Installing Railo, Tomcat & IIS 7.5 on MS Server 2008 r2 64bit (with Plesk thrown in to make it interesting)

UPDATE: Thanks to some input from the Railo folks at GoogleGroups, I’ve got a couple more ideas to try. One thing mentioned was that my “solution” doesn’t work very well in a production situation. It’s not much of a solution if that’s the case. I’ll keep you posted.

UPDATE 2: I’ve written a Part 2 post with the -proper- way to set up Railo and get it working on a 64 bit Windows server with Plesk. You can still read up on how to setup your server and website using plesk in this post. The Part 2 post only deals with getting Railo running

Initial Server Set up

Several months ago I had an idea for a website which I think is going to be very interesting. All the posts on this blog so far have been on things I’ve discovered at my day job, this project is a personal one. Part of personal means I needed to find a server to host the thing. I looked at shared Coldfusion hosting plans but I’ve grown so used to having complete control over my co-located server at work I was reluctant to give that up. I decided on goDaddy’s (GD from now on) “Value” Virtual Dedicated Server offering.

The server (virtual) specs are:

Operating System: Windows Server 2008 r2 64 bit
Processor: Intel Xeon L5609 @ 1.87 GHz
RAM: 2 GB
Total Disk Space: 30 GB
Bandwidth Quota: 1000 GB
Quota Used:1 GB
Control Panel Type: PleskDomains:30

Nothing to write home about but it’s a respectable package for $40 a month. There are also systems available with CentOS & Fedora for about the same price. There are 2 bits of fine rpint you need to know about

Only CentOS and Fedora plans can be upgraded without reprovisioning. To upgrade a Windows server, you must purchase a new plan, backup your data, and cancel your existing server.

Disk space includes operating system files, which can be close to 1 GB in a CentOS/Fedora server or 11 GB on a Windows server. Please take that into consideration when choosing a server size that best fits your needs.

So I knew that the 30G might end up being too small and that it wasn’t easily expandable (reprovisioning means your VM and everything on it is deleted and replaced with the default VM). However, I’m not sure if this project is going to go anywhere so I decided to take a conservative approach. BTW, the 11G used noted is only for OS space by the time I was finished with the various installs to get me up and running, I’m at 11.6G -free- space. If traffic & use grows, I’ll look at an upgrade. That’s one of the reasons I’m writing this today. I want a record of how I did it as it has taken a full week of evenings to get to a “hello world ” server status.

I expect many of you will be here looking for help with Railo & IIS 7.5. If so, you can skip the next bit and start reading HERE. Since I’m mostly writing this for me, I’m going to document the entire server setup procedure.

According to GD, after you’ve made your purchase, it takes up to 48 hours for your server to be provisioned. In my case it was about 6 hours.

Request an Additional IP

The first thing we need to do is set up our DNS so we can resolve the domain.  Well not quite. We need to set up the domain first but GD has a different way of handling Nameservers than my provider at work. My work provider has 2 dedicated Nameservers so their control panel takes care of most of the work. We just need to fill out a couple of forms. With GD, every vServer is its own NameServer so we need to set that up. To do this (for NetSol at least) we need 2 IP addresses. By default, when your server is provisioned you only get one. Fortunately, you can easily request another and the additional IP doesn’t appear to cost anything. I don’t know if GD has a limit to how many IP’s you can request but I only need 2 at the moment.

Log in to your Hosting Control Center

Select My Products > Server > Click on Request Additional IP  in the Account Summary tab. You just have to confirm that in fact you want one.

The issue here is that it takes 6-8 hours for one to be generated so it’s a good idea to get on this right away since without it, you’re not going to be able to get DNS set up.

Setting up your domain using Plesk

I’m not going to document how to do this if your domain is hosted by goDaddy, I expect it’s pretty simple. My registrar has been NetSol since the 90’s so this will be how to set up a domain provided by a 3rd party. Plesk is new to me and it has some interesting options and features. It also throws in an additional layer of complexity which had me a bit confused at various points in the build.

Log in to your Hosting Control Center

Select My Products > Server > Support Tab in the central panel > Launch Plesk (Note: You can also log in to Plesk from your desktop if you are logged on via RDP. )

Plesk is designed for resellers, which I may end up being at some point, however here I’m basically setting myself up as a “customer”.  To create a new domain you first create a Subscription. Fill out the form provided with your  Domain Name, Select your primary IP address,  Username & Strong password. You can also choose a service plan level (which relates to a level you set  for your customer). Submit the form & wait a couple of minutes and Plesk will set up a wesite in IIS based on a basic template, Most of the DNS entries you will require and Account information (for your customer) You can also create a Subscription at the same time as you create a Customer. I’m not going to go into that as I didn’t need to do it.

