JRun wsconfig error- Security alert: attempt to connect to JRun server from host

I was experimenting with the Railo 3.3 installer, which includes an IIS connector to Tomcat, which works really well.   Too well in fact!  When I ran it, it actually unmapped all my existing IIS ISAPI mappings to JRun and was sending all requests to Tomcat.

I decided the quickest fix to this would be to simply open up /JRun4/bin/wsconfig.exe and remap the sites that were no longer connected.  However, when I did this, I received the following error:

Could not connect to JRun/ColdFusion servers on host localhost.

Knowing perfectly well that I had an instance of JRun running, I went to the terminal to look at the standard out and saw this:

Security alert: attempt to connect to JRun server from a 10.252.11.207 host

In case that is too hard to read, it says: “Security alert: attempt to connect to JRun server from a 10.252.11.207 host”.   I suspect that because I am attached to a WIFI connection with an IP Address on 192.168.*, and then VPN’d into my company with a second address of 10.252.*, JRun assumes that the connection attempt is coming from outside the subnet.

I went digging through files in JRun4/lib and came across security.properties.  In this file, there is a default setting:

jrun.subnet.restriction=255.255.255.0
jrun.trusted.hosts=
jrun.subnet.restriction.ipv6=[ffff:ffff:ffff:ffff:0:0:0:0]

I altered that restriction  setting from “255.255.255.0″ to “*” like this:

jrun.subnet.restriction=*
jrun.trusted.hosts=
jrun.subnet.restriction.ipv6=[ffff:ffff:ffff:ffff:0:0:0:0]

Once I did this and restarted the server, I was able to use wsconfig without issue.  And my ACF sites are pointed to JRun, my Railo sites are pointed to Tomcat, and all is right in the world again.

NOTE: DO NOT DO THIS ON A PRODUCTION MACHINE!   If you do, I strongly recommend that it is a very temporary change.

Setting up Apache, OpenBD, Railo and ColdFusion – Part 3 – Installing ColdFusion and customizing the connector

This is the third part in a series of posts on setting up ColdFusion, OpenBlueDragon, and Railo all on the same machine using Apache webserver to listen for all requests and direct traffic.  Part 2 can be found here.  You will find links to all parts of this series at the bottom under “Related Content”

With that said, this part in the series focuses on installing ColdFusion and configuring the webserver adapter in such a way that only specific Virtual Hosts will be set up to pass requests to the ColdFusion server. First we want to start by creating a localhost site that is specific to ColdFusion 8 in Apache.  I tend to keep all my sites under /www which is actually symlinked to a ‘www’ in my home directory. I find a few benefits in this.  First, I usually keep my home partition in shape and carry it around with me from distro to distro, so I always have my sites in tact with me.  Secondly since it is a symlink to my home and not in a system folder I don’t need special permissions to write in it.  I will be following along this path, but if you keep your sites elsewhere, then you can adjust as necessary.

$ mkdir /www/localhost.cf8

Now, we will want to create an Apache virtual host definition for this site.  To do so, create a new configuration file like this:

$ sudo gedit /etc/apache2/sites-available/localhost.cf8

Paste the the following, then save and close.

<VirtualHost *>
	ServerName localhost.cf8

	<Directory /www/localhost.cf8/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	DocumentRoot /www/localhost.cf8
</VirtualHost>

Now we need to make sure that file is included when Apache starts, so run the following command which will make a symlink to the sites-enabled directory.

$  sudo a2ensite localhost.cf8
Site localhost.cf8 installed; run /etc/init.d/apache2 reload to enable.

As you can see from the localhost.cf8 configuration file, we are expecting our ServerName to be localhost.cf8, so we now need to add that entry to our hosts file.

$ sudo gedit /etc/hosts

Append “localhost.cf8″ (with no quotes!) to the line that begins with 127.0.0.1.  Save the file and close. At this point you should be able to restart Apache and hit that empty site in your browser like this: Now that we have a site ready, it is time for us to install ColdFusion.  Once you have downloaded the .bin installation file from Adobe, browse to that directory in a terminal window.  You may need to chmod the file to be executable, then launch it like this:

$ chmod +x coldfusion-801-lin.bin
 sudo ./coldfusion-801-lin.bin

Choose 1 for English.  After the welcome screen, hit enter to continue.  Next type “Y” and hit enter to agree to the terms and conditions. We are now faced with the installation type prompt. For this example of setting up a development environment, we will choose option 3 “Developer Edition” For our purposes we are going to choose the “Server configuration” option.  However, it should be noted that you could quite easily choole the J2EE WAR file option and install into Tomcat as we did with OpenBlueDragon in Part 2 of thise series. Since we are installing from scratch, we will choose “No” (2) on the next option which is asking if there is an existing version of ColdFusion 8 installed on this machine. For this installation we do not want any of the extra options to install such as Documentation, LiveCycle, Search Services, nor do we want to start on system init since this is on my laptop and I may not always want ColdFusion to start at boot.  So we will uncheck all options like you see in this image and continue. We are going to accept the default installation path of /opt/coldfusion8 Again, since this is a fresh installation, we are going to say “No” (2) to the prompt asking if there are earlier versions of ColdFusion on this computer. Now we start to work our way into the webserver configuration which will tie ColdFusion into Apache.  To start, choose “Add Web Server Configuration” (1) when prompted, then choose “Apache” (1).  In the following prompt asking for the Apache directory that contains your http.conf file, enter /etc/apache2 as you see in the picture below: For the location of the Apache program binary file, enter /usr/sbin/apache2.  For the Start/Stop script, enter /etc/init.d/apache2.  You will see both of these choices here: We now return to the first webserver configuration menu and this time choose “Continue with installation” (4). Then we will need to enter the location of the webroot.  We are going to enter the directory of our new site /www/localhost.cf8 that we created above as you can see in the picture below.  We will also be asked which user we would like ColdFusion to run as.  I typically like to use my own user account for this so I don’t end up with permissions issues where I have difficulty accessing files generated by ColdFusion Now enter your admin password, and if you choose to user RDS, enter the  password for it as well. It will now show you the general options you have selected and you will hit enter to start the actual installation.  Once it completes and prompts you to “Press Enter to exit the installer”, do so and then start the server with this:

$ sudo /opt/coldfusion8/bin/coldfusion start

During this stage you should see messages that it is configuring the webserver successfully, assuming we entered everything properly above.  Once you are returned to a prompt, it is time to go customize the Apache connector stuff just a bit.  open the httpd.conf file like this:

$ sudo gedit /etc/apache2/httpd.conf

In that you will find the connector stuff that ColdFusion added starting with a line: #JRun Settings. Before we take the next steps, let me explain a bit what we are going to do.  We are going to seperate this into two pieces: the module loader, and the actual connector declaration.  As it stands right now, and request coming through the webserver would be handled by ColdFusion and we don’t really want that.  To make it more granular, we are going to create an include file that can be added to any site that will add the connector only to that particular site.  With that said, let’s walk through it.   *Cut* (not copy!) these two lines of that connector info:

# JRun Settings
LoadModule jrun_module /opt/coldfusion8/runtime/lib/wsconfig/1/mod_jrun22.so

Now we are going to paste those into a new file that will go in our mods-available directory.  Click on the “New” button in gedit and paste that text in.  Now save that file as  /etc/apache2/mods-available/cf8.load. Now *cut* (not copy!) the remainder of the connector out that looks like this:

<IfModule mod_jrun22.c>
    JRunConfig Verbose false
    JRunConfig Apialloc false
    JRunConfig Ignoresuffixmap false
    JRunConfig Serverstore /opt/coldfusion8/runtime/lib/wsconfig/1/jrunserver.store
    JRunConfig Bootstrap 127.0.0.1:51801
    #JRunConfig Errorurl url <optionally redirect to this URL on errors>
    #JRunConfig ProxyRetryInterval 600 <number of seconds to wait before trying to reconnect to unreachable clustered server>
    #JRunConfig ConnectTimeout 15 <number of seconds to wait on a socket connect to a jrun server>
    #JRunConfig RecvTimeout 300 <number of seconds to wait on a socket receive to a jrun server>
    #JRunConfig SendTimeout 15 <number of seconds to wait on a socket send to a jrun server>
    AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr .cfswf
</IfModule>

Create a new file named /etc/apache2/cf8connector. Pasted that text in and save the file. Lastly, you may not have this issue, but I found that the DirectoryIndex attribute of Apache was not adding index.cfm to the list of default files. Due to this I actually added it to my httpd.conf. After all of the steps above, my httpd.conf file only has a single line:

DirectoryIndex index.cfm

Now… it is time to do just a little more Apache config and we are ready to go!  Rember that cf8.load mod file we created earlier?  Let’s turn that on:

$ sudo a2enmod cf8

Now, let’s to add an include call to our localhost.cf8 virtual host configuration.  Open up /etc/apache2/sites-available/localhost.cf8 and add the “Include c8connector” line that you see below:

<VirtualHost *>
        ServerName localhost.cf8

        <Directory /www/localhost.cf8/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        DocumentRoot /www/localhost.cf8
        Include cf8connector
</VirtualHost>

Once you have saved that file, it is time to restart Apache and test out all of our hard work!

$ sudo /etc/init.d/apache2 restart

Now, using your browser, go to http://localhost.cf8/CFIDE/administrator/ and you will see the following: Now… if you are following along from earlier in this series, you should now be able to successfully connect to OpenBD at http://localhost.bd and ColdFusion 8 at http://localhost.cf8 On the next part of this series, we will bring Railo into the mix and finally have all three running on our system.

Setting up Apache, OpenBD, Railo and ColdFusion – Part 2 – Installing Tomcat/Apache/OpenBD

This is the second part in a series of posts on setting up ColdFusion, OpenBlueDragon, and Railo all on the same machine using Apache webserver to listen for all requests and direct traffic.  Part 1 can be found here

Remember, the steps below have some commands specific to Linux, and more specifically to Debian/Ubuntu, but the concepts in general should have at least some similarites across any supported platform, especially you Mac folks.

To start out, we need to make sure that we have the Apache webserver installed with optional “dev” package.  Additionally, later on we will need to be compiling, so let’s make sure that you have the build-essential package as well

$sudo apt-get install apache2 apache2-threaded-dev build-essential

Next I installed the Sun Java 6 JDK

$sudo apt-get install sun-java6-jdk

Next you want to go download Tomcat.  I chose to use Tomcat 6, specifically v. 6.0.18, which the current release as of this posting.  Now, using a terminal cd into the directory where you saved the dowloaded file and do the following:

$ sudo cp apache-tomcat-6.0.18.tar.gz /opt/
$ cd /opt
$ sudo tar xvzf apache-tomcat-6.0.18.tar.gz
$ sudo mv apache-tomcat-6.0.18 tomcat6
$ sudo rm apache-tomcat-6.0.18.tar.gz

Next we will need to edit the Tomcat startup script, but to do so, we need to go get a little information first.  We need to ensure that we know what the current Java home is on your machine.  There are surely easier ways of accomplishing this, but here is the series of steps I took.

~$ which java
/usr/bin/java
$ ls -l /usr/bin/java
lrwxrwxrwx 1 root root 22 2009-01-30 23:00 /usr/bin/java -> /etc/alternatives/java
$ ls -l /etc/alternatives/java[return] lrwxrwxrwx 1 root root 36 2009-01-30 23:00 /etc/alternatives/java -> /usr/lib/jvm/java-6-sun/jre/bin/java 

From that last line I can see that the default Java lives at /usr/lib/jvm/java-6-sun/ (which too is a sym link, but that’s ok!). Now that we have our Java home we can edit the Tomcat startup script

$sudo gedit /opt/tomcat6/bin/catalina.sh

Paste the following lines in just after the big comment block at the top. Make sure that if your Java path looked different than mine did, you will want to adjust accordingly.

JAVA_HOME=/usr/lib/jvm/java-6-sun
JRE_HOME=/usr/lib/jvm/java-6-sun/jre
JAVA_OPTS="-server -Xms1024M -Xmx1024M -XX:PermSize=256m -XX:MaxPermSize=256m 
    -Duser.language=en -Duser.country=US -Dfile.encoding=UTF-8 
    -Djavax.xml.transform.TransformerFactory=org.apache.xalan.processor.TransformerFactoryImpl" 	

Now we want to download the Apache Tomcat connector source so that we can pass requests from Apache webserver to Tomcat. This is the one I grabbed: http://apache.org/dist/tomcat/tomcat-connectors/jk/source/ Next you will want to browse to the directory that you downloaded that file into using in the terminal. Next run:

$ tar xvzf tomcat-connectors-current-src.tar.gz
$ cd tomcat-connectors-1.2.27-src/native
$ ./configure --with-apxs=/usr/bin/apxs2
$ make
$ sudo make install

Now we will need to create a jk mod file to be included by Apache so that it loads the adapter when Apache starts. In your terminal cd to /etc/apache2/mods-available. In this directory we will create a file named jk.load.

