Jan
24

As I was finishing this guide on installing ColdFusion 9 on Ubuntu Linux I tweeted how many words made up the text (over 6,000). Several people commented on Twitter and Facebook saying things like: "[the length] seems a bit excessive," and "is it that complicated?" The thing is, I'm covering much more than simply installing ColdFusion. Overall, just installing ColdFusion isn't that big of a deal. But I've yet to see a guide or blog post that outlines all the other topics related to getting a decent ColdFusion server on Ubuntu up and running. That's why I wrote this super guide, to outline what I believe is important to know about installing ColdFusion. Of course, I'm not covering every single possible detail, but I believe I've hit on all the major topics. Along the way I sprinkle in my own ideas, thoughts, and what I believe are best practices. After you read this post and walk through all the instructions you should have a very solid ColdFusion / Apache set up on Ubuntu Linux.

There are two important things to note, so please read on.

First, this post is all about Ubuntu. Everything you will read, all paths, and every setup aspect is written specifically for Ubuntu. I've tested these instructions on Ubuntu 10.04 (Lucid Lynx), but they should be accurate from 9.04 (Jaunty Jackalope) on. If you're disappointed this was written for Ubuntu, don't be. I have a CentOS post right here that covers all the same topics.

Secondly, and this is extremely important, all commands throughout this post are assumed to be run as root. Some of the commands can be run without root, but most of them cannot. So please, log into your Ubuntu server using the root account, put sudo in front of every command, or run the su - root command (under a non-root account) before walking through the instructions.

Before we get going, here's a list of what I'll be covering:

  1. Creating a Linux user for ColdFusion
  2. Disabling SSH and FTP login for the coldfusion user account
  3. Installing the required libstdc++.so.5 C++ Library
  4. Running the ColdFusion installer
  5. Starting ColdFusion for the first time
  6. Installing the ColdFusion 9.0.1 updater
  7. Verifying the installation of 9.0.1
  8. Creating a new ColdFusion instance for general use
  9. Tweaking the JVM memory settings
  10. Hooking Apache and ColdFusion together
  11. Locking down Apache
  12. Configuring ColdFusion to start on system boot

Create a Linux user for ColdFusion

Generally speaking it's a good idea to run each Linux service under its own Linux user account. This allows you to tailor the security and permissions of the service based on your application or business needs. When you install ColdFusion on Linux you will be asked which user account you want the service to run as. Create the user account using the command below. You don't have to use the same username I am, but if you choose something different remember it as it'll be needed later. The adduser command on Ubuntu will create a user account and group account of the same name. It'll also create a home directory for the user in /home/coldfusion/. You'll be asked to type in user details such as full name, phone number, etc. Make sure you type a full name, but the rest of the fields can be left blank by pressing enter.

adduser coldfusion

Disable SSH and FTP login for the coldfusion user account

When you create a Linux user account the account comes with the ability to login to the server via SSH. This is generally a good thing but not when you are creating an account for the sole purpose of running an application as a service. The coldfusion user account you just created isn't meant to be used as a remote access account so let's lock it down so no one can use it to access the server.

# Open the Ubuntu passwd file in a text editor. Nano or vim work great. I'm a
# huge fan of vim, but since nano is easier I'll show the instructions for nano.
nano /etc/passwd

Look for the line that starts "coldfusion:x:1001:1001..." Your numbers may be different from mine. It should be the last line in the file. Change the last part of the line that reads "/bin/bash" - which is the users shell - to "/bin/false." Here's both of my lines, before and after.

# BEFORE: coldfusion:x:1001:1001:ColdFusion:/home/coldfusion:/bin/bash
# AFTER
coldfusion:x:1001:1001:ColdFusion:/home/coldfusion:/bin/false

# Exit the file and save
CTRL-x [enter]
y [enter]

Get the ColdFusion 9 installation file (.bin on Linux)

There are several ways you can go about getting the installation file for ColdFusion 9. The easiest is probably by logging into your Adobe account and downloading either the 32-bit install file (coldfusion_9_WWE_linux.bin) or the 64-bit install file (coldfusion_9_WWE_linux64.bin). I highly recommend you go with a 64-bit installation as this will allow you to allocate much more RAM to the ColdFusion server than in a 32-bit environment. Of course, this requires you have a 64-bit version of Ubuntu installed as well. After you've downloaded the install file you need to transfer it to your Linux server. I generally use scp (Secure Copy) on my MacBook Pro to transfer the coldfusion_9_WWE_linux64.bin file directly to my server via SSH. Here's an example showing how to do that. Whether you are on a Mac or not, use whatever you're comfortable with.

# Format: scp [path_to_file_on_your_mac] [linux_username]@[remote_server_ip]:[remote_path]
# You'll be prompted to enter the password for the remote user.
scp /Users/aaron/Downloads/coldfusion_9_WWE_linux64.bin user@10.0.1.9:/install

Make the install file executable

Before you can run the installation file you need to make it executable. Navigate to the directory where you placed the file and run the change mod command to make it executable.

cd /install

# For the 32-bit installation
chmod +x coldfusion_9_WWE_linux.bin

# For the 64-bit installation
chmod +x coldfusion_9_WWE_linux64.bin

Install the required libstdc++.so.5 C++ Library

There's one final thing you need to do before running the installer. ColdFusion 8 and 9 require the libstdc++.so.5 C++ library for a few features such as custom tags, Web Services and some cfimage functionality. Download and install the library using the package manager built into Ubuntu. Note there are two processes here, one for 32-bit Ubuntu and one for 64-bit Ubuntu.

32-bit Ubuntu

# If for some reason this install fails, see the instructions for 64-bit Ubuntu below.
apt-get install libstdc++5

64-bit Ubuntu

# Open the apt-get sources list in a text editor.
nano /etc/apt/sources.list

# Add the following line as the first line under "universe" packages
deb http://us.archive.ubuntu.com/ubuntu jaunty main universe

# Exit the file and save
CTRL-x [enter]
y [enter]

# Update the apt-get package manager (apt-get will now look at universe packages)
apt-get update

# Install libstdc++.so.5
apt-get install libstdc++5

# Open /etc/apt/sources.list in nano again and remove the line you added.

Run the ColdFusion installer

You now have your server set up and ready for ColdFusion. You created a user account for ColdFusion to run as, you downloaded the ColdFusion install file, and you installed the required C++ library libstdc++.so.5. To begin the ColdFusion installation, execute the install file with the following command:

# Be sure and run this command in the same directory where the ColdFusion .bin is located.
cd /install

# For the 32-bit installation (Remember to run this as root; use sudo)
./coldfusion_9_WWE_linux.bin

# For the 64-bit installation (Remember to run this as root; use sudo)
./coldfusion_9_WWE_linux64.bin

The install process may take a few minutes to get going depending on your server specs. You'll be presented with a multi-page license agreement that you have to accept in order to continue the installation. After that, you are presented with installation questions. Below are the install options and the choices I recommend.

1. Install type: 30-day trial
Choose this option even if you have purchased a ColdFusion serial number. You'll be able to enter your serial number in the ColdFusion Administrator after the initial installation.

2. Install configuration: Enterprise Multiserver configuration
This will install a J2EE server (Adobe's own JRun 4) and create an initial instance of ColdFusion. This install type provides the most flexibility and future growth opportunities as you will be able to deploy multiple instances of ColdFusion on the same Linux server. All running on a single copy of JRun 4. More on this later.

3. The installer tells says you cannot install the Enterprise Multiserver configuration if ColdFusion 9 or JRun4 is already on the server. If this is the case, select option two for "No."

4. Subcomponent installation
You have the option of installing ColdFusion 9 documentation, Solr Services, and Search Services. You can also instruct the installer to "Start ColdFusion on system init." For a production server, you never want to install the documentation so I recommend unchecking that option by pressing the appropriate letter and then hitting enter. Make a decision on the other options (Solr Services and Search Services) and deselect them if you want. Finally, deselect the last option about starting ColdFusion on system boot. This install option generally works okay on Windows servers, but not on any Ubuntu server I've tested other than Ubuntu 8.04. We'll manually take care of this step using an Ubuntu-specific set up later. After you've selected your options, press 5 for "Continue with installation" and then press enter.

5. Install Folder
The installer asks where you want to install JRun 4. The typical directory for JRun 4 on Linux is /opt/jrun4. All the ColdFusion instances you create will live in /opt/jrun4/servers/[instance-name]. At the end of these instructions you'll have two ColdFusion instances in the /opt/jrun4/servers/ directory. Keep this option set to the default by simply pressing enter.

6. Earlier versions of ColdFusion
The installer asks if you have earlier versions of ColdFusion installed on the server. You shouldn't, so select the "No" option which should be the default.

7. Configure Web Servers
You have the option to configure an existing Web Server (Apache since you're on Linux) so requests for ColdFusion resources such as .cfm and .cfc files are routed through Apache and then ColdFusion via the Apache Connector. I do not recommend configuring a Web server during installation. Why? There are several reasons, but the most important one is how I use the initial ColdFusion instance that the installer creates. During the installation process JRun 4 will be installed at /opt/jrun4 and an initial ColdFusion instance (with the instance name cfusion) will be installed at /opt/jrun4/servers/cfusion. The cfusion instance of ColdFusion functions as the "master" or main instance. When you log into the ColdFusion Administrator of this instance, there's a tool called Enterprise Manager that lets you create additional instances of ColdFusion. New instances you create do not have the Enterprise Manager tool and thus cannot create other instances. My recommendation, is to use the cfusion instance as a management instance only to create new instances. If you use it this way, there's no reason to hook Apache to ColdFusion during installation, because Apache will get hooked to the cfusion instance. Instead, you'll hook Apache to new ColdFusion instances later. You might be reading this and thinking: Okay, if I don't hook Apache to the main (cfusion) instance of ColdFusion, how will I access the ColdFusion Administrator? Easy, instead of using an external (external to ColdFusion) Web server, you'll use the built-in Web server that comes with ColdFusion. This Web server runs on a separate port starting at port number 8300 on a multiserver configuration of ColdFusion. I'll spend more time talking about this setup and how it provides some additional security in a bit. Select the option to continue the installation without configuring a Web server.

8. Runtime user
You created a new Linux user account for ColdFusion earlier. It's now time to type the name of the user you created. If you didn't vary from my instructions the user will be coldfusion. Either way, type the name of the user account and then press enter. Be careful though. If you mistype the name, and the name you type isn't a valid user on the server, you will not be able to start ColdFusion after the installation.

9. Configure OpenOffice
I almost always skip the installation of OpenOffice components, but if you need them go ahead.

10. Administrator Password
You are prompted to create a password for the ColdFusion Administrator Web app. Type your password and press enter. You will then need to confirm the password by typing it again. Press enter.

11. Enable RDS
RDS or Remote Development Services allow a client machine - such as the machine you use to write code - to connect to the ColdFusion server for line debugging, report builder integration, Dreamweaver extensions, introspecting datasources, and more. For security reasons, never, ever enable this on a production server. My recommendation, is to ONLY enable this on the ColdFusion server running on your personal computer such as your development laptop. There are situations where it might be feasible to enable RDS on a server, such as a staging server. But covering all the possibilities in these instructions would be off topic. As a general rule, enable RDS on development servers only. Press "N" to disable RDS and then press enter.

12. Installation summary
The installer displays a summary of the installation options you selected. Double-check your selections and if something is wrong type "quit" at the prompt and start over (by running the .bin file again). Yes, I realize having to do this sucks. I don't know of a way to selectively change one incorrect choice; you have to quit the installer as a whole and rerun it. If everything in the summary looks correct, press enter to start the actual installation. Wait for the installer to finish which generally takes a few minutes.

13. Installation Complete
After the installation is finished you will see a success screen that tells you to start ColdFusion and run the Configuration Wizard. The wizard isn't something you have to run specifically, as the first time you launch the ColdFusion Administrator the wizard will run for you. You are given a URL for the ColdFusion Administrator:

http://[machinename]:8300/CFIDE/administrator/index.cfm

Start ColdFusion for the first time

You're now ready to start the ColdFusion server for the first time. Below are two options for doing this.

# Start CF without navigating to the /opt/jrun4/bin/ directory. (don't forget sudo if you need it)
/opt/jrun4/bin/jrun start cfusion &

# Start CF by navigating to the /opt/jrun4/bin/ directory first. (don't forget sudo if you need it)
cd /opt/jrun4/bin

./jrun start cfusion &

Finish the ColdFusion installation in your browser

Open your favorite browser and copy/paste the following into the address bar. Change machinename to the IP address of your server. A local IP such as 10.x.x.x or 192.x.x.x will work if you are connected to a server in your office or you are connected to an external server via VPN. You might also be able to use the external IP of the server. Or, if the server is already hosting a domain name, you could change machinename to yourdomain.com.

http://[machinename]:8300/CFIDE/administrator/index.cfm

After loading this URL you should see a ColdFusion-branded Configuration and Settings wizard screen with a password prompt. Enter the password for the ColdFusion Administrator you created during installation and press enter. ColdFusion will do a few things and then show a new screen with an okay button. Press the button to go straight to the main screen of the ColdFusion Administrator.

Install the ColdFusion 9.0.1 updater

Generally at this point, we'd be ready to create a new ColdFusion instance for everyday use. But our ColdFusion server is not up-to-date. Adobe released ColdFusion 9.0 at their annual MAX conference in October of 2009. Then, on July 13, 2010 they released ColdFusion 9.0.1. Before we create a new ColdFusion instance we need to install the 9.0.1 updater which is not cumulative. This means the 9.0.1 updater requires an existing installation of 9.0. Fortunately, you just completed the 9.0 installation. The basic steps for getting ColdFusion 9.0.1 installed are to stop all running CF services, download the 9.0.1 updater from Adobe, transfer it to the Ubuntu server and run it.

Shutdown all running ColdFusion and JRun services. To get a list of all currently running services use the following command.

/opt/jrun4/bin/jrun status

For each instance that is running, issue the following command to stop it.

# /opt/jrun4/bin/jrun stop [instance_name]
/opt/jrun4/bin/jrun stop cfusion

Next, download the 9.0.1 updater from Adobe. Access the download site and choose ColdFusion 9 in the product list. You'll be required to login using your Adobe account in order to download the update. Make sure you choose the appropriate download, 32-bit or 64-bit. Transfer the updater file - either ColdFusion_update_901_WWEJ_linux.bin for 32-bit or ColdFusion_update_901_WWEJ_linux64.bin for 64-bit - to your Ubuntu server just like you transferred the 9.0 install file earlier.

Before you can run the updater file you need to make it executable. Navigate to the directory where you placed the file and run the change mod command to make it executable.

cd /install

# For the 32-bit installation
chmod +x ColdFusion_update_901_WWEJ_linux.bin

# For the 64-bit installation
chmod +x ColdFusion_update_901_WWEJ_linux64.bin

Next, run the updater file.

# Be sure and run this command in the same directory where you put the updater.
cd /install

# For the 32-bit installation (Remember to run this as root; use sudo)
./ColdFusion_update_901_WWEJ_linux.bin

# For the 64-bit installation (Remember to run this as root; use sudo)
./ColdFusion_update_901_WWEJ_linux64.bin

An introduction screen will display giving you some information and instructions relating to the update process. Press enter to advance through the software license agreement screens. You'll have to agree to the license agreement by pressing "y" and enter.

1. Configure Installation
Select the option for Multiserver configuration by pressing number 2.

2. A warning about shutting down JRun and ColdFusion services appears. You've already shut down all services so press enter.

3. Configure ColdFusion 9 (step 1)
The next screen asks you to select the root directory that contains JRun 4. The default install folder, /opt/jrun4, should be listed so press enter to accept the default since we installed using the default folder.

4. Configure ColdFusion 9 (step 2)
You are asked for the full system path where the ColdFusion 9 CFIDE directory is located. The default directory should be listed as /opt/jrun4/servers/cfusion/cfusion-ear/cfusion-war/CFIDE. The default is correct based on how you originally installed ColdFusion 9. Press enter to accept the default.

5. Pre-Installation Summary
Finally, you are shown a summary of the updater installation. Like before, you can type "quit" and press enter to exit the updater if something isn't correct. If everything is correct, press enter to start the actual installation.

13. Installation Complete
After the installation is finished you will see a success screen that tells you ColdFusion 9.0.1 was installed at /opt/jrun4. Press enter to exit the installer.

Verify the installation of 9.0.1

The 9.0.1 updater installer displayed a success screen but it's always a good idea to verify the version number of ColdFusion actually changed. To do this we need to start the main cfusion instance of ColdFusion and log into the ColdFusion Administrator.

# Start CF without navigating to the /opt/jrun4/bin/ directory. (don't forget sudo if you need it)
/opt/jrun4/bin/jrun start cfusion &

Once ColdFusion has started load the CF Admin in your browser using the URL http://[machinename]:8300/CFIDE/administrator/index.cfm. This time you'll see the regular login form for the administrator instead of the configuration wizard you saw the first time. Log into the admin and click the blue "i" icon in the upper right of your browser. This will display the System Information screen for ColdFusion. Look for the version number in the system info grid and verify it is 9,0,1,xxxxx. At the time of this writing, the correct version number is 9,0,1,274733.

Create a new ColdFusion instance for general use

Now that you have ColdFusion updated to 9.0.1 you're nearly done with the main instance of ColdFusion. It won't be used for everyday activities, but it will be used to create additional instances of ColdFusion. And since we only have the main instance at this point, we need to create a new instance for everyday use. You should already have the ColdFusion Administrator loaded in your browser.

In the left navigation look for the Enterprise Manager section header (the last one) and expand it by clicking on it. Next, click on the Instance Manager link. Begin the process of adding a new CF instance by clicking on the Add New Instance button.

A form will display asking you to complete a few fields. But, the only field you really need to complete is the first one where you choose a name for the new instance. Keep your choice simple, something like marketing, staging, dev, or similar will do. For this post I'm going with dev. After you type the name of the instance press the tab key or use your mouse to give one of the other form fields focus. Doing this should cause the name you typed to display at the end of the second form field for Server Directory. Press the Submit button. NOTE: If you had previously packaged an existing ColdFusion instance as an EAR (.ear Enterprise Archive file) or WAR (.war Web Application Archive) you could enter the path to the .ear or .war file to create the new instance from the archive file. This comes with several benefits such as migrating ColdFusion Administrator settings into the new CF instance.

The Enterprise Manager will now create and start the new CF instance in 4 steps. When it is finished the new instance will be available and started. To verify this, run the following command to list all running JRun services. You should see a new line in the output that indicates the dev instance is running.

/opt/jrun4/bin/jrun status

We're done with the main cfusion instance and won't be using it for the rest of these instructions. But before shutting it down, click the Instance Manager link in the left navigation again. Notice how the new dev instance shows in the Available Servers list. You can use the controls here to start, stop, restart, and delete the instance. You can also click the rightmost icon to load the ColdFusion Administrator for the instance. I typically start and stop instances from the Mac or Linux command line. For this reason I typically shutdown the cfusion instance and only start it if I need to create a new CF instance.

/opt/jrun4/bin/jrun stop cfusion

If you decide to keep the cfusion instance shut down you won't be able to launch the CF Admin for the dev instance using the Enterprise Manager -> Instance Manager screen. So, you might want to write down or remember the CF Administrator URL for your dev instance, which is http://[machinename]:8301/CFIDE/administrator/index.cfm by default. The only difference in this URL and the CF Admin URL for the cfusion instance is the port number. The cfusion instance uses port 8300 and the dev instance uses port 8301. The Enterprise Manager we used to create the dev instance assigns new instances a port number of current_highest_port_number + 1.

Tweak the JVM memory settings

ColdFusion runs in a JVM (Java Virtual Machine) and as such it is limited to the amount of system RAM you allocate to the JVM. On the multiserver version of ColdFusion these memory settings are configured in the /opt/jrun4/bin/jvm.config file. There are several memory settings you can change in this file and covering them all is outside the scope of this post. Also outside the scope of this post are the values you should put for each of the memory settings. Each server, each environment, and each application is different. You must tailor the settings to your server, your environment, and your apps. The only way to do this is to monitor your applications use of memory and adjust the settings accordingly.

The two settings I do want to spend a little time on are the initial JVM heap and the maximum JVM heap. These settings are defined in the -Xms and -Xmx arguments to the JVM respectively. By default only the maximum heap is included in jvm.config and it starts out at 512m or 512 megabytes. This means the maximum amount of memory ColdFusion can occupy on your server is 512 megabytes. Depending on your server that may or may not be a very good starting point for your environment, server, and app. On a virtual server with a limited amount of RAM you might want to define a smaller maximum heap. Likewise, you may want to include an initial heap value - the amount of RAM that will be allocated to ColdFusion when ColdFusion starts up. I cannot tell you what values make sense, so it's up to you if you want to change these settings. But, let's say you want to set the initial heap value to 386 megabytes and the maximum heap value to 512 megabytes. To do this, you add the -Xms argument and leave the -Xmx argument the way it is.

After editing the line it should look something like this:

java.args=-server -Xms386 -Xmx512m

A few things to remember:

  1. the settings configured in jvm.config are applied to each instance of ColdFusion. Given the memory settings above and 4 instances of ColdFusion, your maximum memory footprint on the server is approximately 2 GB. Make sure your server has enough RAM to accommodate your settings.
  2. the megabyte values must be divisible by 32. In other words, a value of 300 for either Xms or Xmx is technically invalid
  3. -Xms cannot be larger than -Xmx (if you try this, you will get an error when trying to start instances)
  4. You technically don't have to define -Xms or -Xmx as arguments to the JVM. Your instances will still start up without these values. But, the amount of memory that gets allocated to each instance seems to vary server-to-server and I've yet to figure out why. As a general rule, I recommend providing the -Xmx argument at a minimum.
  5. any changes made to jvm.config will be applied to a CF instance the next time it starts
If you made changes to jvm.config, as I did above, you need to restart the dev instance so your changes will take affect.

/opt/jrun4/bin/jrun restart dev &

Hook Apache and ColdFusion

So far, each time we've accessed the ColdFusion server from a Web browser we've done so through the built-in Web server that comes with ColdFusion (port 8300 for the cfusion instance and 8301 for the dev instance). The built-in Web server is great for accessing things like the ColdFusion Administrator but it's not ideal for anyone other than yourself. No one wants to remember what port to put in a URL. To get around this, you "hook" ColdFusion to an external Web server such as Apache or Internet Information Server (IIS). Since we're working with an Ubuntu server Apache is what we'll use.

Once ColdFusion and Apache are hooked together, any HTTP request for files ending in .jsp, jws, .cfm, .cfml, .cfc, .cfr, and .cfswf will first be sent to Apache. Apache will recognize these file extensions as pertaining to a special JRun/CF module and it will pass the request through to ColdFusion. ColdFusion will perform whatever tasks are programmed in the file - which is typically a .cfm or .cfc - and it will return the processed result. Apache will then return the result to the browser in an HTTP Response. You can think of the Apache Connector as a sort of low-level HTTP proxy to ColdFusion, although this is not technically correct.

To hook ColdFusion and Apache together we need to run the Apache Connector. On Linux, this involves executing a single command (wsconfig, which comes with JRun/ColdFusion) with several arguments passed to the command. Here's a quick run down of the arguments:

-ws (generic name of the Webserver)
-dir (directory where the Web server configuration lives)
-server (the instance name of the ColdFusion server we want to hook)
-bin (the location of the Web server binary)
-script (the location of the Web server configuration/control file)
-coldfusion (the fact that we're hooking coldfusion)
-v (run the wsconfig command in verbose mode)

Before running the command you need to make sure the ColdFusion instance you want to hook is running. The wsconfig tool will not work if the instance is shut down. Run the following command and make sure the dev instance is listed as running.

/opt/jrun4/bin/jrun status

If the instance isn't running, be sure to start it using the jrun start command discussed already. With the dev instance running you're ready to run the wsconfig tool. Type the following command which should be entered on one line. If the line wraps in your terminal screen, that's okay. Press enter after typing the command.

/opt/jrun4/bin/wsconfig -ws Apache -dir /etc/apache2 -server dev -bin /usr/sbin/apache2 -script /usr/sbin/apache2ctl -coldfusion -v

The wsconfig tool should list several lines of output. If you want to verify the command worked you can open Apache's global configuration file, httpd.conf, in a text editor and look for the addition of an block of code. This block of code will reference the connector module, mod_jrun22.c, and the IP address that's bootstrapped. The IP might be 127.0.0.1 depending on your server set up. That shouldn't pose any problems, but you can manually change the IP to the static IP of your server if you want. Just be sure and leave the port number after the IP. And if you do change the IP, you'll need to restart Apache for the change to take affect.

# Stop/start Apache forcing config reload
/etc/init.d/apache2 force-reload

You're now ready to test a simple ColdFusion page to see if the Apache and ColdFusion connection is working properly. You'll create a simple index.cfm file in the default Apache webroot and access it in a browser.

# Use the Ubuntu text editor of your choice.
nano /var/www/index.cfm

# Add the following to the new file.
<cfoutput>#Now()#</cfoutput>

# Exit the file and save
CTRL-x [enter]
y [enter]

Now open your Web browser and access your server using the URL http://[machinename]/index.cfm. Replace machinename with your server's IP address or domain name. If you enter the right URL, and Apache and ColdFusion are successfully hooked you should see the current server date and time in your browser. If everything worked you are ready to create additional Apache virtual hosts, define your Web sites, and start writing ColdFusion code.

Lock down Apache

Earlier I mentioned I don't use the ColdFusion Administrator for the main cfusion instance except to create additional instances of ColdFusion. I typically leave the cfusion instance shut down unless I need it. To increase the security of my ColdFusion Administrator I also never access it through a Web server like Apache. Instead, I use the built-in Web server that comes with ColdFusion by loading the proper URL plus port number of the CF Admin I need to use. This is a nice start to security but you can always do more.

Another way I typically lock down my CF Administrator is by adding the following code to Apache's global configuration file, httpd.conf.

# Open the global Apache config file
nano /etc/apache2/httpd.conf

# Add the following Location directive near the top of the file.
<Location ~ "/CFIDE/administrator">
Order Deny,Allow
Deny from All
</Location>

# Exit the file and save
CTRL-x [enter]
y [enter]

In the event someone was to try and access my ColdFusion Administrator using a URL like http://mydomain.com/CFIDE/administrator/index.cfm, Apache stops them. This Location directive looks at the URL for the string sequence "/CFIDE/administrator" anywhere in the URL. If the sequence is found, Apache denies the request. I highly recommend implementing both these solutions, accessing your CF Admins from the built-in Web server, and disallowing any URL that looks like the CF Admins URL. Is this enough security? The answer depends on what you consider enough. I personally feel there can never be enough security to protect your customers and your business. There is a point where security begins to negatively impact developers, system admins, and daily work, so you need to judge what is secure enough for you. A final recommendation I have about locking down the CF Admin, is to access the built-in Web server via a private IP address such as 192.x.x.x or 10.x.x.x. You can do this with Virtual Private Networks and other setups. An attacker would need to first infiltrate your network and obtain an IP address on the network before the IP range 192.x.x.x or 10.x.x.x would be traversable. For more information on blocking the ColdFusion Admin from Apache, see my other post on the topic.

Configure ColdFusion to start on system boot

If you've gotten this far you've accomplished a lot in getting ColdFusion installed and configured on Ubuntu. You created a Linux user the ColdFusion server can use (though it isn't use it yet) and you removed remote access from the user. You installed ColdFusion 9.0 and the 9.0.1 updater. You created a second ColdFusion instance for daily use and tweaked the JVM memory settings each ColdFusion instance will use. Next, you hooked ColdFusion and Apache together so your sites can benefit from all the Apache goodness, and so you can access CF resources without a port number in the URL. Finally, you locked down your ColdFusion Administrators by editing the Apache server configuration.

That's a nice list of accomplishments, but there's one important thing left to do. You need to configure the ColdFusion service so it starts when your Ubuntu server boots up. When we installed ColdFusion we explicitly skipped this step so we could manually set it up. And I think this is a better way to go.

To get this working you'll create a script that will function as a service. You'll store the script file in the /etc/init.d directory and then add and configure the script to run as a service.

Create the service script

# Navigate to the /etc/init.d directory
cd /etc/init.d

# Create a new file that functions as the service.
# Use cf-[instance_name] where instance_name is the name of your CF instance
nano cf-dev

# Paste all of the following code into the file. Specifically, paste everything that
# is between the start of file indicator and end of file indicator.
# ---------------- start of file below this line
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: jrun
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: true
# Short-Description: Start/stop ColdFusion as service
### END INIT INFO

ENV="env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin"

set -e

. /lib/lsb/init-functions

test -f /etc/default/rcS && . /etc/default/rcS

CFJRUN="$ENV /opt/jrun4/bin/jrun"
INSTANCE_NAME="your_instance_name"

case $1 in
start)
echo -n "Starting CF server $INSTANCE_NAME"
$CFJRUN start $INSTANCE_NAME &
echo
;;
stop)
echo -n "Stopping CF server $INSTANCE_NAME"
$CFJRUN stop $INSTANCE_NAME
echo
;;
restart | force-reload)
echo -n "Restarting CF server $INSTANCE_NAME"
$CFJRUN restart $INSTANCE_NAME &
echo
;;
status)
echo -n "Getting CF server statuses"
$CFJRUN status
echo
;;
esac
# ---------------- end of file above this line

This script, when set up as a service, allows you to start, stop, restart, and get the status of the running ColdFusion instance. After you paste the script into the cf-dev file there is one line you need to change. This script is going to specifically start the dev CF instance when Ubuntu boots up so we need to change the INSTANCE_NAME variable.

# Find the following line: INSTANCE_NAME="your_instance_name"
# Change it so it looks like this
INSTANCE_NAME="dev"

# Exit the file and save
CTRL-x [enter]
y [enter]

The INSTANCE_NAME variable is a string that should be the exact same name of the CF instance that shows in the /opt/jrun4/servers directory. Now, we need to make the cf-dev file executable and add it as a service.

# Make the script executable
chmod +x cf-dev

# Add the script as a service
update-rc.d -f cf-dev defaults

After running these commands you can reboot your server and ensure your dev instance of ColdFusion starts automatically. You can do this by running the jrun status command (examples above) or by hitting your test index.cfm page you created earlier in the /var/www directory. To reboot your server now, run the following command.

shutdown -r now

Aaron West's Gravatar
About this post:

This entry was posted by Aaron West on January 24, 2011 at 8:50 AM. It was filed in the following categories: ColdFusion, Apache, Security, Linux. It has been viewed 145961 times and has 45 comments.

1 related blog entries

45 Responses to Super Guide: Installing ColdFusion 9 on Ubuntu Linux

  1. Nice post Aaron! I've got 3 points to add.

    1. RDS
    There is a bug in the installer which means RDS gets enabled during a Multiserver or EAR/WAR install even if you chose "no". So you need to go into your instances web.xml file after the installation has finished and comment out the RDS entries. Then you need to restart CF.

    There is a technote for this on Adobe.com

    2. JVM settings

    Unless I've missed it, you don't mention that you can start each CF instance using it's own JVM config file.

    Simply take a copy of the existing jvm.config file, change the necessary entries in the new file (server paths, server name) and then you can start you instance with it's own config file by typing:

    /opt/jrun4/bin/jrun -config "new_config_file" -start "instance"

    You'd obviously look to build this into your start up scripts

    3. Hook Apache with ColdFusion

    You missed one argument and this is -ws64

    You need to specify this if you're configuring 64 bit Apache and ColdFusion.

  2. @Andy - Thanks so much for taking the time to read the post and let me know about omissions and such.

    Re: RDS, yikes, I didn't know about that bug. Is it specific to CF 9.0 or 9.0.1? I'll make sure and double-check my own servers and then update the post accordingly.

    Re: JVM settings - starting an instance with it's own config file is definitely cool, but I'd consider that outside the scope of the guide. Maybe I should mention you can do what you describe, but that's it. As you probably realized reading the post it's written for folks who aren't very familiar with getting a ColdFusion server up and running on Linux. Linux experts and CF gurus probably won't learn much from the post.

    Re: the -ws64 argument. Thanks for bringing this to my attention. I have a 64-bit Ubuntu/CF install I need to check because I'm pretty sure I did not supply that argument when connecting Apache and ColdFusion. I'd expect the connector to fail, but since it didn't I'm wondering if I have everything in 64-bit mode /except/ the connector.

  3. The RDS bug affects 8 as well, according to the technote:
    http://kb2.adobe.com/cps/526/cpsid_52693.html

  4. @Andy, I checked on the RDS issue and it only affects installations where you are deploying an existing EAR or WAR file. My guide above discussions creating a brand new J2EE (JRun) install using the Multiserver option, not the EAR/WAR option. To be sure, I checked two CF instances that were installing using the Multiserver option (not EAR/WAR) and RDS is appropriately disabled on them.

    Nevertheless, you brought up a good point and folks who regularly use the EAR/WAR deploy option should take note.

  5. Aaron,

    This is fantastic. Thank you for taking the time. I am curious about one thing.

    NOTE: I have only skimmed this, but I also search for keywords (Sun, Oracle, OpenJDK) and did not see any references to changing the default OpenJDK that comes with Ubuntu over to Sun/Oracle. Do you recommend this?

    I had thought that it was recommended to use Sun Java with ColdFusion, and I thought that even I had had some problems with it once in the past, but I cannot specifically remember what they were.

    Thanks again, this is awesome.

  6. @Jason - Good question. When you install the Multiserver edition of ColdFusion 9 on Ubuntu and CentOS, the installer places version 1.6.0_17 of Sun Microsystems' JDK into the /opt/jrun4/jre folder. It sets the default JRE classpath of ColdFusion in jvm.config to this folder. If you don't change anything you will be running this JDK on Ubuntu and CentOS. I don't know if this is true or not for Windows.

    You can of course install a JDK from any vendor into any location on your server you want. Then, you update the path in the jvm.config file and restart ColdFusion. You can verify the change took affect by logging into one or more CF instances Administrator and click on the "i" icon in the upper right corner to view the System Information screen. The vendor and version number of the JDK CF is using will be listed here. I'm sure you already knew this, so I'm writing it in case someone else is reading and does not.

    Now, your question about which JDK vendor and/or version to use is a good one too. In ColdFusion 8 days there was a major issue in the 1.4.0_10 Sun JDK whereby invalid Object collection would cause out of memory issues in the JVM. Since this was the default vendor and version of JDK that shipped with CF 8, it was recommended on fresh installs of CF to immediately upgrade the JDK to 1.5.x.

    I only have experience with Sun's JDK but I've heard of others liking Oracle's JRockit.

  7. Jatin Nanda

    Aaron - thanks a lot for this guide. I've been trying to do this over the past few weeks with mixed results. Andy Allan pointed me to your post and subsequently saved me a lot of stress.

    All I would add (in my case) is make sure the appropriate ports are actually open on the server. This caught me out a couple of times.

    This article came to my rescue: http://www.cyberciti.biz/faq/howto-rhel-linux-open...

  8. Greg Wilson

    Hey Aaron - this is great! ChessJam, a multiplayer online game built in Flex, runs on Ubuntu with CF 9.01 and LCDS. After it ran for a few days with high activity, I started getting bizarre errors due to it being out of file handles and problems related to other limits. The following changes fixed all of the problems:

    In /etc/security/limits.conf -- add the following:
    root soft nofile 200000
    root hard nofile 200000

    * soft nofile 200000
    * hard nofile 200000

    In /etc/sysctl.conf -- add the following:

    fs.file-max = 200000

    I also found that I needed to tweak Apache.conf a bit:

    I changed keepalive from 15 seconds to 5 seconds

    I changed MaxRequestPreChild from 0 to 3000 -- if you leave it at zero, each child will run forever which eventually started causing issues for me. Setting it to 3000 forces the thread to stop and be replaced every 3000 requests.

    Once I made these changes, ChessJam runs smoothly for over 100 days with no hiccups.

    Greg Wilson
    Adobe
    http://gregsramblings.com

  9. @Greg - Good to know your ChessJam app is running well on CF + Ubuntu. Cheers.

  10. @Andy (and everyone else), I did some testing on Ubuntu 32-bit and 64-bit and learned the -ws64 switch to the connector tool wsconfig is never needed. It doesn't matter if you are on a 32-bit server or a 64-bit server, you never need to supply this switch. Whether you supply the argument or not, 32-bit servers will automatically get the 32-bit connector and 64-bit servers will automatically get the 64-bit connector.

    I spoke with the ColdFusion engineering team about this and was told the wsconfig tool uses the Java arch of your server to determine which Apache binary to use inside wsconfig.jar.

    Two things to note: The -ws64 switch is definitely required on Solaris 64-bit. And secondly, if you are running a 32-bit version of Apache on a 64-bit Ubuntu OS, you should use the -ws32 argument when manually configuring the connector. This will place a 32-bit version of the connector on the server that will properly work with 32-bit Apache.

  11. I got CF installed on Ubuntu and I am able to display a CF page in the /var/www/ directory. Great, thanks! However, I am having a lot of trouble figuring out how to get my files for my 8301 instance to show up. I get a permission denied on every page. The directory is /opt/jrun4/servers/prod-autofeed1/cfusion.ear/cfusion.war/. The only way the pages show up is if I include the port number in the url and apache doesn't seem to be serving the pages. I think it is jrun and it is so slow. Is there a step I missed? Any suggestions? Thank you.

  12. @James, it sounds like you need to hook your ColdFusion instance to Apache. Did you follow those steps from the post? The post talks about how accessing CF with URLs that have ports in them meaning you are using the internal Web server that's part of ColdFusion. If you want to have cleaner URLs without the port numbers you have to let Apache know ColdFusion is on the server. That's done by connecting CF and Apache with the Apache Connector, a utility that is included with the installation of ColdFusion.

  13. @Aaron, thank you for the response! I followed all of your steps above. There was a permission denied error when running the connector script. Now however, everytime I try to run the script again, it says, "This web server is already configured for JRun". This is the script I am using:


    /opt/jrun4/bin/wsconfig -ws Apache -dir /etc/apache2 -server prod-autofeed1 -bin /usr/sbin/apache2 -script /usr/sbin/apache2ctl -coldfusion -v

    Any suggestions? Thank you, James.

  14. I tried removing the Apache connector and then running the connector script again. It looked like the script worked, but I'm still getting the same result... CF pages are only being served with the port number in the URL. Any other suggestions?

    Here are the commands I ran:

    root@i-0xyt1j5t:~# /opt/jrun4/bin/wsconfig -ws Apache -dir /etc/apache2 -remove
    Using Apache control script /usr/sbin/apachectl
    Restarted Apache server
    The Apache connector was removed from /etc/apache2
    root@i-0xyt1j5t:~# /opt/jrun4/bin/wsconfig -ws Apache -dir /etc/apache2 -server prod-autofeed1 -bin /usr/sbin/apache2 -script /usr/sbin/apache2ctl -coldfusion -v
    Found JRun server prod-autofeed1 at 127.0.0.1:2908
    Using Apache binary /usr/lib/apache2/mpm-worker/apache2
    Server version: Apache/2.2.16 (Ubuntu)
    Using Apache control script /usr/sbin/apache2ctl
    Parsing Apache configuration file /etc/apache2/httpd.conf
    Exec'ing chmod 777 /opt/jrun4/lib/wsconfig/1
    Set permission to 777 on /opt/jrun4/lib/wsconfig/1
    Exec'ing chmod +x /opt/jrun4/lib/wsconfig/1/mod_jrun22.so
    Set permission to execute on /opt/jrun4/lib/wsconfig/1/mod_jrun22.so
    Created file /opt/jrun4/lib/wsconfig/1/mod_jrun22.so
    Wrote file /etc/apache2/httpd.conf
    Added JRun configuration to Apache configuration file /etc/apache2/httpd.conf
    Created file /opt/jrun4/lib/wsconfig/1/README.txt
    Wrote file /opt/jrun4/lib/wsconfig/wsconfig.properties
    Exec'ing /usr/sbin/apache2ctl restart
    Restarted Apache server
    The Apache connector was installed to /etc/apache2

  15. Figured out my problem with the help of a co-worker! The Apache connector was set correctly, but somehow permissions were messed up and Apache could not access my CF instance's directory. It works now! Thank you!

  16. @James, Awesome. Glad you got it figured out.

  17. Does anyone have experience using SOLR with ColdFusion 9 multiserver? Does SOLR get automatically setup with each new CF instance created? Or, do we have to ensure that the main CF instance (:8300) is running to use it? Any suggestions would be appreciated.

  18. @James - I haven't done anything with Solr since it took the place of Verity. But, Solr runs as a separate service from the JRun/CF service. You must install the Solr service, typically at the same time you are installing the CF9 server. You then manage the Solr service and the CF service independently. In other words you can start/stop Solr independently of starting and stopping CF.

  19. I ran into an interesting Ubuntu installation issue today with a Media Temple (ve) server. On (mt) the /tmp directory is mounted with noexec to avoid potential exploits. This interferes with the installers ability to use the bundled JRE to run itself.

    The easiest way around this problem is to temporarily bind the /tmp directory to a directory with exec permissions. Here's how I did this:

    mkdir ~/tmp
    mount --bind ~/tmp /tmp

    Then you can continue the installation as you normally would by running the installer. Once you're done, you simply unmount your temporary /tmp directory like this:

    umount /tmp

    This should eliminate the issue that keeps the installer from running properly on a Media Temple (ve) server.

  20. @Zach, thanks for the comment! I've never used MediaTemple but hopefully your comment will help folks out who run into trouble.

  21. Dommie

    Thanks for writing this up - I'm completely new to CF on Ubuntu. At my first attempt I hit the buffers when I get to accessing the CFAdmin for the first time after starting cfusion.

    In my case the url is

    http://192.168.0.8:8300/CFIDE/administrator/index....

    and I get

    Firefox can't establish a connection to the server at 192.168.0.8:8300.

    Have tried alternatives such as 127.0.0.1/localhost etc.

    Any advice is greatly appreciated

  22. @Dommie can you explain what you mean by "I hit the buffers?" I'm not sure what that means. Also, your connection error makes me wonder if you are using the right IP address for your machine. Check your IP address with the following command:

    ifconfig eth0 (replace eth0 with a different device if needed)

    You can run "ifconfig" without a device name to get a full report.

  23. Dommie

    Thanks Aaron for the quick reply

    Sorry, old school English slang for "I come up against an immovable object" :-)

    I got the "192.168.0.8" address from using the ifconfig command

    I can see other servers (e.g. 192.168.0.12) in my network without a problem from the same browser window

  24. @Dommie - do you have your Web server (I'm assuming it is Apache) configured to serve requests from the 192 IP address? What happens if you switch to one of the other machines on the same subnet and then ping 192.168.0.8? Do you get a response? Finally, forget ColdFusion for a second. Does the basic Apache home page come up if you try and browse to the IP address without the CF portions of the URL? These are all things to try to help you figure out what is wrong.

  25. Tim DeMoss

    No questions or problems. Just wanted to say thank you Aaron for such a thorough job on this. I was really nervous about uninstalling CF8 (which I installed without a helpful step-by-step like yours). This guide was simply excellent. Thank you!

  26. Max Hamby

    Aaron - Thanks for the write up but I'm having an issue with getting my hands on the libstdc++5 package (using 10.04). I've tried both methods but neither worked.

    Do you know if this is still a requirement?

  27. @Max - You may have already seen this, but I want to make sure first. I provided different instructions on getting libstdc++5 based on whether you are running 32-bit or 64-bit Linux. Did you see that and try the different approaches there? If yes, what happens when you run the apt-get install on the libstdc++5 library? Do you get an error? Package not found?

  28. Max Hamby

    @Aaron - Yeah, I've tried both sets of instructions. Both resulted in "package not found". It appears that I'm getting 404s on the jaunty source url when I run "apt-get update".

  29. @Max - You could edit your package sources to include universals and see if that helps.

  30. Brett

    Thanks for the tutorial

    I installed libstdc++5, looked OK but it still gives the warning can't determine if installed.

    Is this correct?

  31. Brett, I've not seen an instance where the warning message remains after installing libstdc++5. But, I've not tried every possible Linux OS out there. What OS + kernel are you trying to installing CF9 and libstdc++5?

  32. Brett

    Linux ubuntu 3.0.0-15-generic #26-Ubuntu SMP Fri Jan 20 17:23:00 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

    Ubuntu 11.10 \n \l

    Also get this error ..

    Preparing to install...
    Extracting the JRE from the installer archive...
    Unpacking the JRE...
    Extracting the installation resources from the installer archive...
    Configuring the installer for this system's environment...
    strings: '/lib/libc.so.6': No such file

  33. Hi,
    I'm making the switch from years of CF on Windows to CF on Linux (Ubuntu). Very glad I found your guide. Thanks!

    I had a problem installing the libstdc++ library. It doesn't look like it is still at the location you specified.
    After some googling I found it here.

    http://packages.ubuntu.com/lucid-backports/amd64/l...

  34. Thanks for the tip Matt. As newer versions of Ubuntu are released the package locations tend to shift. Welcome to the world of Linux, I hope you enjoy it.

  35. Aaron, thanks a lot for these instructions. Used them to build a development vm and have been loving it for a couple of months. However, when I first queried for a wsdl file after having built a webservice, i got this message:
    ----
    coldfusion.jsp.CompilationFailedException: Errors reported by Java compiler: jikes: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory .
    ----
    I don't remember whether I had successfully installed it or not, so I went back to your directions and tried both 32-bit and 64-bit instructions. apt-get gave me this:
    ----
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Couldn't find package libstdc++5
    ----
    Any ideas? I'm running Ubuntu 10.04 LTS.

  36. I ended up getting the package from here:
    http://packages.debian.org/squeeze/i386/libstdc++5...
    ... and installing it by using the instructions here:
    http://knoppix.net/forum/threads/20775-apt-get-to-...

  37. @Colin - I'm glad you got it working. libstdc is an old bit of code that seems to make its way further into the ether with each new release of Ubuntu. Fortunately it can be picked up from some of the old packages. Thanks for posting your solution.

  38. Lisa Nagel

    This is the best tutorial I have ever seen for an installation! I am having issues, though...my pages in my CF Admin console are taking about 3 mins to load! It is driving me crazy...webpages work fine, etc...any ideas?

  39. Matthew

    Thanks for a very helpful tutorial. We used this to get CF9 up and running on Red Hat Linux. But I am confused by the permissions and wondered if you could clarify? CF is running as a user 'coldfusion', apache is running as a user 'apache' and serving files from '/var/www/html' as normal. But CF does not have permission to write files into any site directory (which prevents uploading images etc). All the directories are owned by 'root' or in the 'root' group. How do you configure the overall permissions so CF can write to your site folders but still run as the 'coldfusion' user? Many thanks.

  40. @Matthew - A typical solution would be to create a Linux group and then add your CF user and your Apache user to the new group. Then, tailor the group permissions based on the types of permissions you need ColdFusion to have from a disk perspective. I like to start at a "zero permissions" level and then add what is necessary as I run into issues. This ensures you don't have a Linux user/group and a software program like ColdFusion with more perms than are needed.

  41. Kevin Anderson

    Hi, Aaron:

    Great article... well written and concise. Really wish it would have worked for me! ;-)

    I'm running Mint 14 and ColdFusion 9.0.2 runs fine with its built in server on port 8500. Apache 2.2 runs fine on standard port. Connecting the two; however, doesn't work. It appears that Apache "changed" their configuration structure, etc., and CF wants and httpd[dot]conf, which doesn't exists anymore.

    I've tried a lot of different approaches, but nothing seems to work. Also, I'm a bit of a Linux newbie, so that is another challenge.

    Any ideas?

    Cheers!


    Kevin

  42. @Kevin, I don't have any experience with Mint but it sounds like the issue is with the connector. Are you getting any errors when you run the connector installer?

  43. Daniel @ Hosted Status Page

    Nice guide. Thanks for taking the time to write it and its helped me a lot.

  44. Thanks for the tutorial, it was really useful!

    I am having an issue with Apache 2.4 on Ubuntu 14.04 where by the test index.cfm is just outputting text not a date as expected.

    Can you tell me why this might be?

  45. @Justin - I'm glad you enjoyed the post! When you say "outputting text" do you mean your CFML source code is displayed in the browser? If yes, that generally means the webserver connector between ColdFusion and Apache isn't configured correctly. If this is indeed the problem you have to disconnect CF from Apache and rerun the connector piece.

    If you meant something else let me know and I'll see if I can provide greater detail.