Re: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Hi Glen,
If you are only accessing /CFIDE from either the local network or a static IP
address you should be able to use firewall rules to block traffic on the tomcat
port to all but those addresses.
Andrew.
Sent from my iPod.
On 15/08/2011, at 4:46 PM, nkosi glenrainb...@gmail.com wrote:
@charlie, no I have not tried that.
What we have settled on - a compromise of sorts - is sym linking to
the WEB-INF and CFIDE from within the site code base root, many thanks
Andrew. Unfortunately it still means CFIDE is browsable via the
website, but only if you know the port number Tomcat is listening on.
e.g.
- Browsing the site: http://my.wickedcool.site/ (on port 80) works.
- Browsing the site: http://my.wickedcool.site/cfide/administrator/index.cfm
throws a 500 HTTP status code - preliminary investigation suggests it
is an IIS ajp Tomcat issue rather than CF ... a little bit more of
an investigation is required though.
- Browsing the site:
http://my.wickedcool.site:{*my_custom_port}/cfide/administrator/index.cfm
and I get to the CF Admin login page.
*my_custom_port, as defined in Tomcat's server.xml.
The bad news is I still have to 'pollute' my codebase with sym link
shortcuts to the CFIDE and WEB-INF folders ... but this is made less
onerous by using a batch file to roll out the codebase and creating
the appropriate sym links etc.
Other things to note, if you're using ActiveMQ don't be a fool like
me, be sure to put the ActiveMQ jar in the WEB-INF/cfusion/lib/. Spent
more time than I care to admit trying figure out why my gateway was
stuck in the 'starting' state ... *sigh*.
So, thank you all for your input.
Oh, and my.wickedcool.site isn't a real site BTW - expect a DNS
fail :)
Cheers
Glen
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaussie@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaussie@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: ColdFusion, Tomcat, IIS7 question
@charlie, no I have not tried that.
What we have settled on - a compromise of sorts - is sym linking to
the WEB-INF and CFIDE from within the site code base root, many thanks
Andrew. Unfortunately it still means CFIDE is browsable via the
website, but only if you know the port number Tomcat is listening on.
e.g.
- Browsing the site: http://my.wickedcool.site/ (on port 80) works.
- Browsing the site: http://my.wickedcool.site/cfide/administrator/index.cfm
throws a 500 HTTP status code - preliminary investigation suggests it
is an IIS ajp Tomcat issue rather than CF ... a little bit more of
an investigation is required though.
- Browsing the site:
http://my.wickedcool.site:{*my_custom_port}/cfide/administrator/index.cfm
and I get to the CF Admin login page.
*my_custom_port, as defined in Tomcat's server.xml.
The bad news is I still have to 'pollute' my codebase with sym link
shortcuts to the CFIDE and WEB-INF folders ... but this is made less
onerous by using a batch file to roll out the codebase and creating
the appropriate sym links etc.
Other things to note, if you're using ActiveMQ don't be a fool like
me, be sure to put the ActiveMQ jar in the WEB-INF/cfusion/lib/. Spent
more time than I care to admit trying figure out why my gateway was
stuck in the 'starting' state ... *sigh*.
So, thank you all for your input.
Oh, and my.wickedcool.site isn't a real site BTW - expect a DNS
fail :)
Cheers
Glen
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaussie@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Thanks for the responses. @andrew - yes, it seems creating symbolic links in Windows Server 2008 is possible (command line mklink) using dir identifies these as SYMLINKD. Now just need to work this through and see what the impacts/vulnerabilities are. @charlie - I think I may have misled you when I referenced WEB-INF, what I don't want is CFIDE/administrator browsable via the [IIS] website AND I don't want my web site code to be 'polluted' (probably too strong a word to describe this) with WEB-INF and CFIDE folders. I want to SVN export my site to an empty location on my server's hard drive without having to think about accidentally overwriting folders/ files etc. Cheers Glen -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Hi Glen, One thing I did think of that may be a problem paths if you put your app in a sub like I suggested. I don't know I you can overcome thi with a mapping for / - possibly you can but I haven't tried it myself Andrew On 08/08/2011, at 4:10 PM, nkosi glenrainb...@gmail.com wrote: Thanks for the responses. @andrew - yes, it seems creating symbolic links in Windows Server 2008 is possible (command line mklink) using dir identifies these as SYMLINKD. Now just need to work this through and see what the impacts/vulnerabilities are. @charlie - I think I may have misled you when I referenced WEB-INF, what I don't want is CFIDE/administrator browsable via the [IIS] website AND I don't want my web site code to be 'polluted' (probably too strong a word to describe this) with WEB-INF and CFIDE folders. I want to SVN export my site to an empty location on my server's hard drive without having to think about accidentally overwriting folders/ files etc. Cheers Glen -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
RE: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Oh, OK. That is indeed different. So here's a thought: besides considering a mapping within Tomcat, note also that CF sets up a mapping itself (in the CF Admin) pointing CFIDE to the physical path where it's located. I'd think if you changed both, it should work. Are you saying you have tried that? /charlie -Original Message- From: cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] On Behalf Of nkosi Sent: Monday, August 08, 2011 2:10 AM To: cfaussie Subject: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question Thanks for the responses. @andrew - yes, it seems creating symbolic links in Windows Server 2008 is possible (command line mklink) using dir identifies these as SYMLINKD. Now just need to work this through and see what the impacts/vulnerabilities are. @charlie - I think I may have misled you when I referenced WEB-INF, what I don't want is CFIDE/administrator browsable via the [IIS] website AND I don't want my web site code to be 'polluted' (probably too strong a word to describe this) with WEB-INF and CFIDE folders. I want to SVN export my site to an empty location on my server's hard drive without having to think about accidentally overwriting folders/ files etc. Cheers Glen -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
RE: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Nkosi, I think you may be on a bit of a (needless) wild goose chase. Going back to your first note said; ... we cannot figure out how we can get our CF sites to run without requiring WEB-INF [and CFIDE] in the root of our sites. This basically means our CF Admin is browsable via our web site which is not what we want. Well, are you saying you DID see the files in WEB-INF being browsable? Because Tomcat (like any J2EE server, including JRun) should automatically preclude sharing of that. It's a java-standard directory and therefore it's always been automatically protected by java servlet engines/jee servers. So are you saying you thought this would be a problem as you contemplated the setup? Or that you found you could indeed see the files? If the latter, then let us know and perhaps we can figure out why and/or what needs to be added to make it so. /charlie -Original Message- From: cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] On Behalf Of nkosi Sent: Thursday, August 04, 2011 12:56 AM To: cfaussie Subject: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question Yes - that is what I thought too. But like I said, we have the [limited] resources to explore this option - if it is easy then brilliant, if it gets too complicated then we should probably wait and hope that Adobe does indeed make the CF +Tomcat config a whole lot easier. So now we've got all the _why_ out of the way ... any clues how we can achieve what we're after? -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: ColdFusion, Tomcat, IIS7 question
The only stupid question is the one left unasked ... hehe, never thought I'd say that. You mean how come we're trying to achieve this configuration? Well it's a nice level of separation from site code and web application server ... isn't it? Also, since it was possible with JRun then it would be nice to continue this configuration with Tomcat. Also ... I'd be happy to hear alternative hosting configs. Cheers Glen -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
RE: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
No such thing as a stupid question, only stupid answers :) -Original Message- From: nkosi [mailto:glenrainb...@gmail.com] Sent: Thursday, 4 August 2011 1:49 PM To: cfaussie Subject: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question The only stupid question is the one left unasked ... hehe, never thought I'd say that. You mean how come we're trying to achieve this configuration? Well it's a nice level of separation from site code and web application server ... isn't it? Also, since it was possible with JRun then it would be nice to continue this configuration with Tomcat. Also ... I'd be happy to hear alternative hosting configs. Cheers Glen -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Yeah - but what is the end goal? Why bother changing if JRUN is meeting your needs? Mark On Thu, Aug 4, 2011 at 1:49 PM, nkosi glenrainb...@gmail.com wrote: Also, since it was possible with JRun then it would be nice to continue this configuration with Tomcat. -- E: mark.man...@gmail.com T: http://www.twitter.com/neurotic W: www.compoundtheory.com cf.Objective(ANZ) + Flex - Nov 17, 18 - Melbourne Australia http://www.cfobjective.com.au -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Ah - I see, how come we trying to do this if it is already doing the job. If it ain't broke etc ... Coz all the cool kids are doing it ... um, no, seriously though ... Given that CF10 is reportedly dropping JRun for Tomcat and we have resources available to us right now we thought we would explore the Tomcat option. So that is where we are right now. We're working out if we can set ourselves up early on for CF/Tomcat. It was going well until we hit the snag noted above. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: ColdFusion, Tomcat, IIS7 question
I'd be pretty shocked if Adobe doesn't make configuring CF10 + Tomcat a whole lot easier than doing all the steps for CF9 + Tomcat. So you may be wasting your time. Also, CF9 isn't supported on Tomcat, so you may be voiding any support contracts you may have. But hey - if you're having fun :) all the more enjoyment for ya. Mark On Thu, Aug 4, 2011 at 2:41 PM, nkosi glenrainb...@gmail.com wrote: Given that CF10 is reportedly dropping JRun for Tomcat and we have resources available to us right now we thought we would explore the Tomcat option. So that is where we are right now. We're working out if we can set ourselves up early on for CF/Tomcat. -- E: mark.man...@gmail.com T: http://www.twitter.com/neurotic W: www.compoundtheory.com cf.Objective(ANZ) + Flex - Nov 17, 18 - Melbourne Australia http://www.cfobjective.com.au -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: ColdFusion, Tomcat, IIS7 question
Yes - that is what I thought too. But like I said, we have the [limited] resources to explore this option - if it is easy then brilliant, if it gets too complicated then we should probably wait and hope that Adobe does indeed make the CF +Tomcat config a whole lot easier. So now we've got all the _why_ out of the way ... any clues how we can achieve what we're after? -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: ColdFusion, Tomcat, IIS7 question
On Aug 4, 1:28 pm, nkosi glenrainb...@gmail.com wrote: We have set up 'multiserver' Tomcat but we cannot figure out how we can get our CF sites to run without requiring WEB-INF [and CFIDE] in the root of our sites. This basically means our CF Admin is browsable via our web site which is not what we want. It may also mean we have to consider how we rollout our site code given there will already be 2 folders in the site root. I have no experience at all with IIS or Windows servers, but with Apache I *think* you could do something like the following, and I'd be surprised if IIS doesn't allow it also. What if you if you did something like this: Put the exploded coldfusion war file wherever you want (I'll assume c: \tomcat-apps\application1\cfusion.war\) In tomcat's server.xml: Host name=application1.something.whatever appBase=c:\tomcat-apps \application1\cfusion.war/ Then if you can use a symbolic link (is there a way to do this in windows?) to your app code. So you'd have something like: c:\tomcat-apps\application1\cfusion.war c:\tomcat-apps\application1\cfusion.war\CFIDE c:\tomcat-apps\application1\cfusion.war\WEB-INF c:\webapps\app1\cfusion\app - sym link to c:\Sites\Application1\ Then if you can configure IIS proxy anything to http://application1.something.whatever/* to http://application1.something.whatever:tomcat-port/app/* it might work? Under that config you should only be able to access CFIDE directly via http://application1.something.whatever:tomcat-port/CFIDE/administrator Don't quote me on it, I haven't tried it, but it is an approach I think may work... It'll be interesting to see how Adobe handle multi site installs and virtual hosts when they move to Tomcat. Andrew. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
