Skip to main content
Participant
September 29, 2018
Question

CF11 + MacOS 10.14 Mojave issue with mod_jk

  • September 29, 2018
  • 2 replies
  • 2105 views

hi,

anyone successful in running cf11 with apache in Mojave?  i get an error with mod_jk.so, something along the lines of mod_jk.so is invalid, needs to be signed...

thanks in advance..

This topic has been closed for replies.

2 replies

Community Expert
October 2, 2018

This might seem like a dumb question, but why are you bothering to connect CF with Apache on OS X? It's not going to match your runtime environment that closely. I generally don't bother connecting an external web server at all for local development. I realize this isn't the answer for everyone, but I thought I'd throw it out there.

Dave Watts, Fig Leaf Software

Dave Watts, Eidolon LLC
Known Participant
October 2, 2018

Dave, I used to think the same way, but found out years ago that running on the development server is quite different from running on IIS and/or Apache web server when dealing with file handling, permissions, and security issues. I have been caught out losing days on issues where I suffered from "It works on my machine" but didn't work the same in production.

So as a rule of thumb, if you have file uploads and downloads involved in your web applications, match the web server for dev, test and production.  If you don't, then (like you said) it is likely easier to not hook up to a web server and use the out of box dev web service that ColdFusion provides.

Community Expert
October 2, 2018

I would tend to sympathize with that position, except that the OP is trying to get this to work on OS X. I don't think you get away from all of those sorts of issues if you're not also running OS X in production as well. OS X is not close enough to Linux to get you where you need to avoid "it works on my machine" problems.

The way I generally get around these problems is by having a shared dev server that does match the prod and test configuration as closely as possible. Local development is done on the local machine then uploaded to the shared dev machine via Git, etc. Developers can do a second round of testing on the shared dev machine.

Dave Watts, Fig Leaf Software

Dave Watts, Eidolon LLC
Known Participant
October 1, 2018

The built-in Apache httpd has Library Validation turned on by default (I have not found a way to disable yet) which requires all modules to be signed.  So there seem to be three possible solutions:

  1. Disable Library Validation for built-in Apache on Mojave.
  2. Install Apache via Homebrew and disable built-in Apache all together
  3. Get ad-hoc signing working for the mod_jk.so so that the built-in Apache server accepts the module.

Not sure which approach will work best yet.

Known Participant
October 1, 2018

Okay, I found a quick (non-secure workaround) by disabling the System Integrity Protection by rebooting your Mac in recovery mode, going into the utilities folder and running csrutil disable at the terminal prompt.  This will allow apache httpd to now run ColdFusion 11 but leaves your system vulnerable to allow root files and system files to be overwritten (so unless you know every place you download from and have a great firewall, it opens up to hackers a means to gain control).

I did not find a way to add an ad-hoc signing so unless Adobe signs the library, this path isn't going anywhere.

This leaves installing Apache via Homebrew and disabling the built-in Apache.  I will update assuming I get this option working.

Known Participant
October 1, 2018

In order to stay secure and not have to disable System Integrity Protection and not wait for Adobe to sign their mod_jk module so that ColdFusion runs with the built-in Apache server.  I have followed the following instructions to use Apache 2.4 installed using Homebrew and got ColdFusion 11 up and running perfectly again (after losing a day of work).

https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions