Entries Tagged as 'ColdFusion'

mod_cfml 1.1 is released! Fast, reliable, and new features!

For those of you familiar with the mod_cfml project, you know it consists of two separate sections: The web server adapter that provides information about the web site being served, and the Tomcat valve, which takes that information and automatically processes it within Tomcat - creating a new host, alias, etc as needed within Tomcat so that Tomcat will match the information coming from the web server. Both the web server adapter and the Tomcat valve have been greatly enhanced in version mod_cfml version 1.1.

New features in The Tomcat valve:

  • Speed: the process of creating a new host in Tomcat has been greatly reduced and has taken less than a second in all our tests - down from several seconds in previous versions of mod_cfml. Jar scanning is disabled by default.
     
  • Speed: the process of "waiting for context files" has been completely removed as it is no longer necessary.
     
  • Speed and memory footprint: only one Tomcat “Host container” is created per Apache/IIS virtualhost/context. All aliases / default site hosts / IP-based hosts, are now added as aliases. The process of creating a new alias is lightning fast.
     
  • Bugfix: Thread safety errors have been corrected, and hosts are now created reliably in every event.

 

Next, for the web server adapter, for Apache 2.4 the web server adapter has been completely re-written in C! This means that any system can run mod_cfml natively without the need for mod_perl. The mod_perl version of mod_cfml will still be available for Apache 2.2, but will no longer be maintained. With Apache 2.4 and a native C-module, mod_cfml can run natively on any system with extreme speed and only a few lines of config!

The new mod_cfml.so also includes the following enhancements:

  • Feature: SES URL support is now handled automatically using path_into. Previously, URLs like /some/page.cfm/id/123 would not work out of the box with Tomcat. With mod_cfml 1.1, now they do! This feature is supported in Lucee, OpenBD, and Railo.
     
  • Security: A shared secret key implementation has been added to prevent unauthorized context creation.
     
  • Feature: Virtual directories, or “Aliases” in Apache, are now passed by default from the mod_cfml.so file and handled automatically by Lucee for the current request. Check the documentation for more details on this.

 

Documenation for mod_cfml 1.1 is HERE.

Installation instructions for mod_cfml 1.1 is HERE.

 

Huge "Thank you!" to Paul Klinkenberg and Bilal Soylu for their amazing dedication to this project. You two are awesome!

 

So... what are you waiting for? Install! Upgrade! Stay secure and have fun with CFML!

Fixing "JRun too busy or out of memory" for PCI compliance

One of our servers here at Vivio is routinely scanned for PCI compliance purposes. Until just recently, we've been using FuseGuard (A Web Application Firewal, or "WAF"), to block intrusion attempts to our web application. With new PCI standards that force us to allow PCI scans through our WAF (or IDS or whatever), we had to allow these requests through, but that brought to light another, different, problem.

During the PCI scan, our Apache logs would get a lot of the following error messages:

[notice] jrApache[13857: 62679]  returning error page for JRun too busy or out of memory

Initially we thought that since the message was coming from the JRun connector, that the issue had something to do with the connector. However, after quite a bit more research, we found it had to do with JRun itself, and the specific number of post parameters it's configured to accept. Any more then the default "100" post parameters, and you'll get the error you see above.

To change the number of post parameters, you will need to update your neo-runtime.xml file. For our case, ours was found here:

/opt/coldfusion9/lib/neo-runtime.xml
NEO XML Example

IMPORTANT: Editing this file isn't particularly easy. Opening it in VIM gives you a big wall of text.

By increasing the following parameter from 100 to 300, we were able to succesfully complete our PCI scan:

<var name='postParametersLimit'><number>300.0</number></var>

Hopefully this helps anyone else having this issue.

ColdFusion 9 CentOS 6 Connector Issues

Just had an experience installing ColdFusion 9 on to a CentOS 6 system and ran into an issue installing the web connector. I'll step through the process I went through and maybe it will help others installing Adobe ColdFusion on to CentOS 6.

Right after the installation, I got the following error message:

Running apache connector wizard...
=======================================
There was an error while running the connector wizard
Connector installation was not successful
=======================================

This is the output of the cf-connectors.sh script, located here:

/opt/coldfusion9/bin/cf-connectors.sh

You can manually run that script and get the same error message. Looking at the script, I saw I kept a log of it's issues in the following file:

/opt/coldfusion9/ConnectorInstall0.txt
SELinux Penguin Logo

So I naturally checked it out. The first error I got had to do with Apache APXS not being installed. Again, my CentOS 6 install was a "minimal" install, so I was used to installing additional packages to get things to work properly. To address this issue, I just ran the following:

yum -y install httpd-devel

Then ran the cf-connectors.sh file again, and ran into a different issue this time. This one was more peculiar:

Starting httpd: httpd: Syntax error on line 892 of /etc/httpd/conf/httpd.conf: Cannot load /opt/coldfusion9/runtime/lib/wsconfig/1/mod_jrun22.so into server: /opt/coldfusion9/runtime/lib/wsconfig/1/mod_jrun22.so: failed to map segment from shared object: Permission denied

That's odd... I'm running as "root", I shouldn't be getting permission issues. As it turns out, this error is due to SELinux being enabled. However, I an not at liberty to disable SELinux for this particular project, so I had to find a different way. Turns out, the fix just ended up being a simple one-liner to adjust the SELinux config:

chcon --reference=/usr/sbin/httpd /opt/coldfusion9/runtime/lib/wsconfig/1/mod_jrun22.so

After that, Apache started right up and my SELinux rules are still happily in place!

Hope this helps.

A Look Inside a Vivio VPS Platform Server

In my recent post, "What 256GB of RAM Looks Like", I showed some pictures of some RAM that Vivio had bought to put in to a couple of new platform machines. After that post I got a couple of requests to see it inside the servers that it was going to be in, so I took some pictures of one of the two new Platforms we built this month for those of you who might be interested in seeing the platform machines we use.

vivio vps inside

There are two Opteron 8-Core CPU's here, for a total of 16 CPU cores. The RAM is the same RAM that I showed in the pictures earlier. Each RAM module is 8GB, making for a total of 128GB in each of the two servers we put together this month. The CPU's and RAM are cooled using passive cooling and a fan "funnel" (at least I think that's what it's called) in which 4 separate fans drive air through the funnel.

vivio vps HDD array sas

This platform will be named "Arcticwolf" - which indicates this particular server will be used for Windows VPS Accounts. It will contain 16 Seagate Constallation SAS drives (14 usable and 2 spare). The amount of drive space we will be providing by default in new VPS Accounts will increase (a great deal) in the not too distant future as the price of exceptional drive arrays like this one goes down.

vivio vps psu

The system comes complete with redundant PSU's, so if one of them fails, we can replace it without needing to shut the machine down. 

Personally, I think these servers are just plain awesome in carnate, but that's probably just my predjudice talking. ;)

Testing For Headless Mode in ColdFusion (CFML)

Just recently I found myself needing to verify if a server I was working on - which required image manipulation - was actually running in headless mode. On Linux servers, graphical user interfaces (GUI's) aren't usually running because they take up additional resources (like memory) and server administrators usually want to give all the resources they can to actual server processes rather then a GUI which they only use occasionally. However, the JRE that ColdFusion engines run on needs the window processing engines in order to perform graphic manipulation - image resizing, rotating, etc - all require image processing libraries.

Java Thumbs Up LogoThe following code bit allows you to see if your CFML engine (Railo, OpenBD, or ACF) is actually running in headless mode. This is useful if you're debugging a pesky image processing problem and you want to make sure your JRE's access to the XORG libraries aren't the problem.

 

<cfobject  
    action=create  
    name=geObj
    type="JAVA"  
    class="java.awt.GraphicsEnvironment">
<cfset geResponse = geObj.isHeadless()>
<cfdump var="#geResponse#">

 

The code calls java directly and returns a true or false response if you're running in headless mode or not.

Hope this helps!

apparatus