I'm trying to take advantage of Coldfusion 11's REST Services, but I can only get it working with HTTP, not HTTPS. When I change the protocol to HTTPS, it returns a 404.
The steps I have taken:
1) I made a folder in web root called "api-test"
2) Inside that folder, I created a file called "animals.cfc" containing:
<cfcomponent rest="true" restpath="/animals">
<cffunction name="getAnimals" access="remote" httpmethod="GET" produces="application/json" returntype="struct">
<cfset value = { "cats": "dogs", "birds": "snakes" }>
<cfreturn value>
</cffunction>
</cfcomponent>
3) In Coldfusion Administrator under Data & Services / REST Services, I added "/web/webapps/api-test" as the root path and "api-test" as the mapping.
4) In my web browser, while logged into one of my CF web applications on the same server (using HTTP), I test the API with jQuery and Firefox's Firebug / Web Developer plugin:
$.get("http://cftestapp1.mydomain.com/rest/api-test/animals");
The data is returned without a problem
5) In my web browser, when I change the protocol of the CF web application to HTTPS, and retry the same command but with HTTPS, I get a 404.
$.get("https://cftestapp1.mydomain.com/rest/api-test/animals");
My environment consists of two web servers (cftestapp1 and cftestapp2) behind a load balancer (cftestapps). The web servers are running Coldfusion 11 on Redhat Linux with Apache/Tomcat. Throughout my testing, I tried everything with the load balancer first, and when that didn't work, I focused solely on "cftestapp1" (like the example above). I combed through all of the Coldfusion Administrator settings and the Apache httpd.conf file and came up empty.
I cannot find much documentation online or anyone that seems to be experiencing this same problem. If anyone has any insight, please help!! Thanks!
Edit:
Each time I make the HTTPS request, the /etc/httpd/logs/ssl_error_log (specified in httpd.conf) shows the following errors:
[Tue Nov 24 16:34:23 2015] [error] [client my_ip_here] File does not exist: /web/webapps/rest
[Tue Nov 24 16:34:23 2015] [error] [client my_ip_here] File does not exist: /web/webapps/opt
/web/webapps/rest is the resource I'm requesting; however there is no physical file "rest"; my entries in Coldfusion Administrator's Rest Services should be handling these redirects.
/web/webapps/opt appears to be Apache's attempt at serving the 404 page, which is not in the web root but rather deep inside the /opt directory.
I've also found this error, which might not be related, since we have never had an issue with our HTTPS requests prior to adding CF Rest Services.
[Tue Nov 24 16:33:12 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Below is a snippet from our Apache configuration file (httpd.conf). There are many more lines, but these seem to be the most relevant.
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/web/webapps">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Include "/etc/httpd/conf/mod_jk.conf"
NameVirtualHost 127.0.0.1:443
<VirtualHost 127.0.0.1:443>
ServerName localhost
DocumentRoot /web/webapps/
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLProtocol +SSLv3 +TLSv1
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW
ErrorLog logs/cfadmin.ssl.error.log
CustomLog logs/cfadmin.ssl.access.log common
</VirtualHost>
ErrorDocument 404 /opt/cf11/cfusion/wwwroot/CFIDE/administrator/templates/404.cfm
It appears as though the HTTPS traffic is not being correctly routed for the 404 and REST Service. But I am able to access all other folders in our /web/webapps web root while using HTTPS without any problems.
My problem has been resolved. I found two separate solutions, which were based on the response from mt0 and from Adobe's Help (https://helpx.adobe.com/coldfusion/installing/configuring-your-system.html).
Solution #1.
Edit /etc/httpd/conf/httpd.conf
I added the following line to my SSL VirtualHost directive:
However, this would only work if I changed the local IP address (127.0.0.1) to the server's IP address for both the NameVirtualHost and VirtualHost. (using
*:443
did not work)While this solved the problem, I did not want to hard-code the server's IP address inside the config files. So I continued researching and found this alternate solution:
Solution #2 (preferred).
Edit /etc/httpd/conf.d/ssl.conf (leaving the httpd.conf file in its original state)
I added the following line to my SSL VirtualHost directive, and restarted Apache:
This solved my problem.
Thank you everyone for your assistance!
Your virtual host does not know anything about ColdFusion. If you look in the
/etc/httpd/conf/mod_jk.conf
file, it will have a line that looks like:Which is being called for the HTTP service (via the
Include "/etc/httpd/conf/mod_jk.conf"
of the config file) but not for the HTTPS service.All you need to do is copy this line into your
httpd.conf
file within the Virtual Host declaration; like this:Then the virtual host will know where to find the services.