Environment requirements

...

1. FIXICC H2 machine:
   1. RHEL 7 / RHEL 8
   2. OpenJDK 1.8 
   3. Consul agent in client mode
2. FIXEdge Cpp/Java machine:
   1. Consul agent in client mode
3. On the network:
   1. PostgreSQL Database
      1. 1 user with DDL privileges (to run the database migration, can also be used to run normal FIXICC H2 operation)
      2. (Optional) 1 user without DDL privileges (to run normal FIXICC H2 operation)
   2. Consul cluster (can be deployed on the same machines as FIXEdge Cpp/Java or FIXICC H2)
4. Client workstations:
   1. Chrome browser

...

Pre-Configuration

Before you start working with the FIXICC H2, install and configure the FIX Engine and Consul application.

...

To find the Consul installation instructions, please follow this the link.

For non-production use, you can run the Consul in developer mode with the command: consul agent -dev.

For production use - please follow this the link.

To configure the encrypted connection from FIXICC H2 to the Consul on the Consul side, please refer to this follow the link.

FIXICC H2 settings

You should choose a directory on your workstation for FIXICC H2 files.

The FIXICC H2 instance is in the app.jar file. To complete the configuration, please create a locala local.app.properties file.

You can place theapp.jar file for the FIXICC H2 application and localand local.app.properties(FIXICC H2 properties file) in the same directory, or store them separately.

...

Please configure the FIXICC H2 according to the instance of the local.app.properties in your FIXICC H2 package, and set the following properties:

Configuration example:

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = C##CUBA
cuba.dataSource.password =cuba
cuba.dataSource.dbName = PTGSDB 
cuba.dataSource.host = 10.68.21.182
cuba.dataSource.port =1521
fixicch2.consul.encrypted_connection =true
fixicch2.consul.port =8501
fixicch2.consul.insecure_connection_enabled =false
fixicch2.fixServerType = FIXEdge CPP
fixicch2.prometheus.port = localhost
fixicch2.prometheus.port = 9090
fixicch2.prometheus.pollInterval = 5
fixicch2.metrics.support.fe = false
fixicch2.metrics.support.fej = true
fixicch2.unknownServer.autoRegistration = true

The following parameters optional properties can also be configurated through on the "Application Properties" Properties page on via FIXICC H2:

Logging configuration

To configure the logging level for the FIXICC H2 application, please create a logback.xml file the logback.xml file and put it in the same directory that where the local.app.properties file is located instored.

The logback.xml file is not mandatory.

For further additional information please refer to this the link.

Example:

<?xml version="1.0" encoding="UTF-8"?>

<configuration debug="false" packagingData="true">

    <property name="logDir" value="${app.home}/logs"/>

    <appender name="File" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/app.log</file>

        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
            <level>INFO</level>
        </filter>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <!-- daily rollover -->
            <fileNamePattern>${logDir}/app.%d{yyyy-MM-dd}.log</fileNamePattern>
            <!-- keep 30 days' worth of history -->
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread%X{cubaApp}%X{cubaUser}] %logger - %msg%n</pattern>
        </encoder>
    </appender>

    <root>
        <appender-ref ref="File"/>
    </root>
	
    <!-- Begin CUBA -->
    <logger name="com.haulmont.cuba" level="INFO"/>
    <logger name="com.haulmont.cuba.core.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.core.sys.CubaDefaultListableBeanFactory" level="WARN"/>
    <logger name="com.haulmont.cuba.core.app.scheduling" level="INFO"/>
    <logger name="com.haulmont.cuba.web.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.portal" level="INFO"/>
    <logger name="com.haulmont.restapi.sys" level="INFO"/>
    <logger name="com.haulmont.cuba.core.app.LockManager" level="INFO"/>
    <!-- End CUBA -->

    <logger name="eclipselink" level="WARN"/>
    <logger name="eclipselink.sql" level="INFO"/>
    <logger name="org.springframework" level="WARN"/>
    <logger name="com.vaadin" level="WARN"/>
    <logger name="org.atmosphere" level="WARN"/>
    <logger name="org.activiti" level="INFO"/>
    <logger name="org.jgroups" level="INFO"/>
    <logger name="freemarker" level="INFO"/>
    <logger name="org.thymeleaf.TemplateEngine" level="INFO"/>
    <logger name="com.zaxxer.hikari" level="INFO"/>
    <logger name="org.docx4j" level="WARN"/>
	<logger name="org.xlsx4j" level="WARN"/>
    <logger name="org.apache.fop.apps.FOUserAgent" level="WARN"/>
    <logger name="org.hibernate" level="WARN"/>
    <logger name="sun" level="INFO"/>
    <logger name="com.sun" level="INFO"/>
    <logger name="javax" level="INFO"/>
    <logger name="org.apache" level="INFO"/>
    <logger name="org.eclipse.jetty" level="INFO"/>
    <logger name="org.docx4j.utils.ResourceUtils" level="ERROR"/>
    <logger name="org.docx4j.Docx4jProperties" level="ERROR"/>
    <logger name="org.xlsx4j.jaxb.Context" level="ERROR"/>
    <logger name="org.docx4j.utils.XSLTUtils" level="ERROR"/>
    <logger name="org.docx4j.jaxb.JaxbValidationEventHandler" level="ERROR"/>
    <logger name="org.docx4j.TraversalUtil" level="ERROR"/>
    <logger name="org.docx4j.fonts" level="ERROR"/>

    <!-- Begin Perf4J  -->
    <appender name="PerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/perfstat.log</file>
        <append>true</append>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logDir}/perfstat.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%msg%n</pattern>
        </encoder>
    </appender>

    <appender name="CoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
        <param name="TimeSlice" value="60000"/>
        <appender-ref ref="PerfStatFile"/>
    </appender>

    <appender name="UIPerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${logDir}/perfstat-ui.log</file>
        <append>true</append>

        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <fileNamePattern>${logDir}/perfstat-ui.%d{yyyy-MM-dd}.log</fileNamePattern>
            <maxHistory>5</maxHistory>
            <cleanHistoryOnStart>true</cleanHistoryOnStart>
        </rollingPolicy>

        <encoder>
            <pattern>%msg%n</pattern>
        </encoder>
    </appender>

    <appender name="UICoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
        <param name="TimeSlice" value="120000"/>
        <appender-ref ref="UIPerfStatFile"/>
    </appender>

    <logger name="org.perf4j.TimingLogger" additivity="false" level="INFO">
        <appender-ref ref="CoalescingStatistics"/>
    </logger>

    <logger name="com.haulmont.cuba.gui.logging.UIPerformanceLogger" additivity="false" level="INFO">
        <appender-ref ref="UICoalescingStatistics"/>
    </logger>
    <!-- End Perf4J  -->

</configuration>

...

To run FIXICC H2 with HTTPS support you need to provide it with a key store and trust store in JKS format. For production installations, you need to create JKS from the certificate and private key provided by a trusted certificate authority.

...

To run FIXICC H2 with HTTPS enabled, you need to provide the following parameters:

For details on these parameters more information please refer to the Jetty 9 Documentation on parameters keyStorePath , keyStorePassword , keyManagerPassword , trustStorePath  page (keyStorePath , keyStorePassword , keyManagerPassword , trustStorePath , and trustStorePassword  properties).

...

For example, to start FIXICC H2 with the keys generated as above run the following command:

export FIXICC_H2_KEY_STORE_PASSWORD=fixicch2
export FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2
export FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
java -Dapp.home=/opt/fixicch2-home              
    -Dfixicch2.secure_http_port=8433            
    -Dfixicch2.key_store_path=keystore.jks      
    -Dfixicch2.trust_store_path=keystore.jks    
    -jar /opt/fixicch2/app.jar

Start application

Start the FIXICC H2 from the command line with the following command:

...

This will start FIXICC H2 on port 8080, you can access it by browsing to http://fixicc-h2-machine:8080/app.

...

• "/opt/fixicch2-home" is the directory with the local.app.properties file, you should type the full path for the file;.
• "/opt/fixicch2/" is the directory with the app.jar file, you should type the full path for the file.

...

To run FIXICC H2 on another HTTP port you need to specify the fixicch2.http_port Java system property, e.g. to run FIXICC H2 on port 9090, you should start the FIXICC H2 from the command line with the following command:

...

1. Deploy FIXEye Agent (version 2.3.0 or higher) by following the instruction.

LDAP authentication

To configure the FIXICC H2 authentication via LDAP you can follow the following instruction:

1. Deploy the LDAP server.

2. Set the following properties in the local.app.properties file:

   Name	Example value	Default value	Description
   ldap.contextSourceUrl	ldap://localhost:389	ldap://localhost:10389

   Defines

   The property defines a URL for reaching the LDAP server. Possible values: string
   ldap.contextSourceUserName	cn=admin,dc=epm-bfix,dc=local	uid=admin,ou=system

   Indicates a username

   The property defines the username (principal) used for authentication. This is normally the distinguished name of the admin user. Possible values: string
   ldap.contextSourceBase	dc=epm-bfix,dc=local	dc=springframework,dc=org

   Defines

   The property defines a base DN. If configured, all operations on contexts retrieved from ContextSource will be relative to this DN. By default, an empty name is set (i.e. all operations are related to the directory root). Possible values: string
   ldap.contextSourcePassword	ADMIN_PASSWORD	secret

   Defines

   The property defines a password used for authentication. Login with default parameters for the first time. Then you can change the password in env docker-

   compose.

   compose. Possible values: string
   ldap.referral	follow	follow

   Defines

   The property defines the strategy to handle referrals, as described

   in this documentation

   in thedocumentation. Possible values: string
   ldap.sessionExpiringPeriodSec	120	30

   Indicates

   The property defines a period of time in seconds after which the system terminates a

   user

   session if

   you deactivate

   the user was deactivated or

   assign

   a new access group/matching rules were assigned to them. Possible values: int
   ldap.userSynchronizationBatchSize	100	100

   Defines

   The property defines the number of users that can be synchronized during the execution of

   the 

   the synchronizeUsersFromLdap()

    scheduled task

   scheduled task. Possible values: int
   ldap.userSynchronizationOnlyActiveProperty	true	true	The property defines whether the synchronizeUsersFromLdap() scheduled task will update only the value of the Active attributes or all user details. If set

   to 

   to 'true',

   the 

   the synchronizeUsersFromLdap() scheduled task updates only the value of

   the Active attribute

   the Active attribute. Otherwise, the system updates all user details. Possible values: true | false
   ldap.cubaGroupForSynchronization	Company	Company

   Defines

   The property defines access groups that

   are

   will be checked when the system executes

   the ,

   the synchronizeUsersFromLdap() scheduled task. Possible values: string
   ldap.cubaGroupForSynchronizationInverse	false	false

   If set to true

   The property defines whether the system

   checks

   will check all groups when executing the synchronizeUsersFromLdap()

    scheduled

   scheduled task (except for the ones specified

   in 

   in the ldap.cubaGroupForSynchronization property). If set to 'true', the system checks all groups when executing the synchronizeUsersFromLdap() scheduled task. Possible values: true | false
   ldap.synchronizeCommonInfoFromLdap	true	true

   If set to true, the 

   The property defines whether the synchronizeUsersFromLdap()

    scheduled

   scheduled task

   updates

   will update the values of the following user attributes in accordance with their state on the LDAP server side: Email, Name, First name, Last name, Middle name, Position, and Language. If set to 'true', the synchronizeUsersFromLdap() scheduled task will update the values of these user attributes in accordance with their state on the LDAP server side. Possible values: true | false
   cuba.web.standardAuthenticationUsers	admin, anonymous	admin, anonymous

   Defines

   The property defines users that can log in to the system using standard CUBA credentials. Possible values: string
   ldap.expiringSessionNotificationCron	*/10 * * * * *	*/10 * * * * *

   Defines

   The property defines the

   cron

   CRON expression for retrieving expired sessions from the middleware layer. Possible values: CRON
   ldap.addonEnabled	true	false

   If set to true,

   The property defines whether the LDAP add-on

   is

   will be enabled. Possible values: true | false
   ldap.expiringSessionsEnable	true	true

   If set to true,

   The property defines whether the system

   sends

   will send notifications to inform the user that their session is about to expire. Possible values: true | false

3. If the group and user weren't set earlier you should create a posixPOSIX group and a user in LDAP.
4. Start the FIXICC H2.
5. Select Administration -> LDAP -> LDAP Config in in the menu on the left -side side (items 1→2→3 in the figure below).
6. Check the connection by clicking Test Connection  (item 4 in the figure below).
   Figure. The "Test Connection" button.
   
7. If the connection is successful, the FIXICC H2 will show the following message:
   
   Figure. The successful LDAP connection.
   
   
8. Go to the LDAP Matching Rules page by clicking LDAP Matching Rules Rules.
9. Select the default rule in the table and click Edit or press Enter on your keyboard to keyboard to edit the default rule.
   Figure. The "LDAP Matching Rules" page.
   
10. Add the Role - system-full-access or your own role (in this case, the role's permissions must provide access to Allow all screens):
11. Click Add(see below):.
    Figure. The "Add" button for adding the permissions.
    
    
    
    
12. Select the Role in the table (item 1 in the figure above).
13. Confirm your choice by clicking Select (item 2 in the figure above).
14. Logout Log out by clicking the arrow at the bottom of the left-side menu (see below).
    
    Figure. The "Logout" button.
    
15. Login Log in with the user's data whose role was added to the LDAP Matching Rules.