Setting Up Your Nameservers

(Just to clarify here, Plesk has 2 different control panels. Hosting Control & Domain Control. The HC Panel admins the details of each of the Customer accounts & their domains. The DC panel controls the setting of the Domain itself.

Assuming you now have 2 IP addresses, you can now set up your Nameservers. From HC Panel select Domains and then the Control Panel link of the domain. From the DC Panel select Websites & Domain > More > DNS Settings

(I’m not going to go into the details of DNS records. You can read about what the following means on Wikipedia.) By default, Plesk creates a single Nameserver (ns.domain.com) when the domain is created. We need 2 so we need to click Add Record. The form gives us a drop down to select resource type and a few fields to fill out based on what kind of resource.

Select A from the list

The Domain field will look like [       ].yourdomain.com > Enter NS2

In the IP Address field > Enter the second IP address you received from GD

Click OK

Click Add Record again

Select NS from the List.

The Domain field will look like [       ].yourdomain.com > Enter NS2

In the Nameserver field > Enter ns2.yourdomain.com

Click OK

Now you need to click Update to save the changes.

Now you can update your Nameserver pointers at your Domain Name provider. This is pretty straightforward. Log in to your provider, select your domain and modify DNS settings, add ns.yourdomain.com & ns2.yourdomain.com, click through the dire warnings about rendering your website unreachable and save. Now you’ll wait a few hours for the DNS to propagate.

Now on to setting up the server.

Basic Server Setup

We abandon Plesk now & get messy with the server itself via rdp

When you login via RDP you need to enter your primary IP as the Computer. When RDP asked for credentials, you enter them in the format servernameuser.  You set these up when you provisioned the server.

Now you have a brand spanking new MS Server 2008 r2 desktop to look at. First thing you’ll want to do is have a look at the Initial Configuration Tasks window which should run when you log on. By Default, most things like auto updates, roles & features are setup by provisioning but one thing that is not is Windows Firewall. You should enable the Public Networks location. This server has the full Windows Firewall  with Advanced Security suite and you can tweak to your hearts content but that’s another post. (by someone who knows a lot more about 2008 WFAS than I do)

The next thing I do is to install Firefox and the NoScript plugin. IE is locked down and is a real pain to use to download what we need. There is a real risk of server compromise by browsing sites so NoScript is a -must install- and no browsing Facebook!

Now you can fire up either Server Manager console and go to Roles > WebServer >IIS Manager or IIS Manager directly. For those of you who are used to IIS6 you’re going to be in for a bit of a shock. There’s nothing much familiar. I’m not going to go into much detail here other than to get you up and running with it.

First thing to do is expand the tree to view Sites. You’ll see that Plesk has set up a basic website for you. If your DNS has updated, you can browse to the site and see the Plesk default welcome site.If we were setting up a static site we’d be done however we’re Coldfusion coders so we’re not done yet.

Railo vs Coldfusion

As I noted before, this is a personal project which may or may not go anywhere. I couldn’t justify $1300 for a CF9 Standard install for this so I’ve decided to go with Railo. I could have also chosen Open BlueDragon. Both of these are open source CFML Servers. I’ve read that Railo is the fastest of the 3 but I don’t really know. I have installed CF8 Standard on 2008 r2 64bit and while there were some issues, it was up and running in a couple of hours. Railo? Not so much.

UPDATE 2: I’ve written a Part 2 post with the -proper- way to set up these various bits. You can still read up on how to setup you server and website using plesk in this post. The Part 2 post only deals with getting Railo running.

Important! Everything from here to the end of this is superseded by the Part 2 post. My solution at the end of this post, while it works, would not be suitable for a production environment. Read on to feel my pain, but don’t use the rest of this post for anything but a nice yet tragic work of fiction.

Installing Railo

The only walkthrough guide I’ve found to installing Railo on 2008 r2 64 is from 2008, refers to IIS 7 and not IIS 7.5 and does not account for the improvements in the installer that the Railo team have made. It wasn’t a lot of help. Grab the latest install package from getRailo.org. Choose Railo Server with Tomcat 6.xx.xx. This download contains both 32 & 64 bit packages. run the install and walk through the wizard. Just keep the defaults unless you have compelling reason to change them. Make note of the Tomcat Port in my case it was suggested to be 8888. Most of the docs available online suggest it runs on 8009. I’m not sure why it was different but it may be that 8009 was in use. In any case, this is important as we need to make some changes later on and we need to know the port number.Make sure Railo is set to start at boot and let the installer run.

Once complete, you’ll be asked if you want to go to the initial Admin page. Do so and you should get the welcome page at http://localhost:8888/index.cfm. From there you should immediately click the links for Railo Server Manager & Railo Website Manager and set admin passwords.

Pretty simple so far. We’ve verified that both Tomcat & Railo are working on Port 8888. However, we don’t want to be adding 8888 to every url so we need to set up Tomcat and IIS so we can intercept CFM & CFC files for processing by the Railo/Tomcat engine. This is where the problems started. Now let me be clear here. The install may work out of the box. It did not work for me. I believe I followed the step by step guides found on the Railo site and it did not work. The guides may have been written for IIS 7 and not 7.5 or perhaps I just missed something (for 6 days of evenings and multiple reinstalls) In any case, the following outlines some tof the issues I had and how to I got it running finally. Unfortunately, I didn’t record actual error messages I was getting so they’ll be a bit generic (and perhaps wrong in the context but it’s what I remember). I also may not have set this up entirely correctly. I’m writing this as I go, so I may add updates or corrections. If you spot anything I missed or a glaring un-fact, please let me know in the comments.

Setting up a Tomcat Website Context

First thing we need to do is go to C:railotomcatconf and edit server.xml to add a “website context”. This lets Tomcat know which sites to process.

<Host name=”www.yourdomain.com” appBase=”webapps”>
<Context path=”” docBase=”C:inetpubvhostsyourdomain.comhttpdocs” />
</Host>
<Host name=”yourdomain.com” appBase=”webapps”>
<Context path=”” docBase=”C:inetpubvhostsyoudomain.comhttpdocs” />
</Host>

Notice that there is an entry for each website binding If you only have  and entry for yourdomain.com, browsers pointing to http://www.yourdomain.com will not have pages parsed by Railo.  (ie: your website will be broken for them). The httpdocs folder is created by Plesk and that’s where all your CF files will go.

Save this file and restart tomcat. To make restarts simple, Railo creates a shortcut on the start menu Railo-Tomcat Service Control. Launch it the click Stop & Start

Now Serving CFML

At this point we’re almost ready to start serving files, but of course we need something to serve.  Create a file in your httpdocs folder called index.cfm and add the follwing code.

<cfoutput>Hello World. The time is now: #now()#</cfoutput>

Using NOW() is a good idea as it changes at every page load and will make sure you’re not viewing a cached page. We also need to add index.cfm as a document type in IIS, so open Default Document in IIS Manager, add it and move it to the top of the list.

At this point we need to check to see if we can serve pages. browse to http://youdomain.com:8888/index.cfm. All things going well, you’ll get our welcome page. Now try http://youdomain.com/index.cfm and you’ll get an error. (If you don’t you were luckier than and and you’re done!)

Tomcat and IIS 7.5 Connector

The Railo install includes isapi_redirect-1.2.31.64-bit.dll in the Railoconf directory (it also includes a 32 bit version). The install guide says to add that to ISASPI filters and add it as a Script Map in Handler Mapping for *.cf*.  The typical steps (with pictures for those who like that kind of thing) are on Doug Boude’s site. However this is the site I referred to that outlines the steps prior to the upgraded installer. The installer takes care of all the steps prior to “Tell IIS It’s Okay To Run the DLL”. Complete the remaining steps except for adding the jakarta vDirectory (it’s added by the installer), restart and theoretically, you’re done. Not so with me. Browsing from my laptop, I got a generic 404 error but browsing on the server, I got a more detailed message. A couple actually. First (I think),was a 500.19 Cannot read configuration file due to insufficient permissions. It may have been another error but it was a permissions error.

A Whole New Identity

IIS 7.5 changes the way that permissions are granted to the webserver. The new security context is per Application Pool rather than for the Network Service. I’ve read this is a big improvement in security and application isolation seems like a good thing to me. In any case, we need to deal with it to make our website work. When you create a website in Plesk as we have done, Plesk creates and Application pool with the followoing attributes

Name: plesk(default)(2.0)(pool)

.NET Framework: v2.0.5xxxx

Managed Pipeline Mode: Integrated

I’m a fuzzy on whether I created an AppPool for my website manually or not, but I have one set up.

Name: myDomain.com
.NET Framework: v2.0.5xxxx
Managed Pipeline Mode: Integrated

To make the site run under that context, you click on your site in IIS Manager and click Basic Settings from the right hand column. Select the AppPool you want to use. Restart the website. Now you need to give your AppPool permissions for the website. In Explorer, browse to your site in inetpub, right click and select the security tab. Click Edit and then Add. In the Object Names box type IIS AppPool{theAppPoolName}, and click ok.Try to browse your site. If you still get the 500.19 error (as I did) there is one more step. For some reason the permissions propagation to the entire folder contents didn’t seem to take place. To fix this, go back into the Security tab of the properties dialog and click Advanced. Click Change Permissions. Select all of the items in the Permission Entries section (IMPORTANT: don’t proceed until all are selected. failure to do so can mess up your folder permissions for this folder entirely!) Click the Replace All Child Object Permissions with the inheritable permissions from this object check box and click ok. This will apply the permission settings of the root folder of your website (which now includes your new AppPool context) to all objects below it. Click out of the dialogs and browse your site. All things having gone well, the 500.19 error should be gone. And replaced by another.

404.17 and the Temple of Doom

This is where things really started to get frustrating. The 404.17 error is The requested content appears to be script and will not be served by the static file handler. Well duh. Of course it’s a script. CFML is a scripting language. What this is telling us is that IIS doesn’t know how to handle the file and therefore the redirect to Tomcat/Railo is not working. After scouring the web for solutions and finding none using the isapi_redirect supplied with the install, I began to look at other options. I found a potential fix at one of my favourite code repositories, RiaForge in the TomcatIIS Connector which is based on the BonCode AJP. I ran the installer, and things started to look promising however I ended up with a new error:  System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission. This error occurs when the system tries to process a dll that it doesn’t know about, ie: one downloaded from the internet. The fix is to Unblock the DLL (how-to) for the 2 BonCode DLL’s. If you elected to add the connector to every IIS site during install, you have to manually unblock them in every directory that they occur. On the Riaforge notes, the author suggests you can also get around this by switching the Security model from AppPool back to Network Service. I think it’s better to stay with the AppPool and fix it -properly- and not revert to a less secure state. Once the DLL’s were unblocked and everything was restarted, I hit the browse button and….. 404.17 The requested content appears to be script and will not be served by the static file handler. Sigh.

So what to do now. In my browsing, I saw one mention  of tossing the Tomcat connector (because it was such a cumbersome and miserable thing to get working with IIS. really?!@)  and using Application Request Routing. There a basic set up walk through which includes how to install it at IIS.net  However, I’ll walk you through how I set the thing up.

A Light at the End

Once ARR is installed, it will show up in IIS Manager with a new entry called Server Farms. Right Click and Create New. Call it RailoTomcat or whatever. For server address enter localhost. Click the Advanced Settings link and enter the Tomcat port for the httpPort entry, 8888 in my case. Click through until you’ve got a new “server farm” of one server called localhost. Restart IIS & Tomcat and browse to http://youdomain.com/index.cfm.

Hello World. The time is now: {ts ‘2011-09-05 08:39:03’}

Success!

It works. It works. Once more time. It works.

Alright. We can start setting up our website. Back to Plesk. Oops. Why is the Tomcat Admin page there. Hmm. Seems that we need to add some routing rules as -everything- going to localhost is passed through 8888 (to Tomcat) at this point. Click on you Server Farm and open the Routing Rules.Open Advanced routing URLRewrite, Click on the Inbound Rule and under Inbound Rules in the right column. Add *.cf* as a pattern. You can also  add exclusions for *.jpg, *.html, *.php, *.css, *.asp. This will prevent passing  files to tomcat that it doesn’t need to process. You don’t have to add exclusions but it will probably help server performance.

And that pretty much wraps it up. I’m now serving CFML on IIS 7.5 using Railo and Tomcat.

As I said, at the beginning, you may not have any of these issues. I did. This was my solution. Hopefully it works for you. If you’ve got any suggestions or corrections on any of what I’ve written, please post in the comments. Most of this is all new territory for me so I may have gone down a few wrong paths to get to my working solution.

Advertisements

One Response to Installing Railo, Tomcat & IIS 7.5 on MS Server 2008 r2 64bit (with Plesk thrown in to make it interesting)

  1. Pingback: Installing Railo/Tomcat in Windows Server 2008 r2 IIS 7.5 With Plesk – The Correct Way « Sid’s FishNet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: