Legend

Question

CF10: Switched from Tomcat webserver to Apache2 - now cannot access ColdFusion Collections

Forum|Forum|11 years ago
July 14, 2014
3 replies
1480 views

Hello, everyone,

I've been pulling my hair out for a few days, over this. Cannot understand what is going on.

With the help of our SA, I copied/pasted a working Apache Server onto my DEV harddrive, updated my system to JDK 7.55, and followed instructions on turning off the Tomcat server that comes with CF10.

The Apache server is working, serving up CFM pages as it should; CFAdmin is accessing ALMOST everything, as it should.

When I click on "ColdFusion Collections", instead of seeing my Solr collections, I get an error message:

Security: The requested template has been denied access to localhost:0

The following is the internal exception message: access denied

("java.net.SocketPermission" "localhost:0" "listen,resolve")

Our SA doesn't know what's happening, either, and I think I've wasted enough of his time. Everything else works great! Pages load SO much faster, under Apache. But this issue with collections is going to be a problem.

Anyone have any ideas?

V/r,

^_^

This topic has been closed for replies.

WolfShadeAuthor

Legend

Not feeling well. Heading home, early, today. Will pick up, tomorrow. Thank you to everyone who has offered advice.

V/r,

^_^

Charlie Arehart

Community Expert

@Wolfshade, sorry to hear you’re having such trouble. You don’t indicate some things so I’m going to back up and point out some fundamentals, in case it may help, though I know you’re an experienced Admin who’s helped a lot of others here.

First, note that the Solr collections operate in a separate jvm from CF. By default, they are running as the Jetty Service on CF10 (in Windows), and CF is configured to connect to it via HTTP in the next page of the CF Admin (under “ColdFusion Collections”) called “Solr Server”. It is also possible for you to have installed a separate Jetty/Solr server (even on another box) and then configure that CF admin page to point there instead.

So when you say that the collections page give an error, the first suspicion should be connectivity from CF to that Jetty/Solr server.

What do you see for the domain, and for the port listed in its “Advanced Settings” page? Judging from the error, I suspect you will see localhost for the domain and “0” for the port, which would be odd. The default is 8985. If it’s 0, that may be your problem, and the question would be how it got changed. (Could have been done in the Admin, or someone could have been tweaking tue underlying neo-*.xml file(s).)

But then I see also at the bottom of that page that if you enable an https connection, the setting shows a default of 0 for that port. I’ve not tried using solr via ssl. Can you tell us if that checkbox is enabled in your admin? If so, perhaps the problem is that it’s trying to use that port. First, what happens if you uncheck that checkbox, and then re-visit the collections page? (And I assume you DO have the jetty/solr service running, right?)

In fact, you could try visiting the domain or IP and port listed on that page in a browser…the non-https one, so that if it lists localhost and 8985, what do you get when you visit localhost:8985/solr/? Of course, you’d need to be browsing on the same machine as solr to use localhost. CF can use it if Its on the same machine, but you’d need to use something else if you’re browsing from off the server.

You could also look in the coldfusion-out.log, in the \[instance]\logs, to see if perhaps there’s more reported there from when you tried to visit the collections page in the CF Admin.

HTH.

/charlie

/Charlie (troubleshooter, carehart. org)

WolfShadeAuthor

Legend

Hi, Charlie! Thank you for your time.

Did not know that Solr is a distinct JVM from the rest of CF. I've actually applied the Java update (to 7.55) twice - the first time I put it in Program Files; SA said that PF is locked, so I reinstalled to root of C:\ and pointed CF Admin Java/JVM to that location. Could this be interfering with Jetty/Solr?

Solr Advanced settings:

Host Name: localhost

Solr Home: C:\ColdFusion10\cfusion\jetty\multicore

Solr Admin Port: 8985

Solr Webapp: solr

Buffer Limit: 120

Solr Connection: NOT checked for HTTPS connection (I'm not logging on to CFAdmin via SSL/TLS)

Solr Admin HTTPS Port: 0 (odd - I'm not connecting via HTTPS)

If I browse to 127.0.0.1:8985/solr/ then I get the "Welcome to Solr!" message and links to each collection.

V/r,

^_^

Charlie Arehart

Community Expert

Thanks for the update.

So to answer your first question, the JVM you put on the box does not affect wither CF or Solr, unless you tweak them to use it. You refer to changing the java home in the Java and JVM settings (which as you may know changes CF’s jvm.config file). That would affect CF, but not Solr. Solr uses its own config file, so unless you have changed that, no there’s no impact. That said, what if you remove the change of the CF JVM back to its default? Does that make things work? I’d think not, but it’s not clear if you’ve tried it.

As for your browsing the Solr URL and getting the welcome message, that’s great. At least it confirms you do have Solr running. And to be clear, you did that in a browser on the same machine running CF and Solr, right?

So now it’s back to the error and the 0 port. Again, I’ll be curious in the ColdFusion-out.log may have any more details, or the ColdFusion-error.log. Always worth checking.

BTW, the checkbox in the advanced settings for SSL has nothing to do with whether YOU are logging into the Admin itself via SSL (you made a comment about that). The setting is instead about whether CF should communicate with the Solr server using SSL. Not only does Solr run in a separate JVM, but in fact CF talks to it via http (or https). Indeed, under the covers, when you do a CFSEARCH (or CFINDEX or CFCOLLECTION), CF turns that into a series of CFHTTP calls from CF to the Solr server. (You can even monitor those requests using a tool like FusionReactor, since it can monitor any java app, and Solr and Jetty are indeed java apps.)

But anyway, I hear you saying that the https option is NOT checked there, so let’s see what the logs may have in store for you.

/charlie

/Charlie (troubleshooter, carehart. org)

Anit_Kumar

Community Manager

How did you migrate the settings from ColdFusion (older server to new server)? Did you use CAR file? Can you share the exception logs from ColdFusion for further analysis?

It seems to be a permissions issue, however, logs will justify the same OR not.

Regards,

Anit Kumar

WolfShadeAuthor

Legend

Hello, Anit,

Thanks for your reply.

There was no migration. When I originally installed CF10, I chose to use the built-in Tomcat webserver. After a few months, I decided that I wanted to match (as much as possible) our production environment, so started looking for instructions on how to switch from the Tomcat server to Apache (without re-installing CF Server.)

All the logs show is what I've already mentioned - that it's a security issue, and the template was denied, apparently due to a java socketpermission issue.

I thought "localhost:0" meant a dynamic port, not necessarily trying to go through port 0. I had found (can't find the link, now) an article that said something about editing the neo-security.xml file to turn off the built-in server, and did that.

At first, I was having issues with CreateObject(java) - until I discovered that one of the hotfixes I had applied then affected my Sandbox Security, pushing ALL cf functions into the "disable" column. I've gone through everything in Sandbox, nothing is in the disable column, now.

V/r,

^_^

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded