Create SSL sites in Apache on Windows with OpenSSL

To get a secure SSL site up and running on Apache under Windows, there are a few hoops to jump through that are not very intuitive.  To that end, I am going to document my approach to setting up SSL using OpenSSL.  This approach assumes that you already have Apache up and running on your machine, so if you have not done that, head over to the HTTPD download page and set that up before continuing.

  • Setting up OpenSSL
    First we need to get OpenSSL setup on our system, which is not included with the Apache Windows binaries.  In fact the OpenSSL project doesn’t even provide the binaries themselves, but you can find them at Shining Light Productions.  For this example, I will be choosing the Win32 OpenSSL v0.9.8k Light version.  If you see a message like the one below, you will need to install the Microsoft Visual C++ 2008 Redistributable Package and then attempt the OpenSSL installation again.

    Once you have it installed, you can do a quick test to make sure that it is set up properly:

  • Creating Certificates
    Next, we will use the OpenSSL terminal interface to create our self-signed certificates.  To explain a bit about what is going on below, I have a site already existing on my system that can be reached at http://scribble.  What we are doing is creating a secure subdomain of https://secure.scribble.   Typically when I create certificates, I name the files with the host/domain obvious so that they can be easily identified later.  Obviously you will want to replace the domain name to match your setup, but type the following in the terminal in the OpenSSL/bin directory:

    openssl req -new -out secure.scribble.csr -keyout secure.scribble.pem

    That will generate what you see below.

    You may notice that I left a lot of the prompts blank.  Considering this is a dummy certificate in a development environment, that approach makes sense.  You may choose to be more explicit based on your needs.

    If we were to use this key as it is, we would be prompted for the password every time that Apache starts.  Since that is less than ideal, we will now generate a non-protected key from the one we created in the previous step by typing the following:

    openssl rsa -in secure.scribble.pem -out secure.scribble.key

    You can see that I was prompted for a pass phrase.  This is the same password that you created when we generated the certificate above.

    Now we need to need to build the certificate that we will actually import into Apache.  You can do so by typing:

    openssl x509 -in secure.scribble.csr -out secure.scribble.cert -req -signkey secure.scribble.key -days 1000

    This will result in the following output:

    You can see that we now have a .cert, .csr, .key, and .pem file for our domain.  We will use a combination of the .key and the .cert

  • Configuring Apache
    Now we need to make sure that your Apache server is ready to serve SSL requests.

    First, let’s put the .key and .cert files that we created above into a directory under Apache.  In your “conf” directory, create a subdirectory named “ssl” and move secure.scribble.key and secure.scribble.cert into that new directory.

    Next we need to make sure that the mod_ssl module is enabled.  Open up the httpd.conf file for your Apache webserver.  Search for “mod_ssl” and you should find a line that looks like this:

    Yours will likely be commented out with a ‘#’ sign in front of the line.  You will want to delete that ‘#’ so that it looks like the highlighted line above.

    Next you will need to make sure that you have uncommented the line that includes the httpd-ssl.conf file like you see below:

    The last thing we need to do is configure our site.  Open up the conf/extra/httpd-ssl.conf file in an editor.  You will see that there is an amazingly huge and complex site definition in there already that starts with and ends about 150 lines later with .  We need to disable this site.  If you are feeling bold, you can simply delete it.  However, I take the approach of commenting it out entirely so that I still have it as a reference, which is my recommendation as well.   Starting with the line , put a ‘#’ at the start of every line that doesn’t already have one and continue until you comment out the line.

    Now it is finally time for us to create the site definition for our https://secure.scribble site.  We will use some of the concepts in the example, but eliminate most of them.  Here is what mine looks like after paring down all the excess:

    <VirtualHost *:443>
    DocumentRoot "C:/www/scribble"
    ServerName secure.scribble:443
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile conf/ssl/secure.scribble.cert
    SSLCertificateKeyFile conf/ssl/secure.scribble.key
    </VirtualHost>

    In that code you can see where we are pointing to the .key and .cert files that we created above.

    Now, restart your Apache server and you are now serving up securely!

Setting up Apache, OpenBD, Railo and ColdFusion – Part 3 – Installing ColdFusion and customizing the connector

This is the third part in a series of posts on setting up ColdFusion, OpenBlueDragon, and Railo all on the same machine using Apache webserver to listen for all requests and direct traffic.  Part 2 can be found here.  You will find links to all parts of this series at the bottom under “Related Content”

With that said, this part in the series focuses on installing ColdFusion and configuring the webserver adapter in such a way that only specific Virtual Hosts will be set up to pass requests to the ColdFusion server. First we want to start by creating a localhost site that is specific to ColdFusion 8 in Apache.  I tend to keep all my sites under /www which is actually symlinked to a ‘www’ in my home directory. I find a few benefits in this.  First, I usually keep my home partition in shape and carry it around with me from distro to distro, so I always have my sites in tact with me.  Secondly since it is a symlink to my home and not in a system folder I don’t need special permissions to write in it.  I will be following along this path, but if you keep your sites elsewhere, then you can adjust as necessary.

$ mkdir /www/localhost.cf8

Now, we will want to create an Apache virtual host definition for this site.  To do so, create a new configuration file like this:

$ sudo gedit /etc/apache2/sites-available/localhost.cf8

Paste the the following, then save and close.

<VirtualHost *>
	ServerName localhost.cf8

	<Directory /www/localhost.cf8/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	DocumentRoot /www/localhost.cf8
</VirtualHost>

Now we need to make sure that file is included when Apache starts, so run the following command which will make a symlink to the sites-enabled directory.

$  sudo a2ensite localhost.cf8
Site localhost.cf8 installed; run /etc/init.d/apache2 reload to enable.

As you can see from the localhost.cf8 configuration file, we are expecting our ServerName to be localhost.cf8, so we now need to add that entry to our hosts file.

$ sudo gedit /etc/hosts

Append “localhost.cf8″ (with no quotes!) to the line that begins with 127.0.0.1.  Save the file and close. At this point you should be able to restart Apache and hit that empty site in your browser like this: Now that we have a site ready, it is time for us to install ColdFusion.  Once you have downloaded the .bin installation file from Adobe, browse to that directory in a terminal window.  You may need to chmod the file to be executable, then launch it like this:

$ chmod +x coldfusion-801-lin.bin
 sudo ./coldfusion-801-lin.bin

Choose 1 for English.  After the welcome screen, hit enter to continue.  Next type “Y” and hit enter to agree to the terms and conditions. We are now faced with the installation type prompt. For this example of setting up a development environment, we will choose option 3 “Developer Edition” For our purposes we are going to choose the “Server configuration” option.  However, it should be noted that you could quite easily choole the J2EE WAR file option and install into Tomcat as we did with OpenBlueDragon in Part 2 of thise series. Since we are installing from scratch, we will choose “No” (2) on the next option which is asking if there is an existing version of ColdFusion 8 installed on this machine. For this installation we do not want any of the extra options to install such as Documentation, LiveCycle, Search Services, nor do we want to start on system init since this is on my laptop and I may not always want ColdFusion to start at boot.  So we will uncheck all options like you see in this image and continue. We are going to accept the default installation path of /opt/coldfusion8 Again, since this is a fresh installation, we are going to say “No” (2) to the prompt asking if there are earlier versions of ColdFusion on this computer. Now we start to work our way into the webserver configuration which will tie ColdFusion into Apache.  To start, choose “Add Web Server Configuration” (1) when prompted, then choose “Apache” (1).  In the following prompt asking for the Apache directory that contains your http.conf file, enter /etc/apache2 as you see in the picture below: For the location of the Apache program binary file, enter /usr/sbin/apache2.  For the Start/Stop script, enter /etc/init.d/apache2.  You will see both of these choices here: We now return to the first webserver configuration menu and this time choose “Continue with installation” (4). Then we will need to enter the location of the webroot.  We are going to enter the directory of our new site /www/localhost.cf8 that we created above as you can see in the picture below.  We will also be asked which user we would like ColdFusion to run as.  I typically like to use my own user account for this so I don’t end up with permissions issues where I have difficulty accessing files generated by ColdFusion Now enter your admin password, and if you choose to user RDS, enter the  password for it as well. It will now show you the general options you have selected and you will hit enter to start the actual installation.  Once it completes and prompts you to “Press Enter to exit the installer”, do so and then start the server with this:

$ sudo /opt/coldfusion8/bin/coldfusion start

During this stage you should see messages that it is configuring the webserver successfully, assuming we entered everything properly above.  Once you are returned to a prompt, it is time to go customize the Apache connector stuff just a bit.  open the httpd.conf file like this:

$ sudo gedit /etc/apache2/httpd.conf

In that you will find the connector stuff that ColdFusion added starting with a line: #JRun Settings. Before we take the next steps, let me explain a bit what we are going to do.  We are going to seperate this into two pieces: the module loader, and the actual connector declaration.  As it stands right now, and request coming through the webserver would be handled by ColdFusion and we don’t really want that.  To make it more granular, we are going to create an include file that can be added to any site that will add the connector only to that particular site.  With that said, let’s walk through it.   *Cut* (not copy!) these two lines of that connector info:

# JRun Settings
LoadModule jrun_module /opt/coldfusion8/runtime/lib/wsconfig/1/mod_jrun22.so

Now we are going to paste those into a new file that will go in our mods-available directory.  Click on the “New” button in gedit and paste that text in.  Now save that file as  /etc/apache2/mods-available/cf8.load. Now *cut* (not copy!) the remainder of the connector out that looks like this:

<IfModule mod_jrun22.c>
    JRunConfig Verbose false
    JRunConfig Apialloc false
    JRunConfig Ignoresuffixmap false
    JRunConfig Serverstore /opt/coldfusion8/runtime/lib/wsconfig/1/jrunserver.store
    JRunConfig Bootstrap 127.0.0.1:51801
    #JRunConfig Errorurl url <optionally redirect to this URL on errors>
    #JRunConfig ProxyRetryInterval 600 <number of seconds to wait before trying to reconnect to unreachable clustered server>
    #JRunConfig ConnectTimeout 15 <number of seconds to wait on a socket connect to a jrun server>
    #JRunConfig RecvTimeout 300 <number of seconds to wait on a socket receive to a jrun server>
    #JRunConfig SendTimeout 15 <number of seconds to wait on a socket send to a jrun server>
    AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr .cfswf
</IfModule>

Create a new file named /etc/apache2/cf8connector. Pasted that text in and save the file. Lastly, you may not have this issue, but I found that the DirectoryIndex attribute of Apache was not adding index.cfm to the list of default files. Due to this I actually added it to my httpd.conf. After all of the steps above, my httpd.conf file only has a single line:

DirectoryIndex index.cfm

Now… it is time to do just a little more Apache config and we are ready to go!  Rember that cf8.load mod file we created earlier?  Let’s turn that on:

$ sudo a2enmod cf8

Now, let’s to add an include call to our localhost.cf8 virtual host configuration.  Open up /etc/apache2/sites-available/localhost.cf8 and add the “Include c8connector” line that you see below:

<VirtualHost *>
        ServerName localhost.cf8

        <Directory /www/localhost.cf8/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        DocumentRoot /www/localhost.cf8
        Include cf8connector
</VirtualHost>

Once you have saved that file, it is time to restart Apache and test out all of our hard work!

$ sudo /etc/init.d/apache2 restart

Now, using your browser, go to http://localhost.cf8/CFIDE/administrator/ and you will see the following: Now… if you are following along from earlier in this series, you should now be able to successfully connect to OpenBD at http://localhost.bd and ColdFusion 8 at http://localhost.cf8 On the next part of this series, we will bring Railo into the mix and finally have all three running on our system.

Setting up Apache, OpenBD, Railo and ColdFusion – Part 2 – Installing Tomcat/Apache/OpenBD

This is the second part in a series of posts on setting up ColdFusion, OpenBlueDragon, and Railo all on the same machine using Apache webserver to listen for all requests and direct traffic.  Part 1 can be found here

Remember, the steps below have some commands specific to Linux, and more specifically to Debian/Ubuntu, but the concepts in general should have at least some similarites across any supported platform, especially you Mac folks.

To start out, we need to make sure that we have the Apache webserver installed with optional “dev” package.  Additionally, later on we will need to be compiling, so let’s make sure that you have the build-essential package as well

$sudo apt-get install apache2 apache2-threaded-dev build-essential

Next I installed the Sun Java 6 JDK

$sudo apt-get install sun-java6-jdk

Next you want to go download Tomcat.  I chose to use Tomcat 6, specifically v. 6.0.18, which the current release as of this posting.  Now, using a terminal cd into the directory where you saved the dowloaded file and do the following:

$ sudo cp apache-tomcat-6.0.18.tar.gz /opt/
$ cd /opt
$ sudo tar xvzf apache-tomcat-6.0.18.tar.gz
$ sudo mv apache-tomcat-6.0.18 tomcat6
$ sudo rm apache-tomcat-6.0.18.tar.gz

Next we will need to edit the Tomcat startup script, but to do so, we need to go get a little information first.  We need to ensure that we know what the current Java home is on your machine.  There are surely easier ways of accomplishing this, but here is the series of steps I took.

~$ which java
/usr/bin/java
$ ls -l /usr/bin/java
lrwxrwxrwx 1 root root 22 2009-01-30 23:00 /usr/bin/java -> /etc/alternatives/java
$ ls -l /etc/alternatives/java[return] lrwxrwxrwx 1 root root 36 2009-01-30 23:00 /etc/alternatives/java -> /usr/lib/jvm/java-6-sun/jre/bin/java 

From that last line I can see that the default Java lives at /usr/lib/jvm/java-6-sun/ (which too is a sym link, but that’s ok!). Now that we have our Java home we can edit the Tomcat startup script

$sudo gedit /opt/tomcat6/bin/catalina.sh

Paste the following lines in just after the big comment block at the top. Make sure that if your Java path looked different than mine did, you will want to adjust accordingly.

JAVA_HOME=/usr/lib/jvm/java-6-sun
JRE_HOME=/usr/lib/jvm/java-6-sun/jre
JAVA_OPTS="-server -Xms1024M -Xmx1024M -XX:PermSize=256m -XX:MaxPermSize=256m 
    -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 
    -Djavax.xml.transform.TransformerFactory=org.apache.xalan.processor.TransformerFactoryImpl" 	

Now we want to download the Apache Tomcat connector source so that we can pass requests from Apache webserver to Tomcat. This is the one I grabbed: http://apache.org/dist/tomcat/tomcat-connectors/jk/source/ Next you will want to browse to the directory that you downloaded that file into using in the terminal. Next run:

$ tar xvzf tomcat-connectors-current-src.tar.gz
$ cd tomcat-connectors-1.2.27-src/native
$ ./configure --with-apxs=/usr/bin/apxs2
$ make
$ sudo make install

Now we will need to create a jk mod file to be included by Apache so that it loads the adapter when Apache starts. In your terminal cd to /etc/apache2/mods-available. In this directory we will create a file named jk.load.

$sudo gedit jk.load

In that file pasted the following, then save and exit:

LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
JkWorkersFile /etc/apache2/workers.properties
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile     /var/log/apache2/mod_jk.shm
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
JkLogFile     /var/log/apache2/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel    info
# Select the timestamp log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Now we want to create a symbolic link to this file in /etc/apache2/mods-enabled so that it is loaded when Apache starts.

$ cd /etc/apache2/mods-enabled
$ sudo ln -s ../mods-available/jk.load ./jk.load 

Next we want to create a virtual host in Apache to catch the requests. We are going to create a new file in the sites-available directory.

$ cd /etc/apache2/sites-available
$ sudo gedit localhost.bd 

In that file, paste the following, save, and exit:

<VirtualHost *>
	ServerName localhost.bd
	JKMount /* worker1
</VirtualHost>

Now we need to create a symbolic link to that file from sites-enabled so that it is available when apache2 starts.

$ cd /etc/apache2/sites-enabled
$ sudo ln -s ../sites-available/localhost.bd ./001-localhost.bd

Next we want to make sure that we can get to that site in a browser, so we are going to add ‘localhost.bd’ to our hosts file. Open up /etc/hosts, and append ‘localhost.bd’ (without quotes!) to the line that begins with 127.0.0.1. Now we need to define that “worker1″ that we just referenced above in the VirtualHost definition. We will do that by creating a workers.properties file in our apache2 directory.

$ cd /etc/apache2
$ sudo gedit workers.properties

Insert the following. Then save and exit:

# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost.bd
worker.worker1.port=8009  

Next we want to create a webapp in Tomcat for Apache to send to.

sudo gedit /opt/tomcat6/conf/server.xml

In that config, we need to define the localhost.bd site, or ‘webapp’. Add the following:

<Host name="localhost.bd"  appBase="webapps"
      unpackWARs="true" autoDeploy="true"
      xmlValidation="true" xmlNamespaceAware="false">
	<Context path="" docBase="localhost.bd/" reloadable="true" privileged="true" antiResourceLocking="false" anitJARLocking="false">
	</Context>
</Host>

Now we need to create the local.bd directory under Tomcat. Note: as you get more comfortable and adventurous, you may want this to be a symbolic link to another place on your machine where your source resides, but for now we are keeping it as simple as we can. Once the directory is created, we will download the OpenBlueDragon war file and extract it.

$ sudo mkdir /opt/tomcat6/webapps/localhost.bd
$ cd /opt/tomcat6/webapps/localhost.bd
$ sudo wget http://openbd.viviotech.net/downloader.cfm/id/64/file/openbd.war
$ sudo jar xvf openbd.war 

And with that step, and after restarting Apache, and starting Tomcat, OpenBlueDragon will now be available.

$ sudo /etc/init.d/apache2 restart
$ /opt/tomcat6/bin/catalina.sh start

Open up your browser and go to: http://localhost.bd/bluedragon/administrator

You should be created with your OpenBD admin page like this:

Setting up Apache, OpenBD, Railo, and ColdFusion – Part 1

This is Part 1 of a muilt-part blog post demonstrating how run OpenBlueDragon, Railo, and ColdFusion all on the same machine, and all using the Apache webserver with individual Virtual hosts using different CFML engines.  But, before we get into it, here is a little background.

For the past several months now I have stepped over to Windows on my laptop after years of not using it regularly.  It was actually the first time I had actually used Vista, actually and was quite an interesting experience.  First, as much as I love the Linux environment, I really expected to loathe being in Windows daily.  I was surprised at how much Vista *didn’t* suck.  With all the raging passion against it in general I suppose that I had low expectations, but nevertheless I really thought it was pretty decent in general.  However it has a more sluggish, constricting feel to it in comparison to Linux, so I have decided I have paid my dues and it is time to go back to using an OS that is truly fun to use, rather than one that just wasn’t as crappy as I thought it would be.

After lots of experimentation with various flavors, hands-down Ubuntu is the most painless and most comfortable Linux distros for me personally.  My reasoning for that is vast and probably belongs in another blog entry, so I will attempt to keep from straying any further off the topic!  That said, last night I decided to try gOS which is a really neat distro built off of Ubuntu.  Although the UI is Gnome based, it has more of a Max 10.5.x feel to it.  I think Mac folks would feel right at home taking this environment for a spin.

Immediately after the first boot of my shiny new OS I started trying to put my development environment back together.  I decided that I wanted to have ColdFusion, Railo, and OpenBD all on from the beginning, with all requests first passing through Apache httpd.  Quite some time ago, Aaron Lynch put together some steps to install Smith Project w/Tomcat/Apache, which we have used several times since, primarily setting up Railo. I am not sure I ever would have waded my way through it without his early experimentation and documentation.  On this iteration, I loosely followed those instructions, opting for several packages from the repos, and updated versions of software, and have documented my steps as the are somewhat different in areas. For my current environment, I first installed OpenBD.  I then followed this by installing ColdFusion and setting it up to user the default JRUN connector that is set up during the installation.  Lastly, I installed Railo as another webapp in Tomcat and tied that into Apache as well.

In the following posts, you will see these steps in detail.

Setting up Apache, OpenBD, Railo and ColdFusion – Part 4 – Installing Railo under Tomcat with Apache webserver

This is Part 4 in an ongoing series demonstrating how to install OpenBlueDragon, ColdFusion, and Railo concurrently with all requests passing through the Apache webserver.  You will find links to all parts of this series at the bottom under “Related Content”

In this post we will be building upon our existing environment in which we installed Apache webserver, Tomcat 6, OpenBlueDragon, and ColdFusion, by adding Railo to the mix.  If you have been following along thus far, we are well past the hard stuff at this point.  To install Railo, which is deployed as a java war file, we are going to repeat and slightly modify many of the steps that we took at the end of Part 2 when we installed OpenBD as a Tomcat web application.

Let’s start by setting up our hosts entry so that our new site resolves to localhost.railo, and set up the Apache webserver to listen for the request.  Open up /etc/hosts, and append ‘localhost.railo’ (without quotes!) to the line that begins with 127.0.0.1.   Next we want to create a new virtual host file for the site under Apache.  Do so like this:

$ cd /etc/apache2/sites-available
 sudo gedit localhost.railo

Paste the following into that new file and save it.

<VirtualHost *>
	ServerName localhost.railo
	JKMount /* worker1
</VirtualHost>

As we learned in Part 2, the line “JKMount /* worker1″ is instructing apache to pass everything to the worker we defined in /etc/apache2/workers.properties.  That worker will then pass the request on to Tomcat port 8009, under which our application actually resides.

Now that we have defined this site, we want to make sure that it gets included on our next Apache restart.  We do this by running the following:

$ sudo a2ensite localhost.railo
Site localhost.railo installed; run /etc/init.d/apache2 reload to enable.

At this point, we need to make sure there is a an application set up in Tomcat to receive our request.  First, let’s start by downloadingthe free Railo Server from their download page.  Look toward the bottom of the page and download  “Railo Custom” and download railo-3.0.2.001.war. (or newer version if it is there).  Once we have the file downloaded, we will create a new directory for our application under Tomcat.  We will then copy the Railo war file into it from our download directory.  When we have the war file under /opt/tomcat6/webappas/localhost.railo/ we will extract it, and then safely delete the war file itself.  These steps can be seen here:

$ sudo /opt/tomcat6/webapps/localhost.railo
 sudo cp railo-3.0.2.001.war /opt/tomcat6/webapps/localhost.railo/
 cd /opt/tomcat6/webapps/localhost.railo
 sudo jar xvf railo-3.0.2.001.war
 sudo rm railo-3.0.2.001.war

Since we now have the application in place, it is time to modify the Tomcat server config so that it knows to send the appropriate requests to it.  Do the following:

$ sudo gedit /opt/tomcat6/conf/server.xml

Look for the section that we added previously for our OpenBlueDragon localhost site “localhost.bd”.  We are going to copy that section, modifying the “name” and “docBase” attributes to match our new application and paste it just below the localhost.bd site.  When you are done they should look like this:

<Host name="localhost.bd"  appBase="webapps" unpackWARs="true"
	autoDeploy="true" xmlValidation="true" xmlNamespaceAware="false">
	<Context path="" docBase="localhost.bd/" reloadable="true" privileged="true" antiResourceLocking="false" anitJARLocking="false" />
</Host>

<Host name="localhost.railo"  appBase="webapps"  unpackWARs="true"
	autoDeploy="true" xmlValidation="true" xmlNamespaceAware="false">
	<Context path="" docBase="localhost.railo/" reloadable="true" privileged="true" antiResourceLocking="false" anitJARLocking="false" />
</Host>

With all that done, we are ready to restart (or start) Apache, Tomcat and our new Railo site will be available at http://localhost.railo

So with our original goal of being able to run the three CFML engines, it’s time to see how we did….
http://dl.getdropbox.com/u/101948/blog/movies/3-cfml-engines.swf

Aaron West’s entry on SES URLs with Apache mod_rewrite

Somehow I totally missed this entry when Aaron posted it until he mentioned it on the Mach-II email list today. He has written a really nice and very detailed blog entry on how to configure your application to use SES URLs with by using mod_rewrite in Apache, and then goes on to show how the flow continues to his Mach-II application. We took some similar approaches with the URLs you see here on InstantSpot.

For those wondering how all these pieces fit togther, I strongly recommend you check out his blog entry entitled: Using Apache’s mod_rewrite: SES URL’s and More.

Creating the equivalent of IIS Virtual Directories in Apache

I have to admit that I used to be guilty of laziness on one aspect when I began using Linux/Apache a couple of years ago as a convert from Windows. I didn’t immediately understand how to create the equivalent of virtual directories in Apache that are available in IIS. I soon found that I could just do symbolic links at the file level that would effectively give me the same effect at the broswer request level. However, one big negative is that there is a linked directory sitting there in the parent directory, which is a pain in the tail when it things like source control such as subversion comes into play. When I browse to a directory in a terminal or my IDE, I don’t necessarily want to see it either. The answer is to use the “Alias” directive in Apache.

Example:

As a ColdFusion developer, I like to have a CFIDE directory available in my webroot as I develop so that I can access the ColdFusion administrator. I keep my CFIDE directory in /usr/local/apache2/htdocs/CFIDE.

To make that available as a virtual directoy, I need to add the following to my Apache virtual host definition:

Alias /CFIDE /usr/local/apache2/htdocs/CFIDE
<Directory /usr/local/apache2/htdocs/CFIDE>
Order allow,deny
Allow from all
</Directory>

Just remember to remove that one before you put it in production!

Installing CFMX7 & Apache2.2.2 on Ubuntu 6.06

One week into being an Ubuntu convert and I still have ZERO complaints.  This distro of Linux is so comfortable to use that not once in the past week have I thought “Man, if I was just using Windows!”.   This weekend, I setup CFMX7 Developer edition with Apache 2.2.2 which just became officially supported by Adobe a couple of weeks ago.

There were a few tricks to setting up ColdFusion with Apache though so I thought I might write about it to save someone else a few minutes if they follow the same path.

***DISCLAIMER*** I am not a long-time Linux guy.  I do not claim to be doing things the “right” way.  I realize there are likely other more efficient ways to achieve the things I am doing, but I don’t know about them! :)   That said…

  • Installing Apache 2.2.2 – One of the painless things about setting up new software in Ubunutu (and other Debian distros) is the apt-get command.  For intance if you want to install Apache, just open a command propmet and type in:

    >$ sudo apt-get install apache2

    Then in a few minutes you have an instance of Apache running.   ***HOWEVER***….. this is not what you want to do in this case.  By doing apt-get, you (read “I”) do not have the ability to recompile it to suit your needs.  I found that when I tried to use the ColdFusion connector tool, it failed due to the installation type of Apache that I had.  So, to remove this I did:

    >$ sudo apt-get remove apache2

    I then removed the startup scripts from /etc/init.d.  Once this was complete found that there were a few prerequisites I needed as I went through the Apache compile/install.

    1. Make sure you have GCC installed, which was not installed on my system.  To do this run:
      >$ sudo apt-get install gcc
    2. You also need a C compiler installed.  I am not sure this is the most efficient method, but what worked quite simply for me was to install Build Essential like this:
      >$ sudo apt-get install build-essential
    3. I also found that I needed ZLib installed.  I pulled down the source from the ZLib project page and did the following:
      • extract tar to a directory and terminal into it.
      • run >$ sudo ./configure
      • run >$ sudo make
      • run >$ sudo make install
    4. Once these prerequisite steps are taken, you are ready to install Apache.  Do the following:
      • Download the UNIX source here
      • Extract the tar file into a working directory and terminal into it.
      • run >$ sudo ./configure –prefix=/usr/local/apache2 –enable-mods-shared=all
      • run >$ sudo make
      • run >$ sudo make install

      You can start Apache now by running >$ sudo /usr/local/apache2/bin/apachectl start and test your installation by pulling up http://localhost/.

