/
FIXEdge Java 1.11.0 and Later with FIXICC H2: Deployment Guide

FIXEdge Java 1.11.0 and Later with FIXICC H2: Deployment Guide

Dec 09, 2025

PostgreSQL installation and configuration

NOTE!

- in case you already have postgres setup in your network, you can skip this part

- installation should be performed under the root user.

  1. To install PostgreSQL

    1. On Centos: install postgresql-server from yum repository

      yum install postgresql postgresql-server

      The initialize a new PostgreSQL installation

      postgresql-setup initdb

    2. On Ubuntu: install postgresql-server from apt repository

      apt install postgresql postgresql-contrib

  2. By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network.

    To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf (on Centos) or /etc/postgresql/${PostgreSQLVersion}/main/pg_hba.conf (on Ubuntu, please replace ${PostgreSQLVersion} with actual version) and add the following lines:

    host    all     all     0.0.0.0/0       md5 host    all     all     ::0/0           md5

    It allows all users to connect from any host via TCP or SSL socket using hashed passwords.

    Remove lines that enable ident  connection to localhost:

    # IPv4 local connections: host    all             all             127.0.0.1/32         ident # IPv6 local connections: host    all             all             ::1/128              ident

    To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf (on Centos) or /etc/postgresql/${PostgreSQLVersion}/main/postgresql.conf (on Ubuntu, please replace ${PostgreSQLVersion} with actual version), replace line:

    # listen_addresses = 'localhost'

    with

    listen_addresses = '*'

  3. enable and start postgresql server

    systemctl enable --now postgresql systemctl status postgresql

Consul installation and configuration

  1. To install Consul on Centos, apply the following actions:

     - add HashiCorp repository:

        yum install -y yum-utils     yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

     -  install consul from yum repository

    yum -y install consul

    In order to install Consul on Ubuntu, follow the steps from https://learn.hashicorp.com/tutorials/consul/deployment-guide?in=consul/production-deploy#configure-consul-agents

  2. generate Consul CA and server certificate and private key

    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout consul.key -out consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul'

  3. configure consul as follows (/etc/consul.d/consul.json)

    {     "bind_addr": "{{GetInterfaceIP \"ens5\"}}",     "bootstrap": true,     "server": true,     "addresses": {         "https": "0.0.0.0"     },     "ports": {         "http": -1,         "https": 8501     },     "auto_encrypt": {         "allow_tls": true,         "tls": true     },     "client_addr": "0.0.0.0",     "ui": true,     "data_dir": "/var/lib/consul",     "log_level": "INFO",     "disable_update_check": true,     "disable_anonymous_signature": true,     "verify_server_hostname": false,     "cert_file": "/etc/consul.d/consul.crt",     "key_file": "/etc/consul.d/consul.key",     "auto_encrypt": {         "allow_tls": true     } }

  4. remove or backup /etc/consul.d/consul.hcl

  5. remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service

    ConditionFileNotEmpty=/etc/consul.d/consul.hcl

  6. change ownership and permissions for /var/lib/consul and /etc/consul.d directories

    chown -R consul:consul /var/lib/consul chmod -R 775 /var/lib/consul chown -R consul:consul /etc/consul.d

  7. enable and start consul server:

    systemctl enable --now consul systemctl start consul

  8. consul UI should be available on https://server_ip:8501/ui/

FIXICC-H2 installation and configuration

  1. download latest package from https://clientspace.b2bits.com/product-58 (e.g., fixicc-h2-21Q4.1-84.el7.x86_64.rpm or fixicc-h2-21Q4.1-84.el7.x86_64.deb)

  2. install rpm package fixicc-h2-21Q4.1-84.el7.x86_64.rpm on Centos
       

    rpm -i fixicc-h2-21Q4.1-84.el7.x86_64.rpm

    or install deb package on Ubuntu

    sudo dpkg -i fixicc-h2-21Q4.1-84.el7.x86_64.deb

  3. create a user and a database for FIXICC H2 in postgresql

    Postgres version <= 14

    CREATE USER <DBUSER> WITH CREATEDB PASSWORD '<DBPASSWORD>'; CREATE DATABASE <DBNAME>; GRANT ALL PRIVILEGES ON DATABASE <DBNAME> TO <DBUSER>;

    Postgres version >= 15

    CREATE USER <DBUSER> WITH CREATEDB PASSWORD '<DBPASSWORD>'; CREATE DATABASE <DBNAME>; GRANT ALL PRIVILEGES ON DATABASE <DBNAME> TO <DBUSER>; \connect <DBNAME> GRANT ALL ON SCHEMA public TO <DBUSER>;

  4. generate keystore for FIXICC-H2

    cd /etc/fixicc-h2/ keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore keystore.jks -storepass <STORE_PASSWORD> -keypass <KEY_PASSWORD> -ext 'SAN=IP:127.0.0.1'

  5. Edit /etc/fixicc-h2/local.app.properties and set properties as follows

    cuba.rest.anonymousEnabled = true cuba.anonymousLogin = anonymous cuba.dbmsType = postgres cuba.dataSourceProvider = application cuba.dataSource.username = <DBUSERNAME> cuba.dataSource.password = <DBPASSWORD> cuba.dataSource.dbName = <DBNAME> cuba.dataSource.host = 127.0.0.1 cuba.dataSource.port = 5432 fixicch2.consul.encrypted_connection = true fixicch2.consul.host = 127.0.0.1 fixicch2.consul.port = 8501 fixicch2.consul.insecure_connection_enabled = true fixicch2.fixServerType = all fixicch2.consul.check.tls_skip_verify=true fixicch2.secure_http_port = 8443 fixicch2.key_store_path = keystore.jks fixicch2.trust_store_path = keystore.jks fixicch2.prometheus.host = 127.0.0.1

  6. edit /usr/lib/systemd/system/fixicc-h2.service as follows

    [Unit] Description=FIXICC-H2 After=syslog.target network.target [Service] Type=simple User=<USER> Group=<GROUP> SuccessExitStatus=143 Environment=FIXICC_H2_KEY_STORE_PASSWORD=<PASSWORD> FIXICC_H2_KEY_MANAGER_PASSWORD=<PASSWORD> FIXICC_H2_TRUST_STORE_PASSWORD=<PASSWORD> ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/21Q4.1/app.jar' ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target

  7. enable and start fixicc-h2 server:

    systemctl enable --now fixicc-h2 systemctl start fixicc-h2

  8. FIXICC-H2 UI should be available on https://server_ip:8443/app/