railo-context
78 views
Skip to first unread message
Lyle Karstensen
Feb 9, 2012, 10:38:55 AM2/9/12
to ra...@googlegroups.com
I am currently using jetty and would like to be able to set the virtualHosts from the context xmls file for the "railo-context" context. Is there any way to do this. I am familiar with the tricks using re-writing but I am not using re-writing.
________________________________
Lyle Karstensen Jr.
Chief Executive Officer (CEO)
[Description: Description: Logo]
Phone: 702.940.4200
Fax: 702.940.4201
Direct: 702.932.8200
Cell: 702.683.3666
Email: ly...@realistiq.com<mailto:ly...@realistiq.com>
Website: http://www.realistiq.com<http://www.realistiq.com/>
Bruce Kirkpatrick
Feb 9, 2012, 9:56:09 PM2/9/12
to Railo
I don't have a direct answer for jetty, but I was able to automate
tomcat+railo context setup from the command line using a curl post and
creating the tomcat/conf/catalina/domain.com/root.xml file so if the
answer is no for jetty, you could switch without too much work. It's
not possible to delete and recreate hosts without restarting railo
though. You can only create them once. If you do it wrong, it
becomes stuck. Not very elegant.
Did you know that each java virtualhost costs an extra 2mb to dozens
of mb of memory because all of the class files as duplicated? I'm
guessing your web sites are probably sharing the same source code like
mine. I'd recommend figuring out how to make everything work with 1
java virtualhost behind apache using mod_proxy for the best start-up
time and performance. A few months ago, Railo took over 3 minutes to
fully start 100 virtualhosts on a brand new sandy bridge cpu for me.
I cut railo memory usage in half by going to a single context and
startup is just 20 seconds including the first pageview. There was
40,000 duplicate class files and that was reduced to around 400. The
I/O load is massive when each site has to load a separate set of
classes to startup. Railo's default behavior is not the same as adobe
coldfusion standard + jrun behavior which causes it to use more memory
for the same number of sites.
On Feb 9, 10:38 am, Lyle Karstensen <l...@realistiq.com> wrote:
> I am currently using jetty and would like to be able to set the virtualHosts from the context xmls file for the "railo-context" context. Is there any way to do this. I am familiar with the tricks using re-writing but I am not using re-writing.
>
> ________________________________
>
> Lyle Karstensen Jr.
> Chief Executive Officer (CEO)
>
> [Description: Description: Logo]
>
> Phone: 702.940.4200
> Fax: 702.940.4201
> Direct: 702.932.8200
> Cell: 702.683.3666
> Email: l...@realistiq.com<mailto:l...@realistiq.com>
> winmail.dat
> 29KViewDownload
tomcat+railo context setup from the command line using a curl post and
creating the tomcat/conf/catalina/domain.com/root.xml file so if the
answer is no for jetty, you could switch without too much work. It's
not possible to delete and recreate hosts without restarting railo
though. You can only create them once. If you do it wrong, it
becomes stuck. Not very elegant.
Did you know that each java virtualhost costs an extra 2mb to dozens
of mb of memory because all of the class files as duplicated? I'm
guessing your web sites are probably sharing the same source code like
mine. I'd recommend figuring out how to make everything work with 1
java virtualhost behind apache using mod_proxy for the best start-up
time and performance. A few months ago, Railo took over 3 minutes to
fully start 100 virtualhosts on a brand new sandy bridge cpu for me.
I cut railo memory usage in half by going to a single context and
startup is just 20 seconds including the first pageview. There was
40,000 duplicate class files and that was reduced to around 400. The
I/O load is massive when each site has to load a separate set of
classes to startup. Railo's default behavior is not the same as adobe
coldfusion standard + jrun behavior which causes it to use more memory
for the same number of sites.
On Feb 9, 10:38 am, Lyle Karstensen <l...@realistiq.com> wrote:
> I am currently using jetty and would like to be able to set the virtualHosts from the context xmls file for the "railo-context" context. Is there any way to do this. I am familiar with the tricks using re-writing but I am not using re-writing.
>
> ________________________________
>
> Lyle Karstensen Jr.
> Chief Executive Officer (CEO)
>
> [Description: Description: Logo]
>
> Phone: 702.940.4200
> Fax: 702.940.4201
> Direct: 702.932.8200
> Cell: 702.683.3666
> winmail.dat
> 29KViewDownload
Lyle Karstensen
Feb 9, 2012, 10:34:48 PM2/9/12
to ra...@googlegroups.com
Bruce,
I am actually only using 3 context 1 for the public web sites, 1 for the
intranet sites and a third that is a shard resource for all sites. I can
NOT use tomcat due to its lack of wildcard host support. I also really
like jetty with nginx as the proxy. Currently I am not proxying with
anything due to running on windows. We are in the process of converting to
linux will allow me to use nginx as my proxy. The reason I want to do the
the rail-context virtualHost is due to locking it down to a specific
domain ONLY.
I am actually only using 3 context 1 for the public web sites, 1 for the
intranet sites and a third that is a shard resource for all sites. I can
NOT use tomcat due to its lack of wildcard host support. I also really
like jetty with nginx as the proxy. Currently I am not proxying with
anything due to running on windows. We are in the process of converting to
linux will allow me to use nginx as my proxy. The reason I want to do the
the rail-context virtualHost is due to locking it down to a specific
domain ONLY.
Viktor Krasynskyy
Feb 9, 2012, 11:13:36 PM2/9/12
to ra...@googlegroups.com
You can use Tomcat with wildcard host support (as soon as you don't have more than 1 shared virtual host):
server.xml:
<Engine name="Catalina" defaultHost="www.mydomain">
...
<Host name="www.mydomain" appBase="webapps">
<Context path="" docBase="<path to your common root here>" />
</Host>
<Context path="" docBase="<path to your common root here>" />
</Host>
Not sure if that's what you are looking for.
Lyle Karstensen
Feb 9, 2012, 11:24:12 PM2/9/12
to ra...@googlegroups.com
I have 2 default hosts. I really don't see a benefit to tomcat.
Bruce Kirkpatrick
Feb 9, 2012, 11:32:24 PM2/9/12
to Railo
tomcat localhost catches all domains and still sets cgi.http_host
correctly, which is what I'm doing. It's possible to have multiple
engine XML records on different ports. Then apache or nginx could
proxy to the other port to achieve multiple catch-all localhosts with
tomcat. I considered doing this, but it wasn't necessary. Just user
1 context.
Perhaps jetty also has the ability to configure multiple listeners on
different ports and then you could use an * for the virtual host field
and then you don't need to write code to configure jetty at all.
It does say multiple listeners are possible here:
http://account.pacip.com/jetty/tut/HttpServer.html
On apache, you proxy it like this:
RewriteRule ^/(.*)$ ajp://www.domain.com:8009/$1 [L,P,QSA]
so your other context would be like this:
RewriteRule ^/(.*)$ ajp://www.domain2.com:8010/$1 [L,P,QSA]
You said you had a stability issue on the other thread. I found railo
+ windows to have more bugs then linux. I'm not sure if windows is
getting the same level of support as unix based systems because
Michael wasn't able to reproduce the issues I encountered. After
seeing linux didn't have my problems, I did the work of switching OS.
I was considering using nginx, but I was already using .htaccess
mod_rewrite rules on the 100 web sites, so I would have had to convert
them to another format. I actually ended up having to converting
them for apache mod_proxy anyway later. I found apache logging and
using .htaccess files instead of conf to be the main performance
problems. I compared it to gwan because that one is very light and I
found the speed difference to be like 1ms in fake tests, not as
important as other optimizations. If you put the whole configuration
in the conf file and disable logs, apache is closer to the performance
of other fast web servers. Apache was mostly convenient since railo
and php just instantly work with it.
If your developers are the only people who can access the server, you
could secure the other sites fairly well by restricting the intranet
to your ip addresses in the application.cfc/cfm or the web server. I
use putty with ssh port forwarding to hide mysql and railo admin from
the public.
The shared resource might not need any extra security since hopefully
your scripts are enforcing the site id consistently enough so that
it's impossible to get into the wrong folders/data. The user
shouldn't be able to modify the request to gain access. I built a
ssh chroot jail on linux so that ssh users can't go above their home
directory. I don't even have FTP installed for security reasons. I
use fail2ban to limit the number of SSH login failures, plus the
firewall limits access as well. I didn't know much about linux
before last year, but I learned how to do it from scratch over a
couple months because I think cpanel and plesk make linux too hard to
reconfigure without breaking it. Keep in mind that apache or nginx
is going to require the same linux user to have access to every web
site, so the OS security would still let someone who hacked your web
site to read or write from the other web sites folders potentially.
You'd have to be running multiple java servers to have different users
on everything and probably separate virtual machines if it is that
important to have security isolation. I didn't find the difference
in security between single and multiple context useful unless you are
trying to do sharing hosting environment where SSH or FTP access is
given to strangers. You also have to disable java code execution and
cfexecute and more to isolate the sites entirely, which reduces the
power of cfml. I plan on only sharing SSH access to static files
and preventing scripts from executing in those folders similar to how
adobe's business catalyst service works. They have a pretty nice
system if you haven't seen it.
On Feb 9, 10:34 pm, Lyle Karstensen <l...@realistiq.com> wrote:
> Bruce,
> I am actually only using 3 context 1 for the public web sites, 1 for the
> intranet sites and a third that is a shard resource for all sites. I can
> NOT use tomcat due to its lack of wildcard host support. I also really
> like jetty with nginx as the proxy. Currently I am not proxying with
> anything due to running on windows. We are in the process of converting to
> linux will allow me to use nginx as my proxy. The reason I want to do the
> the rail-context virtualHost is due to locking it down to a specific
> domain ONLY.
