ColdFusion Docker Image Released

CFDockerTweet

On April 25, 2018, Adobe released the long awaited, official, Docker Image for ColdFusion 2016! ColdFusion 2018’s image is in the works.

I am excited about this primarily for two reasons:

#1 Development: we can create a docker image that can possibly be passed around to developers either as general use or specific to a customer’s setup. This has the potential to speed up “ramp-up time” for developers when beginning a new client workload.

#2 Fix AWS AMI’s: The current AMI solution on AWS is bleak. You’re limited to operating systems that are either the wrong flavor of Linux for you or an outdated Windows Server version. You are also stuck with the inability to upgrade the OS or ColdFusion. I’m hoping this makes its way into the AWS container library that you can lease month-to-month, both in the Standard and Enterprise flavors.

docker-cloud-serversAdobe choose the JFrog container repository over Docker Hub “due to licencing and distribution issues”. This seems to be a common theme with Adobe, but at least it’s out there. You can find these repos at https://bintray.com/eaps/coldfusion.

As of 4/26/2018, you will find the following images:

  • ColdFusion Server (2016)
  • ColdFusion Addons (2016)
  • ColdFusion API Manager (2016)
  • ColdFusion API Manager Addons (2016)

The “ColdFusion Server” contains the “barebones” only. It runs the bundled “built-in” web server (normally port 8500).

You’d then normally want to connect Apache or IIS to ColdFusion using wsconfig. However that’s not possible, in the common sense, here. The reason being is that you’re in a container that has no real access to the outside space, including your webserver services.

So in this case you’ll need to treat this as a distributed setup. You’ll need to copy some files, including wsconfig, onto your Apache file system – likely in another container. From there you’ll run wsconfig and connect it to the “remote” ColdFusion instance. There are some basic instructions at http://blogs.coldfusion.com/setting-up-coldfusion-in-distributed-envionment/ and Adobe says they will work on an official instruction set. I also plan on posting my own instructions. I don’t think this will work with IIS without a hack, but this is definitely something I’d want. The majority of web servers we maintain are IIS.

When you run the ColdFusion container, you are able to pass in a limited set of environment variables. They range include items such as password, secure profile, external session info, addons, and a startup script.

The setup script will be a .CFM file that calls the admin object. Here you will script items such as datasources. However, as far as I know, not all admin functions are available via the API. One of the major benefits of running containers is to have a disposable environment that can easily be recreated. In order to do this, you must be able to script out all your configuration. I would also like to see all settings be available in the environment variables as that’s what it’s intended for. Using a script is more or less a hack that needs additional maintenance.

Another method is mounting a volume for configuration files such as JVM.config and neo-*.xml files. I have to experiment with this to figure out how that would work.

The third method would be to mount a directory that has CAR archives into “/data” and configurations in the archive would be automatically imported during container setup. However this is a rather static method and not easy to manage. However according to Immanual Noel, on 4/27/2018, Adobe is having an issue importing DSN’s and scheduled tasks in this fashion and are currently working on this issue.

The final method would be to use Ortus’s CFConfig CLI. You could pass in a JSON string and let it build out the configuration. This might actually be one of the best ways to do it. I’m hoping Adobe’s implementation catches up to this quickly though. Ortus has great open source products for ColdFusion, but this shouldn’t be required.

The “ColdFusion Addons” container runs SOLR and PDF services. The “.NET” service will not exist as it is a Linux container. I would have preferred separating out the services though due to the container pattern of one service per container. This extends the ColdFusion container.

According to Adobe, they are not going to create a Windows container at this point due to performance issues they saw. But the great thing about Docker on Windows is that it’s capable of running both Windows and Linux containers. It’s very rare that I need to run .NET, however that does leave my 2 points out in the cold if a customer uses it.

In conclusion, I look forward to testing this out and perhaps implementing this solution where it makes sense.

Other resources to read:

  • https://www.cutterscrossing.com/index.cfm/2018/4/18/Adventures-in-Docker-Land

CF Summit 2017 – Part 2

Starting from Part 1 of my “CF Summit 2017” series I will dive into some of my conversations with Adobe and more “Application Monitoring Suite” details.

The Adobe Team

20171117_101210Let me start out by saying that I know a number of people, myself included, enjoyed having the ColdFusion engineering team on-site at the conference. I want to thank them for the long trip from India which appears to be at least a 24 hour trip one-way. I could barely stand the 3 hour cattle flight from Omaha on Southwest. Those seats were great when I was a kid half my current size – but they never seemed to take into account that American adults actually sit in those seats too!

I spent a bit of time speaking with Anit Kumar, the Technical Support Manager, who was very welcoming of what I had to say. A number of people also wanted his attention, so I also spoke a bit to Vamseekkrishna Nanneboina, the Quality Engineering Manager. Continue reading

CF Summit 2017 – Part 1

My co-worker at CF Webtools, Wil Genovese, and myself were fortunate to attend the Adobe ColdFusion 2017 Summit this year.

The primary focus of the event was on “Aether”, the next version of ColdFusion, which will be known as “ColdFusion 2018”. The primary topic surrounding Aether was the API Manager, Containerization (Docker), security by default and a new “Application Performance Monitoring Suite”.

20171116_101311

Continue reading

Finding the ColdFusion 11 Serial Number

Looking for the ColdFusion 11 Serial (License) Number on your existing install? Check out the plain-text file:

./cfusion/lib/license.properties

under the “sn” line

Lucee 5 ColdFusion Scheduled Tasks

Lucee 5.0 – 5.2.1.9 (current version) has a bug in scheduled tasks that seems to affect both Windows and Linux servers.

When scheduling a task, they end up getting marked as “expired” and never run. Not sure how this issue has made it this far into revisions, but as of this post it’s still an issue.

https://luceeserver.atlassian.net/browse/LDEV-897

You can work around this issue using a cron job by way of curl.

On Windows you can use the Windows Task Scheduler and curl. Curl can be downloaded from https://curl.haxx.se/download.html

6/21/2017 – marked for “NextSprint scheduled”

#lucee, #scheduled-tasks

Adobe ColdFusion 11 AWS AMI Converts to Developer Edition

We have a ColdFusion 11 server hosted on Amazon’s Web Service (AWS) Elastic Compute Cloud (EC2). We subscribe to the Adobe ColdFusion 11 license on a monthly basis using the Amazon Machine Image (AMI) Store.

We are still migrating sites to the EC2 instance and it is still in its infancy. What we noticed was that the log files were getting large quite fast with these entries:

License Error.You tried to access the Developer Edition from IP address (0.0.0.0). Already two IP addresses are accessing ColdFusion concurrently. The Developer Edition supports access by any IP address, but only two at a time, apart from the localhost. The additional IP addresses accessing ColdFusion are: 0.0.0.0,0.0.0.0 The specific sequence of files included or processed is: C:\ColdFusion11\Main\wwwroot\CFIDE\administrator\templates\secure_profile_error.cfm”

This meant that only two distinct visitors would be able to view our production sites at any given time. The license is supposed to be a Enterprise level license which can support very large traffic. But instead the license reverted to developer edition without warning.

The way I was able to resolve this issue was to send an email to CFsup@adobe.com. I included my AWS Account number. I also ran this issue by the “Adobe” CFML Slack Channel. Here was the timeline (Central Time):

8:12 PM: Posted issue on CFML Adobe Slack channel
8:21 PM: Emailed CFsup@adobe.com
11:15 PM: Anit Kumar responds to Slack from home
12:10 AM: Anit Kumar responds via email with new .jar file
12:38 AM: Server now on Enterprise license correctly

Here were the steps taken to apply patch:

  1. Navigate to the \ColdFusion11\cfusion\lib and search for “cfusion-req.jar”.
  2. Stop the ColdFusion Service.
  3. Take a backup of this original jar file and delete it. Renaming the jar file, will not help.
  4. Rename the enclosed cfusion-req.jar.123 to cfusion-req.jar and save it on the location mentioned in Step 1.
  5. Start the ColdFusion Service.
  6. Check the Edition by clicking on the System Information (“I” icon on right hand side top).

Anit said we could just apply the patch to the cfusion instance, however we ended up applying it to it and another CF instance while waiting for a response.

When we asked Anit what the issue was, this was his reply:

This was an issue with Amazon side and is very sporadic in nature. We have fixed and merged this in CF2016 AMIs on Amazon.

Copy tools.jar When Upgrading Java for ColdFusion

javalogo-81x162I happened to read a post on Adobe’s ColdFusion Facebook page, that references a blog post, that references a pretty obscure tip. ColdFusion really needs to implement this somehow in CF Admin like a configurable directory for this file.

I remember knowing this step, but forgot, because it’s documented in obscure places like in the upgrade notes when ColdFusion releases a patch that officially supports a newer version of ColdFusion.

Anyway, ending my rant, when you upgrade to a new major version of Java (and in my opinion every minor version too) be sure to do the following:

  1. Copy tools.jar from {JDK_Home}/lib to {cf_install_home}/{instance}/lib/
  2. Delete all files from {cf_install_home}/{instance}/stubs/ to get the newly compiled classes.

Only JDK contains the tools.jar file not the jre installation. You don’t have to install JDK on the machine where ColdFusion is installed. You can just have jre on this machine and get tools.jar from any other machine’s JDK installation.

#coldfusion-2, #java, #tools-jar, #upgrade

Deny URL Patterns With FW/1

Seeing that someone was trying to hit wp-login.php (WordPress login) a few times a minute on one of our servers at CF Webtools we decided to block any PHP requests since this is a ColdFusion server. It wasn’t as easy as I thought. This is a Windows 2008 R2 server running IIS 7.5 and ColdFusion 11.

Sample URL:
http://www.mysite.com/index.cfm/main/mypage/id/68249/id2/wp-login.php

At first I tried using Request Filtering under the “Rules”, “URL” and “Query Strings” tabs. These had no effect.

I then went to URL Rewrite where there was a custom rule to allow index.cfm to be absent from the URL.

<rewrite>
    <rules>
        <clear />
        <rule name="Rewrite FW/1 SES index.cfm">
            <match url="^(?!css|js|fonts)(.*)$" />
            <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                <add input="{REQUEST_URI}" pattern="^.*\.(bmp|css|gif|htc|html?|ico|jpe?g|js|pdf|png|swf|txt|xml|ttf|woff|eot)([/?].*)?$" negate="true" />
            </conditions>
            <action type="Rewrite" url="/index.cfm/{R:1}" logRewrittenUrl="true" />
        </rule>
    </rules>
</rewrite>

I then tried adding a rule using the default settings of wildcards. While the test responded okay, the actual page kept processing the URL.

Thanks to Wil Genovese, after switching the regular expressions and enclosing those in parenthesis, “.php” requests were finally denied.

<rule name="No PHP" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{PATH_INFO}" pattern="(\.php)" />
    </conditions>
    <action type="AbortRequest" />
</rule>

2015-05-26_1538

#iis, #rewrite, #wordpress

ColdFusion 11 Will Not Start After Enabling J2EE Session Variables

Update 1/20/2015: Fix is available in the refreshed Full installers. More information on this is available here at:
http://blogs.coldfusion.com/post.cfm/coldfusion-11-installers-refreshed-has-fix-for-server-fails-to-start-on-enabling-j2ee-session-variables-and-installation-on-japanese-os

After some wicked process of elimination at CF Webtools I found out that I was unable to start/restart ColdFusion 11 after enabling J2EE Session Variables in the ColdFusion Administrator.

I went through almost all types of installs thinking it was an issue with the Amazon EC2 server it was on. Thinking this because we have CF11 servers running with J2EE enabled already.

The difference, and the the issue it turns out, is the updated installer that includes update 3 for Windows x64. The original installer doesn’t seem to have this issue.

The underlying issue is whether or not Tomcat persistent sessions were turned on or off. This apparently keeps a session alive during a restart. ColdFusion apparently doesn’t like this if it’s on.

To turn off Tomcat persistent sessions (this seems a little backwards though):

  1. Open {cf instance}/runtime/conf/context.xml
  2. Uncomment <Manager pathname=”” />
  3. Save file and close
  4. Start ColdFusion

This seems to have been an issue on ColdFusion 10 that somehow made its way back to 11.

Thanks to Derrick Anderson with BigTeams for finding this old issue at we3geeks.

I have opened bug ticket 3923565 with Adobe.

#coldfusion-2, #j2ee, #session-variables, #tomcat

IIS URL Rewrite Config for FW/1 SES

SES_Screen_ShotAfter a bit of research, I was never able to find a definitive answer as how to properly set up SES (Search Engine Safe URL’s) to work with FW/1 (Framework 1) using IIS 7.5 and IIS URL Rewrite 2.0.

SES makes turns your URL’s from this:

http://www.mysite.com/index.cfm?action=main.default&ID=0

Into this:

http://www.mysite.com/main/default/ID/0

First of all you may need to install URL Rewrite 2.0 using Microsoft Web Platform Installer. There are other options out there, but I’m using this since it’s simple and nicely integrated.

From the URL Rewrite options screen, add a new rule and select “User-friendly URL” under the “Inbound and Outbound Rules”.

The requested URL should match the pattern using regular expressions. The pattern being:

^(.*)$

Add the conditions that the type is not a file or a directory.

The action type is rewrite and the rewrite URL is:

/index.cfm/{R:1}

Be sure to check “Append query string” and “Stop processing of subsequent rules”

Continue reading

#coldfusion-2, #fw1, #iis, #microsoft-web-platform-installer