Installing Railo/Tomcat on 64 bit Windows Server 2008 R2 with IIS 7.5 and Plesk – The Correct Way

November 2015 UPDATE: Obviously this is an old post but it still gets hits. Everyone should know that Railo is a dead project. The main developer has forked it into Lucee (found on lucee.org). Lucee is currently stable at v4.5x with public beta testing of v5. Lucee is by far the best non Adobe CF interpreter and I highly recommend it.

This is an update of the post on setting up my new server and my struggle to get Railo installed. After a few tips from Google Groups for Railo and specifically Mark Drew (CEO Railo UK & original author of cfeclipse, my favourite CFML editor) & Jordan Michaels (Community Deployments Coordinator – ie: the install guy), I decided to reprovision (ie: reinstall) my virtual server and give it another try. I actually did this final setup twice, once to get it to work and once to document it. I’m getting pretty good at it now ūüôā

Basically, the problems I experienced in the first few times around were due to 2 things; Plesk and my confusion (or IIS 7.5 lack of clarity) as to what Enable 32 Bit Applications means. Plesk does quite a few funky things to IIS since it is a web based management tool. Much of my grief stemmed from the fact that Plesk is a 32 bit App and my server install is 64 bit. Plesk also uses but doesn’t expose a version of Tomcat. My confusion in the original post as to why the Railo Tomcat was installing itself on a different port than normal was likely due to the Plesk instance. Now we don’t want to break Plesk (I’m paying for it every month!) so we need a procedure to make it play nice and undo some of the problems it causes with IIS. The following outlines the steps needed to get Plesk, Railo, Tomcat & iis 7.5 all running happily.

The first section of my previous post outlines how to set up the server and a single website using Plesk on a GoDaddy VPS (virtual private server). I’m assuming Plesk operates pretty much the same on all II 7.5 setups so it should be pretty standard. That setup walkthrough is still valid however, as I found out, the remaining part of the post dealing with Railo & IIS is incorrect (well, not exactly incorrect – it did get things working, just not in the best way) and superseded by this. I’ve also changed the order in which I did some things so let’s get started.

Fixing what Plesk Hath Wrought

Once we’ve created our website via the Plesk panel we need to go and make some changes in IIS so fire up inetmgr

Select Application Pools under the main node of your site. You’ll notice there a couple of the standard and a couple added by Plesk.

Click Set Application Pool Defaults from the right column. Here we see that Plesk has set Enable 32 Bit Applications to True. We need to set this to false.

This was a big stumbling block for me on the first couple tries as I did not have a clear understanding as to what Enable means. For IIS 7.5 Enable means Only Allow.¬† So If you have this set in defaults it will create all new AppPools with 32 bit enabled preventing 64 bit apps from running. You will get an error: HTTP Error 500.0 – Internal Server Error Calling LoadLibraryEx on ISAPI filter “C:\railo\connector\isapi_redirect-1.2.31.dll” failed.

The other very confusing thing is that this seems to override individually set AppPool settings and break all 64 bit websites if 32 bit is enabled in Application Pool Defaults.  In order to have a mixed 32/64 bit environment you MUST have Application Pool Enabled 32 bit Application set to FALSE. To allow an individual site to run 32 bit apps, you need to click on the appPool you want to change and click Advanced Settings from the right column.Change the drop down from False (the default) to True

For Plesk to work we need to set  both plesk(default)(2.0)(pool) and PleskControlPanel to use 32 bit applications. Once you have done this, browse to your Plesk panel and verify everything is working.

Now that we’ve got Plesk in a 64 bit environment, we need to add an AppPool for our new website. Click Add Application Pool in the right column and give your pool a meaningful¬† name. The name of the website works well. Leave the other settings as they are.

Now that we’ve got that set up, we need to associate the new AppPool with the new website. Select the website in the left column and then click Advanced Settings from the right. You’ll note that the website is set up by Plesk to use plesk(default)(2.0)(pool). Click on this and then¬† click on the […] Select your new AppPool and click OK.

Install Railo

Not much to say here. Run the setup routine, making note of your Tomcat admin password. The installer may request that you choose a port for Tomcat. If you don’t get asked, it means that Tomcat can use the default port. If you do, it means that something is using that port. I assume it’s Plesk’s version of Tomcat? This happened twice and the rest of the time it didn’t on the various installs I’ve tried. Does Plesk choose different ports at setup? I don’t know. Remember, my install is based on an OS image with Plesk pre-installed so I don’t have any control over it’s install.

Once the install is complete and you get the first run page, set your Server & Web Admin Passwords for Railo.

Now we need to fix one more issue introduced by Plesk. This one was another stumbling block in my initial tries. Because I installed Railo immediately, I did not know that Plesk had already set up a jakarta virtual directory pointing to its own version (32 bit) isapi connector for use by its own version of Tomcat. Without going into too much detail about that, the jakarta vDir in any application that uses railo needs to be pointed at the railo isapi 64bit  connector (on a 64 bit OS). Click on the jakarta subdirectory of your website, Click Advanced Settings in the left column and  point the physical path of the Railo connector

Now we’ve cleared up all the issues caused by Plesk and it’s time to move on to the final set up of IIS 7.5

The Home Stretch

The Railo install does a lot of the work for you but we do have to do a few things. The server root node will have a Handler Mapping for *.cfm files set up, but it doesn’t seem to set it up for individual sites. Click on your website node and then Handler Mappings. Click Add Script Map from the right column. Set the Request Path to *.cf*. All the Railo walkthroughs I’ve seen only seem to add one for *.cfm. The installer only adds *.cfm but I’m not sure if it will process CFC’s if only *.cfm is set up. I assume it will but it won’t hurt to use *.cf* to cover both right?

edit: While I don’t think it will do any harm to set it to *.cf*, setting/leaving the Handler Mapping as *.cfm is fine. Now that I have an actual operating system, I was able to verify that CFCs were processed correctly with only a mapping for *.cfm

Point the executable to the {installPath}\connector\isapi_redirect-xx.xx.xx.dll and give it a name.

*note: some of the more eagle eyed of you may notice that the path in the handler mapping screen cap above shows I’m adding the Handler Mapping in the {website} > jakarta section. This was not intentional. You should be in the root node of your website when you add an handler mapping. In this case it should have been railoinstalltest.ca


Now double check that there is an entry for the isapi connector in the Isapi Filters section. This should be added by the installer but if not you can add it easily.

One final thing to do is to make sure that index.cfm is at the top of the Default Documents list (not necessary but I’d do it in any case). Index.cfm should be added by the installer, but if not you can add it.

Adding a Tomcat Webcontext

Click on Start Menu >All Programs¬† > Railo >Tomcat Host Config to open up the Tomcat Server.xml file (a nice touch added by the installer). Scroll to the bottom of this file to add your “webcontext”; basically tell Tomcat what directory to watch under what website. There is a template to use which is commented out with <!– –>

<!–
<Host name=”[ENTER DOMAIN NAME]” appBase=”webapps”>
<Context path=”” docBase=”[ENTER SYSTEM PATH]” />
</Host>
–>

Copy that twice and modify it to add the Hostnames of your site and the path to the document root.

<Host name=”railoinstalltest.ca” appBase=”webapps”>
<Context path=”” docBase=”C:\inetpub\vhosts\railoinstalltest.ca\httpdocs” />
</Host>

Note that there are two instances for a single site; one for http://www.railoinstalltest.ca and one for railoinstalltest.ca. You would need to repeat this for each binding your site has that you want to process cfm files. You wouldn’t need to add one for http://ftp.railoinstalltest.ca but you probably would for admin.railoinstalltest.ca

edit: Thanks to Spills in the comments for pointing me to the use of Alias. Add an alias for each binding of your site that you want to process cfm files. Saves a few lines and if you have a lot of sites, it keeps the file cleaner.

<Host name=”www.railoinstalltest.ca” appBase=”webapps”>
<Context path=”” docBase=”C:\inetpub\vhosts\railoinstalltes.ca\httpdocs” />
<Alias>railoinstalltest.ca</Alias>
</Host>

Save the file and restart Tomcat using Start Menu >All Programs  > Railo > Railo-Tomcat Service Control

Now at this point we -should- be able to browse our first cfm file. (but I bet you’re guessing maybe, just maybe we can’t?)

Create a simple one
<cfoutput> <h1>Hello World!</h1><br> The time is #now()#</cfoutput>

and save it to the httpdocs folder of your website and browse to the site and…

You’ll note the error detail Cannot read configuration file due to insufficient permissions. Now we know that the website configuration file is web.config and it is located in the document root of each website. So the error message tells us that for some reason, IIS doesn’t have permission to read that file, or more accurately, the website’s AppPool doesn’t. In IIS 7.5 the appPool is an isolated security context for each website, provided you set them up that way as we did. We need to give the appPool permissions to access the directory. Open Explorer and browse to your webroot, in this case inetpub\vhosts and select your website. Right click and select the security tab. Click Edit and then Add. In the Object Names box enter IIS AppPool\{nameof yourAppPool} or in this case IIS AppPool\railotest. Click ok.

Now at this point (again) you’d think we’d be done, but I discovered that granting permissions at the topmost level of the site doesn’t propagate the changes to lower directories like you’d expect. I’m not sure if this is a Server 2008R2 thing or something related to IIS AppPool objects but we need to do one more thing. From the Security Tab of the properties box, click Advanced > Change Permissions. Click in the Permission Entries box and select all of the entries, including the AppPool entry you just added. This step is important and failure to do so can mess up the permissions for the site. Click the Replace All Child Object Permissions With Inheritable Permissions From this Object check box. This will set the permissions of all of the subdirectories of the root website based on the permissions of the root directory (ie: the one we just added the AppPool permission). It does this for each Permission Entry in the list. As such all of the subdirectories will have permissions Read & Execute, List Folder Contents and Read set for your website AppPool.

Finally, back to the browser and …..

Ahhh, I love it when a plan (and 2 weeks, 5 OS reinstalls and several hundred cups of coffee) come together.

Unlike my previous post, I’m pretty confident that this is the correct way to get these various pieces of code to live on my webserver in glorious harmony. I didn’t realize when I started this project that I would be spending this much time just getting the server set up, but in retrospect, I’m glad it did. I have a much better understanding of how all the various pieces work and feel much better about the way my server is set up. My initial attempts led to so much random clicking of settings that I could have easily compromised the security of the server. I’m very glad that I have a VPS so flattening the server and starting again was a simple, 2-3 hours automated process which required none of my time.

As before, If you’ve got any corrections or suggestions, let me know about them in the comments.

Advertisements

Installing Railo, Tomcat & IIS 7.5 on MS Server 2008 r2 64bit (with Plesk thrown in to make it interesting)

UPDATE: Thanks to some input from the Railo folks at GoogleGroups, I’ve got a couple more ideas to try. One thing mentioned was that my “solution” doesn’t work very well in a production situation. It’s not much of a solution if that’s the case. I’ll keep you posted.

UPDATE 2: I’ve written a Part 2 post with the -proper- way to set up Railo and get it working on a 64 bit Windows server with Plesk. You can still read up on how to setup your server and website using plesk in this post. The Part 2 post only deals with getting Railo running

Initial Server Set up

Several months ago I had an idea for a website which I think is going to be very interesting. All the posts on this blog so far have been on things I’ve discovered at my day job, this project is a personal one. Part of personal means I needed to find a server to host the thing. I looked at shared Coldfusion hosting plans but I’ve grown so used to having complete control over my co-located server at work I was reluctant to give that up. I decided on goDaddy’s (GD from now on) “Value” Virtual Dedicated Server offering.

The server (virtual) specs are:

Operating System: Windows Server 2008 r2 64 bit
Processor: Intel Xeon L5609 @ 1.87 GHz
RAM: 2 GB
Total Disk Space: 30 GB
Bandwidth Quota: 1000 GB
Quota Used:1 GB
Control Panel Type: PleskDomains:30

Nothing to write home about but it’s a respectable package for $40 a month. There are also systems available with CentOS & Fedora for about the same price. There are 2 bits of fine rpint you need to know about

Only CentOS and Fedora plans can be upgraded without reprovisioning. To upgrade a Windows server, you must purchase a new plan, backup your data, and cancel your existing server.

Disk space includes operating system files, which can be close to 1 GB in a CentOS/Fedora server or 11 GB on a Windows server. Please take that into consideration when choosing a server size that best fits your needs.

So I knew that the 30G might end up being too small and that it wasn’t easily expandable (reprovisioning means your VM and everything on it is deleted and replaced with the default VM). However, I’m not sure if this project is going to go anywhere so I decided to take a conservative approach. BTW, the 11G used noted is only for OS space by the time I was finished with the various installs to get me up and running, I’m at 11.6G -free- space. If traffic & use grows, I’ll look at an upgrade. That’s one of the reasons I’m writing this today. I want a record of how I did it as it has taken a full week of evenings to get to a “hello world ” server status.

I expect many of you will be here looking for help with Railo & IIS 7.5. If so, you can skip the next bit and start reading HERE. Since I’m mostly writing this for me, I’m going to document the entire server setup procedure.

According to GD, after you’ve made your purchase, it takes up to 48 hours for your server to be provisioned. In my case it was about 6 hours.

Request an Additional IP

The first thing we need to do is set up our DNS so we can resolve the domain.¬† Well not quite. We need to set up the domain first but GD has a different way of handling Nameservers than my provider at work. My work provider has 2 dedicated Nameservers so their control panel takes care of most of the work. We just need to fill out a couple of forms. With GD, every vServer is its own NameServer so we need to set that up. To do this (for NetSol at least) we need 2 IP addresses. By default, when your server is provisioned you only get one. Fortunately, you can easily request another and the additional IP doesn’t appear to cost anything. I don’t know if GD has a limit to how many IP’s you can request but I only need 2 at the moment.

Log in to your Hosting Control Center

Select My Products > Server > Click on Request Additional IP  in the Account Summary tab. You just have to confirm that in fact you want one.

The issue here is that it takes 6-8 hours for one to be generated so it’s a good idea to get on this right away since without it, you’re not going to be able to get DNS set up.

Setting up your domain using Plesk

I’m not going to document how to do this if your domain is hosted by goDaddy, I expect it’s pretty simple. My registrar has been NetSol since the 90’s so this will be how to set up a domain provided by a 3rd party. Plesk is new to me and it has some interesting options and features. It also throws in an additional layer of complexity which had me a bit confused at various points in the build.

Log in to your Hosting Control Center

Select My Products > Server > Support Tab in the central panel > Launch Plesk (Note: You can also log in to Plesk from your desktop if you are logged on via RDP. )

Plesk is designed for resellers, which I may end up being at some point, however here I’m basically setting myself up as a “customer”.¬† To create a new domain you first create a Subscription. Fill out the form provided with your¬† Domain Name, Select your primary IP address,¬† Username & Strong password. You can also choose a service plan level (which relates to a level you set¬† for your customer). Submit the form & wait a couple of minutes and Plesk will set up a wesite in IIS based on a basic template, Most of the DNS entries you will require and Account information (for your customer) You can also create a Subscription at the same time as you create a Customer. I’m not going to go into that as I didn’t need to do it.

Setting Up Your Nameservers

(Just to clarify here, Plesk has 2 different control panels. Hosting Control & Domain Control. The HC Panel admins the details of each of the Customer accounts & their domains. The DC panel controls the setting of the Domain itself.

Assuming you now have 2 IP addresses, you can now set up your Nameservers. From HC Panel select Domains and then the Control Panel link of the domain. From the DC Panel select Websites & Domain > More > DNS Settings

(I’m not going to go into the details of DNS records. You can read about what the following means on Wikipedia.) By default, Plesk creates a single Nameserver (ns.domain.com) when the domain is created. We need 2 so we need to click Add Record. The form gives us a drop down to select resource type and a few fields to fill out based on what kind of resource.

Select A from the list

The Domain field will look like [       ].yourdomain.com > Enter NS2

In the IP Address field > Enter the second IP address you received from GD

Click OK

Click Add Record again

Select NS from the List.

The Domain field will look like [       ].yourdomain.com > Enter NS2

In the Nameserver field > Enter ns2.yourdomain.com

Click OK

Now you need to click Update to save the changes.

Now you can update your Nameserver pointers at your Domain Name provider. This is pretty straightforward. Log in to your provider, select your domain and modify DNS settings, add ns.yourdomain.com & ns2.yourdomain.com, click through the dire warnings about rendering your website unreachable and save. Now you’ll wait a few hours for the DNS to propagate.

Now on to setting up the server.

Basic Server Setup

We abandon Plesk now & get messy with the server itself via rdp

When you login via RDP you need to enter your primary IP as the Computer. When RDP asked for credentials, you enter them in the format servernameuser.  You set these up when you provisioned the server.

Now you have a brand spanking new MS Server 2008 r2 desktop to look at. First thing you’ll want to do is have a look at the Initial Configuration Tasks window which should run when you log on. By Default, most things like auto updates, roles & features are setup by provisioning but one thing that is not is Windows Firewall. You should enable the Public Networks location. This server has the full Windows Firewall¬† with Advanced Security suite and you can tweak to your hearts content but that’s another post. (by someone who knows a lot more about 2008 WFAS than I do)

The next thing I do is to install Firefox and the NoScript plugin. IE is locked down and is a real pain to use to download what we need. There is a real risk of server compromise by browsing sites so NoScript is a -must install- and no browsing Facebook!

Now you can fire up either Server Manager console and go to Roles > WebServer >IIS Manager or IIS Manager directly. For those of you who are used to IIS6 you’re going to be in for a bit of a shock. There’s nothing much familiar. I’m not going to go into much detail here other than to get you up and running with it.

First thing to do is expand the tree to view Sites. You’ll see that Plesk has set up a basic website for you. If your DNS has updated, you can browse to the site and see the Plesk default welcome site.If we were setting up a static site we’d be done however we’re Coldfusion coders so we’re not done yet.

Railo vs Coldfusion

As I noted before, this is a personal project which may or may not go anywhere. I couldn’t justify $1300 for a CF9 Standard install for this so I’ve decided to go with Railo. I could have also chosen Open BlueDragon. Both of these are open source CFML Servers. I’ve read that Railo is the fastest of the 3 but I don’t really know. I have installed CF8 Standard on 2008 r2 64bit and while there were some issues, it was up and running in a couple of hours. Railo? Not so much.

UPDATE 2: I’ve written a Part 2 post with the -proper- way to set up these various bits. You can still read up on how to setup you server and website using plesk in this post. The Part 2 post only deals with getting Railo running.

Important! Everything from here to the end of this is superseded by the Part 2 post. My solution at the end of this post, while it works, would not be suitable for a production environment. Read on to feel my pain, but don’t use the rest of this post for anything but a nice yet tragic work of fiction.

Installing Railo

The only walkthrough guide I’ve found to installing Railo on 2008 r2 64 is from 2008, refers to IIS 7 and not IIS 7.5 and does not account for the improvements in the installer that the Railo team have made. It wasn’t a lot of help. Grab the latest install package from getRailo.org. Choose Railo Server with Tomcat 6.xx.xx. This download contains both 32 & 64 bit packages. run the install and walk through the wizard. Just keep the defaults unless you have compelling reason to change them. Make note of the Tomcat Port in my case it was suggested to be 8888. Most of the docs available online suggest it runs on 8009. I’m not sure why it was different but it may be that 8009 was in use. In any case, this is important as we need to make some changes later on and we need to know the port number.Make sure Railo is set to start at boot and let the installer run.

Once complete, you’ll be asked if you want to go to the initial Admin page. Do so and you should get the welcome page at http://localhost:8888/index.cfm. From there you should immediately click the links for Railo Server Manager & Railo Website Manager and set admin passwords.

Pretty simple so far. We’ve verified that both Tomcat & Railo are working on Port 8888. However, we don’t want to be adding 8888 to every url so we need to set up Tomcat and IIS so we can intercept CFM & CFC files for processing by the Railo/Tomcat engine. This is where the problems started. Now let me be clear here. The install may work out of the box. It did not work for me. I believe I followed the step by step guides found on the Railo site and it did not work. The guides may have been written for IIS 7 and not 7.5 or perhaps I just missed something (for 6 days of evenings and multiple reinstalls) In any case, the following outlines some tof the issues I had and how to I got it running finally. Unfortunately, I didn’t record actual error messages I was getting so they’ll be a bit generic (and perhaps wrong in the context but it’s what I remember). I also may not have set this up entirely correctly. I’m writing this as I go, so I may add updates or corrections. If you spot anything I missed or a glaring un-fact, please let me know in the comments.

Setting up a Tomcat Website Context

First thing we need to do is go to C:railotomcatconf and edit server.xml to add a “website context”. This lets Tomcat know which sites to process.

<Host name=”www.yourdomain.com” appBase=”webapps”>
<Context path=”” docBase=”C:inetpubvhostsyourdomain.comhttpdocs” />
</Host>
<Host name=”yourdomain.com” appBase=”webapps”>
<Context path=”” docBase=”C:inetpubvhostsyoudomain.comhttpdocs” />
</Host>

Notice that there is an entry for each website binding If you only have¬† and entry for yourdomain.com, browsers pointing to http://www.yourdomain.com will not have pages parsed by Railo.¬† (ie: your website will be broken for them). The httpdocs folder is created by Plesk and that’s where all your CF files will go.

Save this file and restart tomcat. To make restarts simple, Railo creates a shortcut on the start menu Railo-Tomcat Service Control. Launch it the click Stop & Start

Now Serving CFML

At this point we’re almost ready to start serving files, but of course we need something to serve.¬† Create a file in your httpdocs folder called index.cfm and add the follwing code.

<cfoutput>Hello World. The time is now: #now()#</cfoutput>

Using NOW() is a good idea as it changes at every page load and will make sure you’re not viewing a cached page. We also need to add index.cfm as a document type in IIS, so open Default Document in IIS Manager, add it and move it to the top of the list.

At this point we need to check to see if we can serve pages. browse to http://youdomain.com:8888/index.cfm. All things going well, you’ll get our welcome page. Now try http://youdomain.com/index.cfm and you’ll get an error. (If you don’t you were luckier than and and you’re done!)

Tomcat and IIS 7.5 Connector

The Railo install includes isapi_redirect-1.2.31.64-bit.dll in the Railoconf directory (it also includes a 32 bit version). The install guide says to add that to ISASPI filters and add it as a Script Map in Handler Mapping for *.cf*.¬† The typical steps (with pictures for those who like that kind of thing) are on Doug Boude’s site. However this is the site I referred to that outlines the steps prior to the upgraded installer. The installer takes care of all the steps prior to “Tell IIS It’s Okay To Run the DLL”. Complete the remaining steps except for adding the jakarta vDirectory (it’s added by the installer), restart and theoretically, you’re done. Not so with me. Browsing from my laptop, I got a generic 404 error but browsing on the server, I got a more detailed message. A couple actually. First (I think),was a 500.19¬†Cannot read configuration file due to insufficient permissions. It may have been another error but it was a permissions error.

A Whole New Identity

IIS 7.5 changes the way that permissions are granted to the webserver. The new security context is per Application Pool rather than for the Network Service. I’ve read this is a big improvement in security and application isolation seems like a good thing to me. In any case, we need to deal with it to make our website work. When you create a website in Plesk as we have done, Plesk creates and Application pool with the followoing attributes

Name: plesk(default)(2.0)(pool)

.NET Framework: v2.0.5xxxx

Managed Pipeline Mode: Integrated

I’m a fuzzy on whether I created an AppPool for my website manually or not, but I have one set up.

Name: myDomain.com
.NET Framework: v2.0.5xxxx
Managed Pipeline Mode: Integrated

To make the site run under that context, you click on your site in IIS Manager and click Basic Settings from the right hand column. Select the AppPool you want to use. Restart the website. Now you need to give your AppPool permissions for the website. In Explorer, browse to your site in inetpub, right click and select the security tab. Click Edit and then Add. In the Object Names box type IIS AppPool{theAppPoolName}, and click ok.Try to browse your site. If you still get the 500.19 error (as I did) there is one more step. For some reason the permissions propagation to the entire folder contents didn’t seem to take place. To fix this, go back into the Security tab of the properties dialog and click Advanced. Click Change Permissions. Select all of the items in the Permission Entries section (IMPORTANT: don’t proceed until all are selected. failure to do so can mess up your folder permissions for this folder entirely!) Click the Replace All Child Object Permissions with the inheritable permissions from this object check box and click ok. This will apply the permission settings of the root folder of your website (which now includes your new AppPool context) to all objects below it. Click out of the dialogs and browse your site. All things having gone well, the 500.19 error should be gone. And replaced by another.

404.17 and the Temple of Doom

This is where things really started to get frustrating. The 404.17 error is The requested content appears to be script and will not be served by the static file handler. Well duh. Of course it’s a script. CFML is a scripting language. What this is telling us is that IIS doesn’t know how to handle the file and therefore the redirect to Tomcat/Railo is not working. After scouring the web for solutions and finding none using the isapi_redirect supplied with the install, I began to look at other options. I found a potential fix at one of my favourite code repositories, RiaForge in the TomcatIIS Connector which is based on the BonCode AJP. I ran the installer, and things started to look promising however I ended up with a new error:¬† System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission. This error occurs when the system tries to process a dll that it doesn’t know about, ie: one downloaded from the internet. The fix is to Unblock the DLL (how-to) for the 2 BonCode DLL’s. If you elected to add the connector to every IIS site during install, you have to manually unblock them in every directory that they occur. On the Riaforge notes, the author suggests you can also get around this by switching the Security model from AppPool back to Network Service. I think it’s better to stay with the AppPool and fix it -properly- and not revert to a less secure state. Once the DLL’s were unblocked and everything was restarted, I hit the browse button and….. 404.17 The requested content appears to be script and will not be served by the static file handler. Sigh.

So what to do now. In my browsing, I saw one mention¬† of tossing the Tomcat connector (because it was such a cumbersome and miserable thing to get working with IIS. really?!@)¬† and using Application Request Routing. There a basic set up walk through which includes how to install it at IIS.net¬† However, I’ll walk you through how I set the thing up.

A Light at the End

Once ARR is installed, it will show up in IIS Manager with a new entry called Server Farms. Right Click and Create New. Call it RailoTomcat or whatever. For server address enter localhost. Click the Advanced Settings link and enter the Tomcat port for the httpPort entry, 8888 in my case. Click through until you’ve got a new “server farm” of one server called localhost. Restart IIS & Tomcat and browse to http://youdomain.com/index.cfm.

Hello World. The time is now: {ts ‘2011-09-05 08:39:03’}

Success!

It works. It works. Once more time. It works.

Alright. We can start setting up our website. Back to Plesk. Oops. Why is the Tomcat Admin page there. Hmm. Seems that we need to add some routing rules as -everything- going to localhost is passed through 8888 (to Tomcat) at this point. Click on you Server Farm and open the Routing Rules.Open Advanced routing URLRewrite, Click on the Inbound Rule and under Inbound Rules in the right column. Add *.cf* as a pattern. You can also¬† add exclusions for *.jpg, *.html, *.php, *.css, *.asp. This will prevent passing¬† files to tomcat that it doesn’t need to process. You don’t have to add exclusions but it will probably help server performance.

And that pretty much wraps it up. I’m now serving CFML on IIS 7.5 using Railo and Tomcat.

As I said, at the beginning, you may not have any of these issues. I did. This was my solution. Hopefully it works for you. If you’ve got any suggestions or corrections on any of what I’ve written, please post in the comments. Most of this is all new territory for me so I may have gone down a few wrong paths to get to my working solution.