>
correctly, which is what I'm doing. It's possible to have multiple
engine XML records on different ports. Then apache or nginx could
proxy to the other port to achieve multiple catch-all localhosts with
tomcat. I considered doing this, but it wasn't necessary. Just user
1 context.
Perhaps jetty also has the ability to configure multiple listeners on
different ports and then you could use an * for the virtual host field
and then you don't need to write code to configure jetty at all.
It does say multiple listeners are possible here:
http://account.pacip.com/jetty/tut/HttpServer.html
On apache, you proxy it like this:
RewriteRule ^/(.*)$ ajp://www.domain.com:8009/$1 [L,P,QSA]
so your other context would be like this:
RewriteRule ^/(.*)$ ajp://www.domain2.com:8010/$1 [L,P,QSA]
You said you had a stability issue on the other thread. I found railo
+ windows to have more bugs then linux. I'm not sure if windows is
getting the same level of support as unix based systems because
Michael wasn't able to reproduce the issues I encountered. After
seeing linux didn't have my problems, I did the work of switching OS.
I was considering using nginx, but I was already using .htaccess
mod_rewrite rules on the 100 web sites, so I would have had to convert
them to another format. I actually ended up having to converting
them for apache mod_proxy anyway later. I found apache logging and
using .htaccess files instead of conf to be the main performance
problems. I compared it to gwan because that one is very light and I
found the speed difference to be like 1ms in fake tests, not as
important as other optimizations. If you put the whole configuration
in the conf file and disable logs, apache is closer to the performance
of other fast web servers. Apache was mostly convenient since railo
and php just instantly work with it.
If your developers are the only people who can access the server, you
could secure the other sites fairly well by restricting the intranet
to your ip addresses in the application.cfc/cfm or the web server. I
use putty with ssh port forwarding to hide mysql and railo admin from
the public.
The shared resource might not need any extra security since hopefully
your scripts are enforcing the site id consistently enough so that
it's impossible to get into the wrong folders/data. The user
shouldn't be able to modify the request to gain access. I built a
ssh chroot jail on linux so that ssh users can't go above their home
directory. I don't even have FTP installed for security reasons. I
use fail2ban to limit the number of SSH login failures, plus the
firewall limits access as well. I didn't know much about linux
before last year, but I learned how to do it from scratch over a
couple months because I think cpanel and plesk make linux too hard to
reconfigure without breaking it. Keep in mind that apache or nginx
is going to require the same linux user to have access to every web
site, so the OS security would still let someone who hacked your web
site to read or write from the other web sites folders potentially.
You'd have to be running multiple java servers to have different users
on everything and probably separate virtual machines if it is that
important to have security isolation. I didn't find the difference
in security between single and multiple context useful unless you are
trying to do sharing hosting environment where SSH or FTP access is
given to strangers. You also have to disable java code execution and
cfexecute and more to isolate the sites entirely, which reduces the
power of cfml. I plan on only sharing SSH access to static files
and preventing scripts from executing in those folders similar to how
adobe's business catalyst service works. They have a pretty nice
system if you haven't seen it.
On Feb 9, 10:34 pm, Lyle Karstensen <l...@realistiq.com> wrote:
> Bruce,
> I am actually only using 3 context 1 for the public web sites, 1 for the
> intranet sites and a third that is a shard resource for all sites. I can
> NOT use tomcat due to its lack of wildcard host support. I also really
> like jetty with nginx as the proxy. Currently I am not proxying with
> anything due to running on windows. We are in the process of converting to
> linux will allow me to use nginx as my proxy. The reason I want to do the
> the rail-context virtualHost is due to locking it down to a specific
> domain ONLY.
>
Lyle Karstensen
Feb 10, 2012, 12:58:51 AM2/10/12
to ra...@googlegroups.com
The way jetty works you don't need to listen on multiple ports you just
need 1 port. You can have multiple contexts with default hosts or do them
by virtual host using wild cards or regex.
need 1 port. You can have multiple contexts with default hosts or do them
by virtual host using wild cards or regex.
Bruce Kirkpatrick
Feb 10, 2012, 4:33:42 PM2/10/12
to Railo
i understand, but multiple ports would be 1 solution for your original
question because there would be no need to change the host names since
it supports a wildcard host for each port.
On Feb 10, 12:58 am, Lyle Karstensen <l...@realistiq.com> wrote:
> The way jetty works you don't need to listen on multiple ports you just
> need 1 port. You can have multiple contexts with default hosts or do them
> by virtual host using wild cards or regex.
>
question because there would be no need to change the host names since
it supports a wildcard host for each port.
On Feb 10, 12:58 am, Lyle Karstensen <l...@realistiq.com> wrote:
> The way jetty works you don't need to listen on multiple ports you just
> need 1 port. You can have multiple contexts with default hosts or do them
> by virtual host using wild cards or regex.
>
Reply all
Reply to author
Forward
0 new messages