$sudo gedit jk.load

In that file pasted the following, then save and exit:

LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
JkWorkersFile /etc/apache2/workers.properties
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile     /var/log/apache2/mod_jk.shm
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
JkLogFile     /var/log/apache2/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel    info
# Select the timestamp log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Now we want to create a symbolic link to this file in /etc/apache2/mods-enabled so that it is loaded when Apache starts.

$ cd /etc/apache2/mods-enabled
$ sudo ln -s ../mods-available/jk.load ./jk.load 

Next we want to create a virtual host in Apache to catch the requests. We are going to create a new file in the sites-available directory.

$ cd /etc/apache2/sites-available
$ sudo gedit localhost.bd 

In that file, paste the following, save, and exit:

<VirtualHost *>
	ServerName localhost.bd
	JKMount /* worker1
</VirtualHost>

Now we need to create a symbolic link to that file from sites-enabled so that it is available when apache2 starts.

$ cd /etc/apache2/sites-enabled
$ sudo ln -s ../sites-available/localhost.bd ./001-localhost.bd

Next we want to make sure that we can get to that site in a browser, so we are going to add ‘localhost.bd’ to our hosts file. Open up /etc/hosts, and append ‘localhost.bd’ (without quotes!) to the line that begins with 127.0.0.1. Now we need to define that “worker1″ that we just referenced above in the VirtualHost definition. We will do that by creating a workers.properties file in our apache2 directory.

$ cd /etc/apache2
$ sudo gedit workers.properties

Insert the following. Then save and exit:

# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost.bd
worker.worker1.port=8009  

Next we want to create a webapp in Tomcat for Apache to send to.

sudo gedit /opt/tomcat6/conf/server.xml

In that config, we need to define the localhost.bd site, or ‘webapp’. Add the following:

<Host name="localhost.bd"  appBase="webapps"
      unpackWARs="true" autoDeploy="true"
      xmlValidation="true" xmlNamespaceAware="false">
	<Context path="" docBase="localhost.bd/" reloadable="true" privileged="true" antiResourceLocking="false" anitJARLocking="false">
	</Context>
</Host>

Now we need to create the local.bd directory under Tomcat. Note: as you get more comfortable and adventurous, you may want this to be a symbolic link to another place on your machine where your source resides, but for now we are keeping it as simple as we can. Once the directory is created, we will download the OpenBlueDragon war file and extract it.

$ sudo mkdir /opt/tomcat6/webapps/localhost.bd
$ cd /opt/tomcat6/webapps/localhost.bd
$ sudo wget http://openbd.viviotech.net/downloader.cfm/id/64/file/openbd.war
$ sudo jar xvf openbd.war 

And with that step, and after restarting Apache, and starting Tomcat, OpenBlueDragon will now be available.

$ sudo /etc/init.d/apache2 restart
$ /opt/tomcat6/bin/catalina.sh start

Open up your browser and go to: http://localhost.bd/bluedragon/administrator

You should be created with your OpenBD admin page like this:

Setting up Apache, OpenBD, Railo, and ColdFusion – Part 1

This is Part 1 of a muilt-part blog post demonstrating how run OpenBlueDragon, Railo, and ColdFusion all on the same machine, and all using the Apache webserver with individual Virtual hosts using different CFML engines.  But, before we get into it, here is a little background.

For the past several months now I have stepped over to Windows on my laptop after years of not using it regularly.  It was actually the first time I had actually used Vista, actually and was quite an interesting experience.  First, as much as I love the Linux environment, I really expected to loathe being in Windows daily.  I was surprised at how much Vista *didn’t* suck.  With all the raging passion against it in general I suppose that I had low expectations, but nevertheless I really thought it was pretty decent in general.  However it has a more sluggish, constricting feel to it in comparison to Linux, so I have decided I have paid my dues and it is time to go back to using an OS that is truly fun to use, rather than one that just wasn’t as crappy as I thought it would be.

After lots of experimentation with various flavors, hands-down Ubuntu is the most painless and most comfortable Linux distros for me personally.  My reasoning for that is vast and probably belongs in another blog entry, so I will attempt to keep from straying any further off the topic!  That said, last night I decided to try gOS which is a really neat distro built off of Ubuntu.  Although the UI is Gnome based, it has more of a Max 10.5.x feel to it.  I think Mac folks would feel right at home taking this environment for a spin.

Immediately after the first boot of my shiny new OS I started trying to put my development environment back together.  I decided that I wanted to have ColdFusion, Railo, and OpenBD all on from the beginning, with all requests first passing through Apache httpd.  Quite some time ago, Aaron Lynch put together some steps to install Smith Project w/Tomcat/Apache, which we have used several times since, primarily setting up Railo. I am not sure I ever would have waded my way through it without his early experimentation and documentation.  On this iteration, I loosely followed those instructions, opting for several packages from the repos, and updated versions of software, and have documented my steps as the are somewhat different in areas. For my current environment, I first installed OpenBD.  I then followed this by installing ColdFusion and setting it up to user the default JRUN connector that is set up during the installation.  Lastly, I installed Railo as another webapp in Tomcat and tied that into Apache as well.

In the following posts, you will see these steps in detail.

Setting up Apache, OpenBD, Railo and ColdFusion – Part 4 – Installing Railo under Tomcat with Apache webserver

This is Part 4 in an ongoing series demonstrating how to install OpenBlueDragon, ColdFusion, and Railo concurrently with all requests passing through the Apache webserver.  You will find links to all parts of this series at the bottom under “Related Content”

In this post we will be building upon our existing environment in which we installed Apache webserver, Tomcat 6, OpenBlueDragon, and ColdFusion, by adding Railo to the mix.  If you have been following along thus far, we are well past the hard stuff at this point.  To install Railo, which is deployed as a java war file, we are going to repeat and slightly modify many of the steps that we took at the end of Part 2 when we installed OpenBD as a Tomcat web application.

Let’s start by setting up our hosts entry so that our new site resolves to localhost.railo, and set up the Apache webserver to listen for the request.  Open up /etc/hosts, and append ‘localhost.railo’ (without quotes!) to the line that begins with 127.0.0.1.   Next we want to create a new virtual host file for the site under Apache.  Do so like this:

$ cd /etc/apache2/sites-available
 sudo gedit localhost.railo

Paste the following into that new file and save it.

<VirtualHost *>
	ServerName localhost.railo
	JKMount /* worker1
</VirtualHost>

As we learned in Part 2, the line “JKMount /* worker1″ is instructing apache to pass everything to the worker we defined in /etc/apache2/workers.properties.  That worker will then pass the request on to Tomcat port 8009, under which our application actually resides.

Now that we have defined this site, we want to make sure that it gets included on our next Apache restart.  We do this by running the following:

$ sudo a2ensite localhost.railo
Site localhost.railo installed; run /etc/init.d/apache2 reload to enable.

At this point, we need to make sure there is a an application set up in Tomcat to receive our request.  First, let’s start by downloadingthe free Railo Server from their download page.  Look toward the bottom of the page and download  “Railo Custom” and download railo-3.0.2.001.war. (or newer version if it is there).  Once we have the file downloaded, we will create a new directory for our application under Tomcat.  We will then copy the Railo war file into it from our download directory.  When we have the war file under /opt/tomcat6/webappas/localhost.railo/ we will extract it, and then safely delete the war file itself.  These steps can be seen here:

$ sudo /opt/tomcat6/webapps/localhost.railo
 sudo cp railo-3.0.2.001.war /opt/tomcat6/webapps/localhost.railo/
 cd /opt/tomcat6/webapps/localhost.railo
 sudo jar xvf railo-3.0.2.001.war
 sudo rm railo-3.0.2.001.war

Since we now have the application in place, it is time to modify the Tomcat server config so that it knows to send the appropriate requests to it.  Do the following:

$ sudo gedit /opt/tomcat6/conf/server.xml

Look for the section that we added previously for our OpenBlueDragon localhost site “localhost.bd”.  We are going to copy that section, modifying the “name” and “docBase” attributes to match our new application and paste it just below the localhost.bd site.  When you are done they should look like this:

<Host name="localhost.bd"  appBase="webapps" unpackWARs="true"
	autoDeploy="true" xmlValidation="true" xmlNamespaceAware="false">
	<Context path="" docBase="localhost.bd/" reloadable="true" privileged="true" antiResourceLocking="false" anitJARLocking="false" />
</Host>

<Host name="localhost.railo"  appBase="webapps"  unpackWARs="true"
	autoDeploy="true" xmlValidation="true" xmlNamespaceAware="false">
	<Context path="" docBase="localhost.railo/" reloadable="true" privileged="true" antiResourceLocking="false" anitJARLocking="false" />
</Host>

With all that done, we are ready to restart (or start) Apache, Tomcat and our new Railo site will be available at http://localhost.railo

So with our original goal of being able to run the three CFML engines, it’s time to see how we did….
http://dl.getdropbox.com/u/101948/blog/movies/3-cfml-engines.swf