CF11 + MacOS 10.14 Mojave issue with mod_jk

Community Beginner ,
Sep 28, 2018 Sep 28, 2018

Copy link to clipboard

Copied

hi,

anyone successful in running cf11 with apache in Mojave?  i get an error with mod_jk.so, something along the lines of mod_jk.so is invalid, needs to be signed...

thanks in advance..

TOPICS
Connector

Views

1.5K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Sep 30, 2018 Sep 30, 2018

Copy link to clipboard

Copied

The built-in Apache httpd has Library Validation turned on by default (I have not found a way to disable yet) which requires all modules to be signed.  So there seem to be three possible solutions:

  1. Disable Library Validation for built-in Apache on Mojave.
  2. Install Apache via Homebrew and disable built-in Apache all together
  3. Get ad-hoc signing working for the mod_jk.so so that the built-in Apache server accepts the module.

Not sure which approach will work best yet.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Sep 30, 2018 Sep 30, 2018

Copy link to clipboard

Copied

Okay, I found a quick (non-secure workaround) by disabling the System Integrity Protection by rebooting your Mac in recovery mode, going into the utilities folder and running csrutil disable at the terminal prompt.  This will allow apache httpd to now run ColdFusion 11 but leaves your system vulnerable to allow root files and system files to be overwritten (so unless you know every place you download from and have a great firewall, it opens up to hackers a means to gain control).

I did not find a way to add an ad-hoc signing so unless Adobe signs the library, this path isn't going anywhere.

This leaves installing Apache via Homebrew and disabling the built-in Apache.  I will update assuming I get this option working.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Sep 30, 2018 Sep 30, 2018

Copy link to clipboard

Copied

In order to stay secure and not have to disable System Integrity Protection and not wait for Adobe to sign their mod_jk module so that ColdFusion runs with the built-in Apache server.  I have followed the following instructions to use Apache 2.4 installed using Homebrew and got ColdFusion 11 up and running perfectly again (after losing a day of work).

https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 01, 2018 Oct 01, 2018

Copy link to clipboard

Copied

thanks for the help. homebrew is not in the cards for my team, as we cannot use open source pkg manager to install executables on our work computers..

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 01, 2018 Oct 01, 2018

Copy link to clipboard

Copied

Although it is a bit longer a manual workaround, if you can get the latest Apache 2.4 installer, you could manually setup and configure a new instance of Apache and disable the default built-in Apache from loading (as demonstration in the walkthrough). The end result is running a generic version of Apache 2.4 which does not include Apple's requirement for signed modules.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 01, 2018 Oct 01, 2018

Copy link to clipboard

Copied

yea, that sounds like a good idea. maybe i'll try doing a manual install in my user folder. and disable the Mojave's included apache installation as described in the walkthrough you mentioned.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Oct 02, 2018 Oct 02, 2018

Copy link to clipboard

Copied

This might seem like a dumb question, but why are you bothering to connect CF with Apache on OS X? It's not going to match your runtime environment that closely. I generally don't bother connecting an external web server at all for local development. I realize this isn't the answer for everyone, but I thought I'd throw it out there.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Oct 02, 2018 Oct 02, 2018

Copy link to clipboard

Copied

Dave, I used to think the same way, but found out years ago that running on the development server is quite different from running on IIS and/or Apache web server when dealing with file handling, permissions, and security issues. I have been caught out losing days on issues where I suffered from "It works on my machine" but didn't work the same in production.

So as a rule of thumb, if you have file uploads and downloads involved in your web applications, match the web server for dev, test and production.  If you don't, then (like you said) it is likely easier to not hook up to a web server and use the out of box dev web service that ColdFusion provides.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Oct 02, 2018 Oct 02, 2018

Copy link to clipboard

Copied

I would tend to sympathize with that position, except that the OP is trying to get this to work on OS X. I don't think you get away from all of those sorts of issues if you're not also running OS X in production as well. OS X is not close enough to Linux to get you where you need to avoid "it works on my machine" problems.

The way I generally get around these problems is by having a shared dev server that does match the prod and test configuration as closely as possible. Local development is done on the local machine then uploaded to the shared dev machine via Git, etc. Developers can do a second round of testing on the shared dev machine.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 02, 2018 Oct 02, 2018

Copy link to clipboard

Copied

LATEST

our team members each have their own apache instance running on their MBP's, hooked to a local CF 11 instance.

I get what you're saying about using a shared external linux apache dev server (maybe each developer has their own vhost on the shared dev apache server). What we are using from apache in our Production environment is nothing complex, and was easy to configure MacOS's packaged apache in the past.

It just sucks that the crap i'm coming across now with the mod_jk.so rears it's ugly head with Mojave.

I guess if security crap like this keeps coming up with MacOS and apache.

We could go the route of a shared external server, but it would be nice if Adobe stayed on top of this with MacOS releases, and had their stuff together when it comes to stuff like this.

It was nice having MacOS apache and CF running locally so that it was easy to isolate issues, and run everything locally.

I'm glad to see that people are active on this forum. Great hearing all your input..

Adobe, can you guys chime in? I put in a ticket using my enterprise account, and have not seen a change in the ticket's status (OPEN) since last Tuesday..

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines