Environment requirements

...

...

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = C##CUBA
cuba.dataSource.password =cuba
cuba.dataSource.dbName = PTGSDB 
cuba.dataSource.host = 10.68.21.182
cuba.dataSource.port = 1521
fixicch2.consul.encrypted_connection = true
fixicch2.consul.port = 8501
fixicch2.consul.insecure_connection_enabled = false
fixicch2.fixServerType = FIXEdge CPP

...

The following parameters can also be configurated configured through the "Application Properties" page on FIXICC H2:

...

<?xml version="1.0" encoding="UTF-8"?>

<configuration debug="false" packagingData="true">

    <property name="logDir" value="${app.home}/logs"/>

    <appender name="File" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/app.log</file>

        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
            <level>INFO</level>
        </filter>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <!-- daily rollover -->
            <fileNamePattern>${logDir}/app.%d{yyyy-MM-dd}.log</fileNamePattern>
            <!-- keep 30 days' worth of history -->
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread%X{cubaApp}%X{cubaUser}] %logger - %msg%n</pattern>
        </encoder>
    </appender>

    <root>
        <appender-ref ref="File"/>
    </root>
	
    <!-- Begin CUBA -->
    <logger name="com.haulmont.cuba" level="INFO"/>
    <logger name="com.haulmont.cuba.core.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.core.sys.CubaDefaultListableBeanFactory" level="WARN"/>
    <logger name="com.haulmont.cuba.core.app.scheduling" level="INFO"/>
    <logger name="com.haulmont.cuba.web.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.portal" level="INFO"/>
    <logger name="com.haulmont.restapi.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.core.app.LockManager" level="INFO"/>
    <!-- End CUBA -->

    <logger name="eclipselink" level="WARN"/>
    <logger name="eclipselink.sql" level="INFO"/>
    <logger name="org.springframework" level="WARN"/>
    <logger name="com.vaadin" level="WARN"/>
    <logger name="org.atmosphere" level="WARN"/>
    <logger name="org.activiti" level="INFO"/>
    <logger name="org.jgroups" level="INFO"/>
    <logger name="freemarker" level="INFO"/>
    <logger name="org.thymeleaf.TemplateEngine" level="INFO"/>
    <logger name="com.zaxxer.hikari" level="INFO"/>
    <logger name="org.docx4j" level="WARN"/>
	<logger name="org.xlsx4j" level="WARN"/>
    <logger name="org.apache.fop.apps.FOUserAgent" level="WARN"/>
    <logger name="org.hibernate" level="WARN"/>
    <logger name="sun" level="INFO"/>
    <logger name="com.sun" level="INFO"/>
    <logger name="javax" level="INFO"/>
    <logger name="org.apache" level="INFO"/>
    <logger name="org.eclipse.jetty" level="INFO"/>
    <logger name="org.docx4j.utils.ResourceUtils" level="ERROR"/>
    <logger name="org.docx4j.Docx4jProperties" level="ERROR"/>
    <logger name="org.xlsx4j.jaxb.Context" level="ERROR"/>
    <logger name="org.docx4j.utils.XSLTUtils" level="ERROR"/>
    <logger name="org.docx4j.jaxb.JaxbValidationEventHandler" level="ERROR"/>
    <logger name="org.docx4j.TraversalUtil" level="ERROR"/>
    <logger name="org.docx4j.fonts" level="ERROR"/>

    <!-- Begin Perf4J  -->
    <appender name="PerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/perfstat.log</file>
        <append>true</append>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logDir}/perfstat.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%msg%n</pattern>
        </encoder>
    </appender>

    <appender name="CoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
        <param name="TimeSlice" value="60000"/>
        <appender-ref ref="PerfStatFile"/>
    </appender>

    <appender name="UIPerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/perfstat-ui.log</file>
        <append>true</append>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logDir}/perfstat-ui.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%msg%n</pattern>
        </encoder>
    </appender>

    <appender name="UICoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
        <param name="TimeSlice" value="120000"/>
        <appender-ref ref="UIPerfStatFile"/>
    </appender>

    <logger name="org.perf4j.TimingLogger" additivity="false" level="INFO">
        <appender-ref ref="CoalescingStatistics"/>
    </logger>

    <logger name="com.haulmont.cuba.gui.logging.UIPerformanceLogger" additivity="false" level="INFO">
        <appender-ref ref="UICoalescingStatistics"/>
    </logger>
    <!-- End Perf4J  -->

</configuration>

Start application

Start the FIXICC H2 from the command line with the following command:

java -Dapp.home=/opt/fixicch2-home -jar /opt/fixicch2/app.jar

This will start FIXICC H2 on port 8080, you can access it by browsing to http://fixicc-h2-machine:8080/app.

Where:

• "/opt/fixicch2-home" is the directory with the local.app.properties file, you should type the full path for the file;
• "/opt/fixicch2/" is the directory with the app.jar file, you should type the full path for the file.

Changing FIXICC H2 port

To run FIXICC H2 on another HTTP port you need to specify the {{fixicch2.http_port}} Java system property, e.g. to run FIXICC H2 on port 9090, you should start the FIXICC H2 from the command line with the following command:

java -Dapp.home=/opt/fixicch2-home -Dfixicch2.http_port=9090 -jar /opt/fixicch2/app.jar

HTTPS support

To run FIXICC H2 with HTTPS support you need to provide it with key store and trust store in JKS format. For production installations, you need to create JKS from the certificate and private key provided by a trusted certificate authority.

For testing purposes, you can generate a self-signed certificate by yourself.

...

...

HTTPS support

To run FIXICC H2 with HTTPS support you need to provide it with key store and trust store in JKS format. For production installations, you need to create JKS from the certificate and private key provided by a trusted certificate authority.

For testing purposes, you can generate a self-signed certificate by yourself.

keytool -genkey                                                                     
    -noprompt                                                                       
    -alias jetty                                                                    
    -keyalg RSA                                                                     
    -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' 
          
    -noprompt           -keystore keystore.jks                                                          
      -aliasstorepass jetty  fixicch2                                                             
    
    -keyalg RSA                                                                     
    -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' 
    -keystore keystore.jks                                                          
    -storepass fixicch2                                    keypass fixicch2

To run FIXICC H2 with HTTPS enabled, you need to provide the following parameters:

For details on these parameters please refer to the Jetty 9 Documentation on parameters keyStorePath , keyStorePassword , keyManagerPassword , trustStorePath , and trustStorePassword .

export FIXICC_H2_KEY_STORE_PASSWORD=fixicch2
export FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2
export FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
java -Dapp.home=/opt/fixicch2-home              
    -Dfixicch2.secure_http_port=8433           -keypass fixicch2

To run FIXICC H2 with HTTPS enabled, you need to provide the following parameters:

...

Where

...

fixicch2.secure_http_port

...

 
    -Dfixicch2.key_store_path

...

For details on these paramters please refer to the Jetty 9 Documentation on parameters keyStorePath , keyStorePassword , keyManagerPassword , trustStorePath , and trustStorePassword .

export FIXICC_H2_KEY_STORE_PASSWORD=fixicch2
export FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2
export FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
java -Dapp.home=/opt/fixicch2-home              
    -Dfixicch2.secure_http_port=8433            
    -Dfixicch2.key_store_path=keystore.jks      
    -Dfixicch2.trust_store_path=keystore.jks    
    =keystore.jks      
    -Dfixicch2.trust_store_path=keystore.jks    
    -jar /opt/fixicch2/app.jar

Start application

Start the FIXICC H2 from the command line with the following command:

java -Dapp.home=/opt/fixicch2-home -jar /opt/fixicch2/app.jar

This will start FIXICC H2 on port 8080, you can access it by browsing to http://fixicc-h2-machine:8080/app.

Where:

• "/opt/fixicch2-home" is the directory with the local.app.properties file, you should type the full path for the file;
• "/opt/fixicch2/" is the directory with the app.jar file, you should type the full path for the file.

Changing FIXICC H2 port

To run FIXICC H2 on another HTTP port you need to specify the fixicch2.http_port Java system property, e.g. to run FIXICC H2 on port 9090, you should start the FIXICC H2 from the command line with the following command:

java -Dapp.home=/opt/fixicch2-home -Dfixicch2.http_port=9090 -jar /opt/fixicch2/app.jar

FIX Log Viewer Settings

To configure the search in the FIX logs:

1. Deploy FIXEye Agent (version 2.3.0 or higher) by following the instruction

LDAP authentication

To configure the FIXICC H2 authentication via LDAP you can follow the following instruction:

1. Deploy the LDAP server

2. Set the following properties in the local.app.properties file:

   Name	Example value	Default value	Description
   ldap.contextSourceUrl	ldap://localhost:389	ldap://localhost:10389	Defines a URL for reaching the LDAP server
   ldap.contextSourceUserName	cn=admin,dc=epm-bfix,dc=local	uid=admin,ou=system	Indicates a username (principal) used for authentication. This is normally the distinguished name of the admin user.
   ldap.contextSourceBase	dc=epm-bfix,dc=local	dc=springframework,dc=org	Defines a base DN. If configured, all operations on contexts retrieved from ContextSource will be relative to this DN. By default, an empty name is set (i.e. all operations are related to the directory root).
   ldap.contextSourcePassword	ADMIN_PASSWORD	secret	Defines a password used for authentication. Login with default parameters for the first time. Then you can change the password in env docker-compose.
   ldap.referral	follow	follow	Defines the strategy to handle referrals, as described in this documentation
   ldap.sessionExpiringPeriodSec	120	30	Indicates a period in seconds after which the system terminates a user session if you deactivate the user or assign a new access group/matching rules to them
   ldap.userSynchronizationBatchSize	100	100	Defines the number of users that can be synchronized during the execution of the synchronizeUsersFromLdap() scheduled task
   ldap.userSynchronizationOnlyActiveProperty	true	true	If set to true, the synchronizeUsersFromLdap() scheduled task updates only the value of the Active attribute. Otherwise, the system updates all user details.
   ldap.cubaGroupForSynchronization	Company	Company	Defines access groups that are checked when the system executes the synchronizeUsersFromLdap() scheduled task.
   ldap.cubaGroupForSynchronizationInverse	false	false	If set to true, the system checks all groups when executing the synchronizeUsersFromLdap() scheduled task (except for the ones specified in ldap.cubaGroupForSynchronization)
   ldap.synchronizeCommonInfoFromLdap	true	true	If set to true, the synchronizeUsersFromLdap() scheduled task updates the values of the following user attributes in accordance with their state on the LDAP server side: Email, Name, First name, Last name, Middle name, Position, Language)
   cuba.web.standardAuthenticationUsers	admin, anonymous	admin, anonymous	Defines users that can log in to the system using standard CUBA credentials
   ldap.expiringSessionNotificationCron	*/10 * * * * *	*/10 * * * * *	Defines the cron expression for retrieving expired sessions from the middleware layer
   ldap.addonEnabled	true	false	If set to true, the LDAP add-on is enabled
   ldap.expiringSessionsEnable	true	true	If set to true, the system sends notifications to inform the user that their session is about to expire

3. If the group and user weren't set earlier you should create a posix group and a user in LDAP
4. Start the FIXICC H2
5. Select Administration > LDAP > LDAP Config in the menu on the left-side (items 1→2→3 in the figure below)
6. Check the connection by clicking Test Connection (item 4 in the figure below)
   Figure. The "Test Connection" button.
   
   
7. If the connection is successful, the FIXICC H2 will show the following message:
   
   Figure. The successful LDAP connection.
   
   
8. Go to the LDAP Matching Rules page by clicking LDAP Matching Rules 
9. Select the default rule in the table and click Edit or press Enter on your keyboard to edit the default rule
   Figure. The "LDAP Matching Rules" page.
   
   
10. Add the Role - system-full-access or your own role (in this case, the role's permissions must provide access to Allow all screens):
11. Click Add (see below):
    Figure. The "Add" button for adding the permissions.
    
    
    
    
12. Select the Role in the table (item 1 in the figure above)
13. Confirm your choice by clicking Select (item 2 in the figure above)
14. Logout by clicking the arrow at the bottom of the left-side menu (see below)
    
    Figure. The "Logout" button.
    
15. Login with the user's data whose role was added to the LDAP Matching Rules