Coldfusion 11 REST Service works with HTTP but not

2020-07-22 17:35发布

I'm trying to take advantage of Coldfusion 11's REST Services, but I can only get it working with HTTP, not HTTPS. When I change the protocol to HTTPS, it returns a 404.

The steps I have taken:

1) I made a folder in web root called "api-test"

2) Inside that folder, I created a file called "animals.cfc" containing:

<cfcomponent rest="true" restpath="/animals">
        <cffunction name="getAnimals" access="remote" httpmethod="GET" produces="application/json" returntype="struct">
                <cfset value = { "cats": "dogs", "birds": "snakes" }>
                <cfreturn value>
        </cffunction>
</cfcomponent>

3) In Coldfusion Administrator under Data & Services / REST Services, I added "/web/webapps/api-test" as the root path and "api-test" as the mapping.

4) In my web browser, while logged into one of my CF web applications on the same server (using HTTP), I test the API with jQuery and Firefox's Firebug / Web Developer plugin:

$.get("http://cftestapp1.mydomain.com/rest/api-test/animals");

The data is returned without a problem

5) In my web browser, when I change the protocol of the CF web application to HTTPS, and retry the same command but with HTTPS, I get a 404.

$.get("https://cftestapp1.mydomain.com/rest/api-test/animals");

My environment consists of two web servers (cftestapp1 and cftestapp2) behind a load balancer (cftestapps). The web servers are running Coldfusion 11 on Redhat Linux with Apache/Tomcat. Throughout my testing, I tried everything with the load balancer first, and when that didn't work, I focused solely on "cftestapp1" (like the example above). I combed through all of the Coldfusion Administrator settings and the Apache httpd.conf file and came up empty.

I cannot find much documentation online or anyone that seems to be experiencing this same problem. If anyone has any insight, please help!! Thanks!


Edit:

Each time I make the HTTPS request, the /etc/httpd/logs/ssl_error_log (specified in httpd.conf) shows the following errors:

[Tue Nov 24 16:34:23 2015] [error] [client my_ip_here] File does not exist: /web/webapps/rest
[Tue Nov 24 16:34:23 2015] [error] [client my_ip_here] File does not exist: /web/webapps/opt

/web/webapps/rest is the resource I'm requesting; however there is no physical file "rest"; my entries in Coldfusion Administrator's Rest Services should be handling these redirects.

/web/webapps/opt appears to be Apache's attempt at serving the 404 page, which is not in the web root but rather deep inside the /opt directory.

I've also found this error, which might not be related, since we have never had an issue with our HTTPS requests prior to adding CF Rest Services.

[Tue Nov 24 16:33:12 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Below is a snippet from our Apache configuration file (httpd.conf). There are many more lines, but these seem to be the most relevant.

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/web/webapps">
 Options FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

Include "/etc/httpd/conf/mod_jk.conf"

NameVirtualHost 127.0.0.1:443
<VirtualHost 127.0.0.1:443>
        ServerName localhost
        DocumentRoot /web/webapps/
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
        SSLProtocol +SSLv3 +TLSv1
        SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW
        ErrorLog logs/cfadmin.ssl.error.log
        CustomLog logs/cfadmin.ssl.access.log common
</VirtualHost>

ErrorDocument 404 /opt/cf11/cfusion/wwwroot/CFIDE/administrator/templates/404.cfm

It appears as though the HTTPS traffic is not being correctly routed for the 404 and REST Service. But I am able to access all other folders in our /web/webapps web root while using HTTPS without any problems.

2条回答
我命由我不由天
2楼-- · 2020-07-22 17:54

My problem has been resolved. I found two separate solutions, which were based on the response from mt0 and from Adobe's Help (https://helpx.adobe.com/coldfusion/installing/configuring-your-system.html).

Solution #1.

Edit /etc/httpd/conf/httpd.conf

I added the following line to my SSL VirtualHost directive:

<VirtualHost 127.0.0.1:443>
    JKMountFile "/path/to/ColdFusion11/config/wsconfig/1/uriworkermap.properties"

However, this would only work if I changed the local IP address (127.0.0.1) to the server's IP address for both the NameVirtualHost and VirtualHost. (using *:443 did not work)

NameVirtualHost SERVER_IP_HERE:443
<VirtualHost SERVER_IP_HERE:443>

While this solved the problem, I did not want to hard-code the server's IP address inside the config files. So I continued researching and found this alternate solution:

Solution #2 (preferred).

Edit /etc/httpd/conf.d/ssl.conf (leaving the httpd.conf file in its original state)

I added the following line to my SSL VirtualHost directive, and restarted Apache:

<VirtualHost _default_:443>
    JKMountFile "/path/to/ColdFusion11/config/wsconfig/1/uriworkermap.properties" 

This solved my problem.

Thank you everyone for your assistance!

查看更多
ら.Afraid
3楼-- · 2020-07-22 18:01

Your virtual host does not know anything about ColdFusion. If you look in the /etc/httpd/conf/mod_jk.conf file, it will have a line that looks like:

JKMountFile "/path/to/ColdFusion11/config/wsconfig/1/uriworkermap.properties"

Which is being called for the HTTP service (via the Include "/etc/httpd/conf/mod_jk.conf" of the config file) but not for the HTTPS service.

All you need to do is copy this line into your httpd.conf file within the Virtual Host declaration; like this:

<VirtualHost 127.0.0.1:443>
  ServerName localhost
  DocumentRoot /web/webapps/
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  SSLProtocol +SSLv3 +TLSv1
  SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW
  ErrorLog logs/cfadmin.ssl.error.log
  CustomLog logs/cfadmin.ssl.access.log common

  JKMountFile "/path/to/ColdFusion11/config/wsconfig/1/uriworkermap.properties"
</VirtualHost>

Then the virtual host will know where to find the services.

查看更多
登录 后发表回答