Web Software Architecture and Engineering – Life on the Bleeding Edge

Archive for March, 2010

Need Your Help: ColdFusion on Glassfish, Geronimo, Resin, etc.

I need your help.
I’ve been exploring the idea of dropping IIS, and JRUN all together. JRUN for obvious reasons, but IIS because I need something faster and smaller. Apache is not the answer there.
So I’ve been playing with NGINX, and its worked out well. So my plan is to move to NGINX -> JEE Server (full-blown like GlassFish or Geronimo, or lighter like Tomcat or Resin) -> CF.
Obviously, none of the servers I’ve listed above are officially supported, nor is there much documentation on the Internet on using them with CF. Yes, I am able to get one site going with each one of them, but once I move beyond a simple setup, it all implodes. I need something like JRUN, where I can “instances” pretty easily, but not be tied to the directory structure of the server, among other things. It must work on Windows, and it must have a decent web-based admin tool.
Any thoughts?


Example of a Bad ColdFusion Outsourcing Firm

Etisbew is a outsourcing/offshoring firm.They state: “Etisbew Technology Group,
a global software solutions provider headquartered in
USA having state of the art offshore development center in
provides high quality and cost effective solutions. We
have built
an impeccable reputation for providing professional
software solutions
that are delivered on time and within budgets.” They go on to state: “We also have team of professionals who are specially
trained and
certified in ISO Quality Management Standards and
participated in our Internal Auditings under the
leadership of
NQA Certified Lead Auditors. We do have an Internal
Auditor Certified
Project Managers.” and “All our methodologies conform to these standards and we ensure the stringent testing process for delivering the best output to our clients.”
They have a special section of their site dedicated to ColdFusion. http://cf.etisbew.com/home.cfm?file=index.htm
Can anyone see a problem? Yes, if you change index.htm to index.html in the URL, you get a nice CF error.
Would you trust your ColdFusion code to such a firm? An ISO 9001 certification is worthless if you can’t do the basics. This is of course excluding the fact that they still show the old CF logo and list CF8 on there. Sigh. When will these firms “get it”?

Must Read: ColdSpring Bug – Memory Leak

Looks like Peter Farrell discovered a memory leak on CF8 (and CF9 it seems) when output = false is not set on CFFunctions! If you have a CFC intensive application, and are using ColdSpring, then you may be affected. I am looking to go through my apps and make sure output is set, and I don’t know if other frameworks have picked up on this issue. So be aware!
Read more @ http://blog.maestropublishing.com/fixing-a-mysterious-memory-leak-on-coldfusion.
Vote for a fix at the CF Bug Base @ http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html#bugId=82362.
Update: Luis Majano confirmed that ColdBox 2.6+ does not have this issue.
Update: I believe this is a Adobe CF issue only.

CGI Facade – Why You Should Use One

CGI Facade?! I’m sure you are saying, I’ve heard of a Session Facade, but why a CGI Facade…
Well, simple really. Web Servers are evolving, and sooner or later, you’ll put a device or a server in between you firewall and your web server, like a clustering device or a reverse proxy like my current favorite, NGINX (see previous post for details).
NGINX, for example, will accept http requests on port 80, and forward them to your web server. In doing so, the web server thinks the request is coming from NGINX and not from the outside world. Your CGI vars, notably REMOTE_ADDR and REMOTE_HOST will get skewed with the IP of NGINX. A lot of times you will run NGINX on the same physical server and the CGI variables will start displaying
This can be a problem. For example, you may be using the IP for logging, or for configuration based on the dev environment. ColdFusion is not smart enough to know who the original requester is. But its only partially at fault.
When NGINX gets the request, as you’ll see from sample configs, it DOES pass who the original requester is. It creates new HTTP headers and passes them off to the web server. Here are two lines, see if you can follow:
proxy_set_header    X-Real-IP       $remote_addr;
proxy_set_header    X-Forwarded_For $proxy_add_x_forwarded_for;
As you can see, its adding two headers: “X-Real-IP” and “X-Forwarded_For” with the IP of the requester. In your CGI Facade, you don’t want to rely on REMOTE_ADDR and REMOTE_HOST, and instead, if the header has these values, pass them instead for whatever use case you may have. In face I would recommend you do that now so as to future proof your apps.
This is not a new problem. Many people are familiar with SQUID, and that too sets headers as it proxies. So get to it!