. By default, all passwords are set to a random string that you can change to human-readable passwords. Changing the passwords for third party applications will make them easier to remember when you log into their user interface.
['MYSQL', 'MYSQL_USER'],
['MYSQL', 'MYSQL_USER_AUTH'],
['MYSQL', 'MYSQL_ADMIN_USER'],
['MYSQL', 'MYSQL_ADMIN_USER_AUTH'],
['MONGO', 'MONGODB_USER'],
['MONGO', 'MONGODB_USER_AUTH'],
['MONGO', 'MONGODB_ADMIN_USER'],
['MONGO', 'MONGODB_ADMIN_USER_AUTH'],
['SSL', 'SSL_PFX_PASSWORD']
Run the setPassword command. This password is used to encrypt and decrypt the secrets.zip file.
Ensure that the environment passwords are entered consistently. Otherwise, you will be prompted to enter the passwords again.
Run the encrypt command to generate an encrypted secrets.zip file. Delete the unencrypted secrets.json file in production after the secrets.zip file is created so that your secrets are not exposed. You can recreate the secrets.json file using the decrypt command if you need to.
Run the install command to perform the installation using the bundle, edited config, and encrypted secrets files.
Move the license file, License.llk, into the new installation folder: C:\Nintex\PDServer.
Restart Nintex Services Watchdog.
Services and Applications > Services > Right-click the Watchdog service and select Restart.

CLI Commands

The --command=encrypt --delete command is not fully implemented and requires manual intervention to delete the JSON file used to encrypt the secrets. Future releases will use the -delete argument. Not deleting the secrets.json file is a security risk.
To delete the secrets.json file, use the --command=encrypt --remove command.
Only the all-in-one server type is available.

In the command examples listed below, the nintex-sysmgr-cli, installation bundle zip file, config.json, and secrets.json files are in the C:\sysmgr directory. You can use any directory you want, but edit the commands below to match your environment.

The home directory path is what the Nintex System Manager executable uses as the working directory and is where the components will be installed.

Command syntax: nintex-sysmgr-cli <command> <arguments>
Command	Arguments	Example and Description
--command=configTemplate	--h - home directory path --z - zip bundle path --d - destination where to save the config template file (with file name)	Copy Config template `nintex-sysmgr-cli --command=configTemplate --h=C:\nintex --z=C:\sysmgr\nintex-pd-22.11.0.218-full.zip --d=C:\sysmgr\config.json`
--command=configTemplate		The config.json file generated by this command contains values used to install components and connect to the various servers needed for installation. Edit the config.json file for your environment, e.g., SERVER_FQDN, CUSTOMER_DOMAIN, SEQ_ADDRESS, MYSQL_SERVER, MONGODB_SERVER. Other default values are preconfigured for you.
--command=secretsTemplate	--h - home directory path --z - zip bundle path --d - destination where to save the secrets config template file (with file name)	Copy Secrets template `nintex-sysmgr-cli --command=secretsTemplate --h=C:\nintex --z=C:\sysmgr\nintex-pd-22.11.0.218-full.zip --d=C:\sysmgr\secrets.json`
--command=secretsTemplate		The secrets.json file generated by this command contains connection credentials for the various servers and components in plain text. Edit credentials as needed for connections to 3rd party servers like your MySQL server.
--command=setPassword	--h - home directory path	Copy setPassword `nintex-sysmgr-cli --command=setPassword --h=C:\nintex`
--command=setPassword	--h - home directory path	You will be prompted to enter a password to be used by the System Manager for encrypting or decrypting the secrets.zip file after you run the setPassword command. If you choose to skip this step, the encrypt and decrypt commands will prompt you to create a password. Alternatively, you can manually create an environment variable with the key NINTEX_SYSMGR_SECRETS_PASS and set its value to any desired password.
--command=encrypt	--h - home directory path --f - unencrypted secrets file --d - destination where to save the encrypted secrets file (with file name) --secrets-pass-env - environment variable holding password to use to encrypt secrets zip file	Copy Encrypt secrets file `nintex-sysmgr-cli --command=encrypt --h=C:\nintex --f=C:\sysmgr\secrets.json --d=C:\sysmgr\secrets.zip --secrets-pass-env=SYSMGR_SECRETS_PASS`
--command=encrypt		This command encrypts your .json secrets file using the environment variable you set up earlier. For security purposes, we recommend deleting the json secrets file after the encrypted file is generated.
--command=decrypt	--h - home directory path --f - encrypted secrets zip file --d - destination where to save the decrypted secrets file (with file name) --secrets-pass-env - environment variable holding password for encrypted secrets zip file	Copy Decrypt secrets file `nintex-sysmgr-cli --command=decrypt --h=C:\nintex --f=C:\sysmgr\secrets.zip --d=C:\sysmgr\secrets.json --secrets-pass-env=SYSMGR_SECRETS_PASS`
--command=decrypt		The decrypt command uses the same environment variable as the encrypt command to decrypt the secrets zip file.
--command=install	--h - home directory path --z - zip bundle path --s - server type --external-config - config file --secrets-file - encrypted secrets zip file --secrets-pass-env - environment variable holding password for encrypted secrets zip file	Copy Install package `nintex-sysmgr-cli --command=install --h=C:\nintex --z=C:\sysmgr\nintex-pd-22.11.0.218-full.zip --s=allInOne --external-config=C:\sysmgr\config.json --secrets-file=C:\sysmgr\secrets.zip --secrets-pass-env=SYSMGR_SECRETS_PASS`
--command=install		The install command uses the previously generated and edited files (config template and secrets template), and the installation bundle zip file, to install the product and components. All output is logged to Seq. The only currently supported server type is all-in-one.
--command=uninstall	--h - home directory path --z - zip bundle path --s - server type --wipe - should wipe all data (backups, cache, etc..)	Copy Regular Uninstall Package `nintex-sysmgr-cli.exe --command="uninstall" --s="allInOne"`
		Copy Uninstall Wipe package `nintex-sysmgr-cli.exe --command="uninstall" --wipe --s="allInOne"`
		To uninstall using the CLI, you have two options: Regular uninstall: This option removes the product assets, but cache files will remain. If you decide to reinstall, the product will use the previously stored data. Uninstall with wipe: This option will thoroughly remove all product data. Data in remote databases and Seq will not be removed automatically. For instance, Aerobase data in the database will need to be manually deleted.

Windows requires paths with spaces in them to be enclosed in inverted commas, for example: "C:\sysmgr home folder\subfolder\file name.txt".