Deploying FX Professional

This page provides an overview of the steps for deploying FX Professional.

Contents:

Requirements
Install Tomcat
Deploy the FX Professional WAR file
Deploy the Webcentric database
Configure the Keymaster servlet
Configure the SignOn servlet
Start Tomcat

Requirements

See FX Professional system requirements.

Install Tomcat

Download the latest version of Apache Tomcat 9 and extract the files to your desired directory.

For more information on installing Tomcat 9, see Tomcat Setup on the Tomcat website, and RUNNING.txt distributed with Tomcat.

Deploy the FX Professional WAR file

Follow the steps below:

Shut down Tomcat.
Delete all files and subdirectories in your <tomcat_root>/webapps directory.
Download the WAR file for your variant of FX Professional (varianttrader-version.war) from the Caplin Downloads website.
Copy the WAR file to your Tomcat webapps directory: <tomcat_root>/webapps.
Remove the version information from the file name of the WAR file. For example, varianttrader-3.31.0-12345.war becomes varianttrader.war:

Create a web application context file <tomcat_root>/conf/Catalina/localhost/varianttrader.xml with the following content:

<?xml version='1.0' encoding='utf-8'?>

<Context>

  <!-- Default set of monitored resources -->
  <WatchedResource>WEB-INF/web.xml</WatchedResource>

  <!-- Map URI '/resources' to directory '../conf/resources' -->
  <Resources>
    <PostResources className="org.apache.catalina.webresources.DirResourceSet"
    base="../conf/resources" webAppMount="/resources" />
  </Resources>

  <!-- Core JNDI configuration -->
  <Environment name="LIBERATOR.DOMAIN" value="example.com" (1)
    type="java.lang.String" override="false" />
  <Environment name="LIBERATOR.PRIMARY.ADDRESS" value="lib1.example.com" (2)
    type="java.lang.String" override="false" />
  <Environment name="LIBERATOR.PRIMARY.PORT" value="80"
    type="java.lang.String" override="false" />
  <Environment name="LIBERATOR.PRIMARY.HTTPS.PORT" value="443"
    type="java.lang.String" override="false" />
  <Environment name="LIBERATOR.SECONDARY.ADDRESS" value="lib2.example.com" (3)
    type="java.lang.String" override="false" />
  <Environment name="LIBERATOR.SECONDARY.PORT" value="80"
    type="java.lang.String" override="false" />
  <Environment name="LIBERATOR.SECONDARY.HTTPS.PORT" value="443"
    type="java.lang.String" override="false" />
  <Environment name="CAPLIN.DEV.MODE" value="false" (4)
    type="java.lang.String" override="false" />
  <Environment name="CAPLIN.LOGIN.ENABLED" value="true" (5)
    type="java.lang.String" override="false" />

</Context>

1	Set `LIBERATOR.DOMAIN` to your domain
2	Set `LIBERATOR.PRIMARY.ADDRESS` to the hostname of your primary Liberator
3	Set `LIBERATOR.SECONDARY.ADDRESS` to the hostname of your secondary Liberator
4	Set `CAPLIN.DEV.MODE` to `false` in production deployments
5	Set `CAPLIN.LOGIN.ENABLED` to `true` to use FX Professional’s built-in login page For more information on FX Professional’s JNDI environment entries, see FX Professional JNDI configuration.

Review FX Professional’s default HTTP headers configured in the WAR file’s web.xml file. For recommended headers, see Recommended HTTP headers. For instructions on how to override the default HTTP headers, see Setting HTTP headers.
To view the default HTTP headers set in the web.xml file, use the following command:

$ unzip -p varianttrader-version.war WEB-INF/web.xml | less
Create a new folder <tomcat_root>/conf/resources/.
If you have licensed FX Professional’s Trade Confirmations feature, then add your TermsAndConditions.locale.txt files to the <tomcat_root>/conf/resources/ folder.
If you have licensed FX Professional’s Money Markets feature, then add your MMTermsAndConfitions.locale.txt files to the <tomcat_root>/conf/resources/ folder.

Deploy the Webcentric database

The Webcentric database is used by the Webcentric servlet to persist users' customisations to FX Professional’s layout.

Production deployments

For production deployments, Caplin provide schemas for a variety of database servers. Please speak to your Caplin account manager.

Follow the steps below:

Deploy the Webcentric schema to your production database server.
Add a <Resource…/> tag for your Webcentric database to the <tomcat_root>/conf/Catalina/localhost/varianttrader.xml file.
Example: a MySQL database called 'webcentric' on host db.example.com
```
<Resource name="jdbc/mysqldb"
    auth="Container"
    type="java.sql.DataSource"
    username="webcentric_servlet"
    password="JP9DGnKUgn58FXhX"
    driverClassName="com.mysql.jdbc.Driver"
    url="jdbc:mysql://db.example.com:3306/webcentric"/>
```
The values for tag attributes username, password, driverClassName, and url are under your control. Change them to values appropriate to your Webcentric database deployment.
Schedule regular backups of the Webcentric database.

Development deployments

For development deployments, Caplin provide an example H2 database, packaged as webcentric-db-version.zip.

Follow the steps below:

Extract webcentric-db-version.zip to your Tomcat root directory.

Add a <Resource…/> tag for the H2 database to the <tomcat_root>/conf/Catalina/localhost/varianttrader.xml file:

<Resource name="jdbc/webcentricdb"
    auth="Container"
    type="javax.sql.DataSource"
    username="sa"
    password=""
    driverClassName="org.h2.Driver"
    url="jdbc:h2:../webcentric-db/varianttrader/varianttrader;IFEXISTS=TRUE;AUTO_SERVER=TRUE"/>

Configure the Keymaster servlet

Follow the steps below to configure the Keymaster servlet:

Generate a new key pair for the web application’s Keymaster servlet:

#!/bin/bash

# PKCS1 private key. Compatible with KeyMaster.NET.
openssl genrsa -out privatekey_pkcs1.pem 2048

# Convert PKCS1 private key to PKCS8. Compatible with KeyMaster Java.
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in privatekey_pkcs1.pem -out privatekey.pem

# Export public key. Compatible with Caplin Liberator.
openssl rsa -pubout -outform DER -in privatekey_pkcs1.pem -out keymaster_public.der

Copy the file privatekey.pem to <tomcat_root>/conf/keymaster/.

Set the location of the private key in the <tomcat_root>/conf/Catalina/localhost/varianttrader.xml file:

<!-- KeyMaster servlet configuration -->
<Environment name="caplin.keymaster.privatekey.filename"
    value="../../conf/keymaster/privatekey.pem"
    type="java.lang.String" override="false" />

Copy the file keymaster_public.der to the Deployment Framework directory global-config/ssl on all Liberator hosts.

Configure the SignOn servlet

If your deployment uses FX Professional’s built-in sign in page (see CAPLIN.LOGIN.ENABLED in FX Professional’s JNDI configuration), follow the steps below:

Generate a new key pair for the SignOn servlet.

#!/bin/bash

# PKCS1 private key.
openssl genrsa -out privatekey_pkcs1.pem 2048

# Convert PKCS1 private key to PKCS8.
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in privatekey_pkcs1.pem -out privateSignonKey.pem

# Export public key.
openssl rsa -pubout -outform PEM -in privateSignonKey.pem -pubout -out publicSignonKey.pem

Copy both privateSignonKey.pem and publicSignonKey.pem to <tomcat_root>/conf/signon/.

Set the location of the new keys in the <tomcat_root>/conf/Catalina/localhost/varianttrader.xml file:

<Environment
    name="caplin.signon.privatekey.filename"
    value="../../conf/signon/privateSignonKey.pem"
    type="java.lang.String"
    override="false"/>
<Environment
    name="caplin.signon.publickey.filename"
    value="../../conf/signon/publicSignonKey.pem"
    type="java.lang.String"
    override="false"/>

Start Tomcat

If you start Tomcat manually, run the command below from Tomcat’s bin directory:

$ ./startup.sh

If you start Tomcat as a service, follow instructions in RUNNING.txt.

You can now access FX Professional on http://tomcat_host:tomcat_port/varianttrader.