  • Installing ColdFusion MX7 – Now that Apache is intalled we can install ColdFusion.  Pull down the latest ColdFusion binary from www.adobe.com.  There is nothing exceptionally tricky during the installation process except for a couple of key points.
    • During the pre-installation checklist you may get a warning regarding a missing C++ compatability pack.  This is used for C++ custom tags, and I believe for Verity as well.  I disregarded this warning and moved on.  I did choose to install “Search Services” when prompted however, and will address that issue in the near future with a Verity project that I have on the horizon.  When I do that I will come back and update this post.
    • Another point to note is that I chose the multi-server installation.  I am not sure how the server configuration might differ from these steps.
    • Lastly, when you get to the point of choosing which webserver you would like to use, choose the internal webserver that ships with ColdFusion.
  • Once the installation is complete and you start the ColdFusion server by running:
    >$ sudo /opt/jrun4/bin/jrun start cfusion
    … and then testing your installation by going to http://localhost:8300/CFIDE/administrator/
  • Now it is time to connect ColdFusion to Apache.  You need to have the updated wsconfig.jar that was released in May 2006, and can be downloaded here.  Make a backup of /opt/jrun4/lib/wsconfig.jar ($> sudo mv wsconfig.jar wsconfig.jar.bak) and replace it with the wsconfig.jar in that zip file.
  • Stop and start the jrun process so that it picks up the new wsconfig.jar.
  • Now open the connecter by running: >$ sudo /opt/jrun4/bin/wsconfig.  Once it opens make the following changes:
    1. For “Web Server” choose Apache
    2. For configuration directory, choose: /usr/local/apache2/conf
    3. Check the box for “Configure webserver for ColdFusion MX applications”
    4. Click OK and accept the prompt to restart the webserver.
  • Copy the CFIDE directory into your webroot so that you have access to the ColdFusion administrator.  Run the following:
    >$ sudo cp -R /opt/jrun4/servers/cfusion/cfusion-ear/cfusion-war/CFIDE/ /usr/local/apache2/htdocs/

At this point you should be able to log into the ColdFusion administrator by going to:

http://localhost/CFIDE/administrator/index.cfm.

Have fun!

Strange issue with suspected latency… anyone???

I have several applications on a server that is exhibiting a long string of oddball behavior that is often unreproducible on other machines.   I have exhausted all that I know to search for on the current issue and thought I would post it here in case anyone happened to have some thoughts about it.

This server (Windows 2003/IIS/CFMX6.1) has been running somewhat normally for a year or so with the code that is on it.  Lately however, when many pages load, they behave as though they are missing some of the HTML or Javascript.  Javascript-dependent menus fail, or sometimes no text at all will be displayed on the screen.  If you view the source, all the code is there.  If you copy that source into a new template and run it, it works fine.  It is almost like the browser is just receiving instructions in the wrong order or something and doesn’t know what to do.  This problem is completely reproducible on the pages that it happens on, but only on that server.  This problem also only happens with Internet Explorer.

My thoughts are that it can’t have anything to do with ColdFusion.  I base this on the fact that the HTML is clearly being written.  It seems to me that it has to be something going on with IIS and how it is delivering the content to the browser.

If anyone has any experience with similar problems, I would love to hear some opinions.

EDIT:
After taking this server offline and bringing it back to the office from the colocation facility, we found that the problem lied with IIS.  We backed up the sites, removed IIS and reinstalled it and it magically worked again.   I will refrain from using the opportunity to express how this has never happened to me using Apache… oh ummm… well, I guess I just did.