Well, I finally got hacked. This is a first for me, and proves that my Linux skills are just not quite as up there as my windows admin skills. And what was the vector? The lack of queryparams inside CFshopkart. The only upside is that there were no transactions inside the cart, and no sensitive data to steal. But the defacement did muck about with several system files. Bah.

Last night I had an argument with some lady that's some damn stupid, that it bares repeating.

Every now and then the missus and I have a brain lapse and take the kids to Chuck E Cheese. They enjoy it, but I don't know of many parents that do ;). At any rate, I was put in charge of holding a twin and following one of the older kids around. At the time I was shadowing our two year old.

My daughter decided to play some skeeball. Now, I don't mind skeeball. It's fairly fun, and I used to enjoy a good round in my youth. We show up at the lanes (they have maybe 6?) to find a youth and her grandmum... least, that's seemed to be the correct age grouping. This pair was using the middle lanes, and grammy's purse was occupying a third. The purse isn't actually beside grammy, it's another lane over yet (why? beats me). Beside the purse, some dude is using the ball drop area to hold his cup of coins whilst playing the basketball game. So, that leaves my daughter and I the lane next to grammy.

Alright, we shoot in our coin, and the two year old gives it a fair try. She didn't get a single ball up the lane but I threw the missed balls back up the ramp for her. And for the first time in my life, actually hit one of those blasted 100k holes. Sweeeet. Anyway, we finish up at 300k points, grab our tickets and start walking away. And that's when the fun started...

Ignorant Woman: "Excuse me, you're taking my tickets"

Me: "No ma'am, these are our tickets"

IW: "No, you're taking my tickets"

Me: "Ma'am, these are our tickets. They came from this machine"

IW: "No, they're mine."

Me: "Ma'am, you're tickets come out beside you. Look."

IW: "No, those are her tickets. Your's must be broken"

Me: "Ma'am... look at the machine. You can see where they're connected. These are our tickets."

IW: "No, those are my tickets"

And it's at this point I realized that Ron White is correct. You can get a face lift, a boob job, cosmetically address imperfections. But you can't fix stupid. My brain just tripped a circuit. I found myself thinking, "wait... we're arguing about the equivalent of 25 cents... maybe 20 tickets? WTF??". So I said to the ignorant woman, "you know what? You can have the tickets. Allie, (the two year old this woman was effectively taking tickets from) give her the tickets." And damn, if she didn't do me proud. My two year old just threw the tickets at this woman's feet and we just walked away.

Honestly, I was thinking on it later, and my point would have been proved by putting another quarter in the machine. It would have spit another ticket or two out as your "freebie". However, this just wasn't a teachable moment. At this point I'm just happy we didn't get thrown out of chuck's (well... am I really happy about that? hmmm), but damn I hate ignorant folks.

After reading a blog entry about another CF guy moving over to Linode, I got to asking myself "what the heck is a linode"? Well, it's a XEN based VPS that's really, really freakin' cheap! I signed up for their 1080 plan (which is way more traffic then I'll likely see), and decided it was time to move from shared hosting to my own VPS. The reasons abound, one of which being I'm going to be fielding all of the hosting/billing for future projects for Meteorsite, LLC. I'd also planned on moving to Railo/Resin to do this hosting, and it seemed like a great fit. Oh, and I was also planning on using GroundWorks with Nagios to monitor all our various and sundry hosting solutions (to also get that crap off my own home network ;) ).

Things went great at first. I got GroundWorks installed, but then I realized that GroundWorks wants to gloom onto and possess MySQL and Apache. Well, that's a pain in the ass and had to go. I only really wanted Nagios anyway. I'll generate the nagios configs on my local machine and just migrate them over. Fine, and done. Next step, configure a mail server with some sort of web front end. My old host used Plesk and that seemed to also include Horde. Great! I can deal with Horde. I usually pull everything into google mail for online viewing anyway, but I like having that option. So... I found 1, 2, a ton of tutorials on installing Horde on Ubuntu. The only problem is, not a damn one worked. Postfix would install correctly, but in the end I could never get IMAP (dovecot or courrier) to talk nice-nice to Postfix.

Three tutorials, and several hours later, I decided to start looking for a one touch install type system. Since I'll be hosting sites later it made sense to find a Plesk/CPanel/Helm type open source solution. And behold, I started my quest towards making ISPconfig work. There is at least 10 hours of my life I'm never getting back. Good lord... after about 50 steps, I just could not get ISPconfig to authenticate against IMP. And as soon as I changed the authentication method, I couldn't get back into the system. No matter what I tried, I could not get it to work. In between all of this, it's likely that I blew away my VPS about 20 times.

And then, I found Citadel and Easy Host Control Panel. I tried Citadel first, and currently have EHCP running on a test machine. Citadel (and EHCP) just worked. One installer, and that's it. Yes, you have to answer questions, but they're of the variety of "what's your system DNS" and "what's your mysql root passwor". Each have domain management for mail. Citadel really does far more than I require, and I think for hosting other sites, EHCP makes more sense, but at least I have something up and running! Yay. I do, however, still want my weekend back.

I had to complete a disaster recovery project this week. We do this annually for one of our clients (yay for preparedness!) for one of their ColdFusion sites. I've got a run book and all that and was prepared to reinstall ColdFusion and copy in their EAR to redeploy the application. Until I had a conversation with a coworker: Him> Did they restore your data yet? Me> Yep, I'm just getting ready to reinstall ColdFusion and- Him> Re-install? Isn't everything already there? Me> Well, yeah, but. Wait... huh. I bet I could just run the jrunsvc command, and..

So it turns out, if you don't need search, .NET, LiveCycle or ODBC services, you can just restore ColdFusion from a a backup to your file system. All you really need (minus those other pieces) is to run the jrunsvc command to install a new ColdFusion service in the the services console and to run the wsconfig.jar to connect IIS to JRun (or, if you restore the website from a file, all of that is already there). My runbook went from something like 30 steps down to about 4. Color me happy. And when you think about it, it makes sense. Since it's all built atop Java (minus the other services) there's no reason to go through the installer. You can probably install those other components but I don't really need them, so I don't care to find out how at present. But still, this is a handy little tid bit.

I had an "Ah HA!" moment when I got home tonight. I copied in my FarCry core folder from my known good Ubuntu Railo/FarCry install over to my CentOS install and still had issues. I tried several iterations of this, and then I had a think. I pulled up the Railo admin on my Ubuntu install, and noticed I had it at .012. And then it hit me... I was actually in a discussion about this with others on the google groups. I thought I had tried it at 3.1.0.016, but I think I did not complete the upgrade step.

So, I copied the .012 install of Railo over to the CentOS box and it worked! Huzzah! So, it appears that .012 remains the most supported version at this point in time. I'm hosting a copy of this file on my site, but please be gentle! I don't want to hear it from my host that ya'll are killing my server. You can grab the file here.

In this installment we're going to be installing FarCry, and tweaking our Apache settings a bit. To let ya'll know upfront, there's still a few issues with FarCry and functions that are named the same as internal Railo functions. I know these changes were placed into trunk at one point, but it doesn't seem like they migrated over to the 5.1.6 release. That's OK, I've got a fairly stable pull of the core trunk files from a few weeks back that I'll be linking on the site this evening. I'll verify that this fixes the odd "function cannot be named" stuff going on. The current trunk files are not allowing the overview page to come up, but then again this is trunk we're talking about... life on the bleeding edge sometimes leads to a paper cut ;).

[More]

Right... part 2. We're going to install Railo in this section. It's going to be a much smaller ride than part 1 ;). But first, some knowledge.

I've learned that:

• I'm not a fan of CentOS. I prefer the debian distros. Why? I've not really ever had a need to play with SELinux, or IPTables. Why does that matter? Both of these things have caused me grief whilst putting this together as both are enabled by default in both the _64 and i386 builds of 5.3.
• You must turn off IPTables on each boot of the system. I'm sure there's a way to make this automatic, but I really haven't tracked it down yet. Yes, it would not be an issue if I just set it up... surely this will be a blog posting down the line, but I don't require it for now.
• I had originally done the write up for part 1 with an _64 build. Everything was great until I got to the point where I needed to build mod_caucho. I could not find a way to successfully build that, and it appeared to be an issue with apsx. I didn't really want to spend my entire day chasing down rabit holes, so I switched to the i386 build. It's at this point that I learned that SELinux was preventing Apache from talking to Caucho. Again, not wanting to chase my tail endlessly, I just disabled SELinux for now.
• Use PUTTY! I can never get copy/paste to play nice between my VM command line screen and windows. So, I'll just minimize the VM and use PUTTY to terminal (over SSH) into virtual box. In this way, you can also keep several screens up at one time.

[More]

I just can't seem to get into the swing of this blog post a day deal. Heck, I barely have enough time to even get enough sleep throughout a day. How the heck do ya'll bang out so many blog posts over the course of a week?

Even though it appears that no one cares about my FarCry railo install piece, it'll likely take me about 8-10 hours of total setup time to get a working install done. I don't really mind if no one sees it... I'm doing this because I have to have a working install within the next few weeks to satisfy a customer project. Maybe I need to start aiming for the lower hanging fruit or something?

Woah... not such a catchy title, but it's descriptive, non?

This all began as a quest to be able to provide a VPS solution to the lowest bidder situation. Their host provides CentOS machines at a fairly reasonable price, but that price would not include the cost of a ColdFusion license. My framework of choice is FarCry, and lately the Daemonites have taken great strides in keeping the framework compatible with Railo. This is the thorny path towards creating a Linux virtual machine with FarCry, MySQL, Railo, and Apache (oh... and SES URLs).

We'll start by just getting the basics of the system running and in place.

• Everything I'm doing is as the root user... yes, not cool, but this just development. Typically, you should really use sudo to do all of this.
• Grab a VMware image of CentOS 5.2. You can find one here: http://www.vmware.com/appliances/directory/1309. VMplayer can be found here: http://www.vmware.com/download/player/
• Turn off IPTABLES for testing... yes, not the best idea for production, but this is development. I could not figure out why the heck Apache wasn't serving pages outside the local install, and it was the firewall blocking it. In production, you should really turn this feature on. I'm not addressing how to do so for this excercise.
  • 
    /etc/init.d/iptables save
    /etc/init.d/iptables stop
    
• Enable RPMforge packages. This will allow us to install phpMyAdmin through yum.
  • http://wiki.centos.org/AdditionalResources/Repositories/RPMForge (source)
  • Download either i386 or _64 RPM dependant on your OS type version
    • http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
    • http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
  • Import GPG key
    rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
    
  • Install it (replace the RPM with the name)
    rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm
    
• We need to install apache (well, not NEED, but we're not using Tomcat here)
  • http://www.railo.ch/blog/index.cfm/2008/11/12/Installing-ResinRailo-on-CentOS (source)
• yum install httpd httpd-devel openssl-devel
  
• We need to install MySQL
  • http://www.ozzu.com/unix-linux-forum/centos-and-apache-php-mysql-t69484.html (source)
  • vi /etc/yum.repos.d/CentOS-Base.repo
    
  • change enable=1 for centosplus
• yum install mysql-server mysql
  
• I installed PHP/PHPmyadmin - just for DB administration
  yum install php php-mysql phpmyadmin
  cd /usr/share/phpmyadmin/
  vi config.inc.php
  
  • enter a value in $cfg['blowfish_secret'] = '<something>';
  • vi /etc/httpd/conf.d/phpmyadmin.conf
    
  • change the allow line to (yes, yes... but this is a test environ) to Allow from all
• We need to install a JVM... this part just sucks. Unlike other distros, no precompiled version really meets our needs.
• http://j2eeinaction.blogspot.com/2009/02/install-java-6-on-centos-52.html (source)
• Go to http://java.sun.com/javase/downloads/index.jsp (grab the JDK!). You can browse to a download link and post that into your VM as something like the following
• wget http://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/VerifyItem-Start/jdk-6u14-linux-x64-rpm.bin?BundledLineItemUUID=CXFIBe.pePAAAAEioR0Hk1t8&OrderID=CgtIBe.pcWUAAAEilh0Hk1t8&ProductID=tPxIBe.oz2IAAAEhmh0zLjfT&FileName=/jdk-6u14-linux-x64-rpm.bin
  
• rename that long ugly file to jdk.rpm.bin
• mv <stupid long name> jdk.rpm.bin
  
• chmod 700 jdk.rpm.bin
  ./jdk.rpm.bin
  /usr/sbin/alternatives --config java
  
• Start Apache and MySQL at reboot
  /sbin/chkconfig httpd --level 2345 on
  /sbin/chkconfig mysqld --level 2345 on
  

And that's it. You have Apache serving pages at http://yoursite/ and phpMyAdmin at http://yoursite/phpmyadmin. Next up on the chopping block, adding Railo into the mix.

There has been some talk on CF-Talk lately about interacting with the Fedex WSDL/services. There's not really much in the way of examples that I could easily find on how to use this WSDL... and I've still not gotten over my hate of working with CFHTTP and authorize.net. I was hopping to not have to deal with that pain again, and it seems I won't!

So, we have this link to a most excellent (and free!) CFC here. You'll still need to step through the hoops to get a developer code from Fedex, but once you do...

This example (provided by the original author) includes a handy select box. This is great for me, and saves a TON of time playing with the XML.

PS.... I forgot to close the code block... I'm thinking BlogCFC could use a rich text editor.