Running CF On LINUX

Pete Freitag, Foundeo Inc.

ABOUT ME


  • Working with CF for 16 years
  • 8 years Foundeo Inc.
    • Consulting: Server Lockdown, Code Review, Development
    • Products: FuseGuard
    • Services: HackMyCF
  • Husband and father of 3 kids
  • Blog: petefreitag.com
  • Twitter: @pfreitag

AGENDA


  • Platform Differences
  • Linux Basics
  • Installing CF
  • Configuring Apache

Platform Differences


  • Linux File System is Case Sensitive
    • Check your links, images, file operations, etc.
    • Use Application.cfc not application.cfc
    • Can be the biggest pain point if you were careless about case.

PATH SEPARATORS


  • CF on Windows allows either / or \ to be used in file paths.
      •  c:\abc/123\ works on Windows 
  • CF on Linux does not allow \ in paths:
      • /opt\coldfusion11 does not work on Linux
  • Always use a forward slash /  because it works on any platform.

PLATFORM Differences


  • Fonts available may be different. 
    • Check usage of fonts in cfimage, cfdocument, etc.

PLATFORM Differences


  • Platform specific code will not work
    • cfexecute - executables are platform specific
    • .NET integration will not work
    • C++ CFX tags need to be recompiled

PLATFORM DIFFERENCES


  • Java is platform independent.

PLATFORM DIFFERENCES


  • URL Rewriting often needs attention.
    • You may need to translate your rewrite rules into apache mod_rewrite rules.

Linux Distributions

  • Tons of Linux Distributions to choose from, pick a popular one.
    • For Servers RedHat Enterprise Linux (or its free counterpart CentOS) is a good choice.
    • For Servers & Desktop Ubuntu is also a good choice.

LINUX BASICS


  • No GUI Needed
    • Everything can be configured through the shell, from the command line.
    • No GUI's, wizards are necessary.
    • If you want to use a GUI use Windows.
    • Takes a little time to get over a small learning curve

SSH 

  • Secure Shell Protocol
    • You will use this to connect to and login to the server
    • If on a Mac
      • Open Terminal.app and type ssh user@hostname
    • If on Windows
      • You will need to download and install a SSH client, putty is a popular/free one.
    • SSH is akin to Remote Desktop on Windows, it is how you will connect and administer the server.

WHAT's A SHELL?

  • Similar to Command Prompt or PowerShell on Windows
    • dir some\path  -> ls some/path  

DOS vs Linux

Linux DOS Description
ls dir List Directory
cd  path cd  path Change Directory
cat  file type  file Show File
man  cmd help  cmd Help Manual
rm  file delete  file Delete file/dir
cp  f1 f2 copy  f1 f2 Copy file/dir
mkdir  file mkdir  file Create dir
mv  f1 f2 move  f1 f2 Move file

Other Linux Commands you Should Learn

  • more: paginates output, typically piped | eg: ls -l | more

  • tar: creates or extract archives (typically tar.gz) 
      • tar -czf archive.tar.gz /dir  
      • tar -xzf archive.tar.gz
  • tail: last n lines: tail log.txt  
  • head: first n lines: head log.txt
  • grep: searches (regex): grep '201[0-4]' log.txt
    • if you don't need a regex use fgrep (fast grep)
  • find: lists files recursively:  find /var | fgrep log  

Text Editor


  • You need to know how to use a text editor in order to edit config files.
    • vi - very popular, powerful, installed by default
    • nano - perhaps easier to use
    • emacs - very powerful

Basic VI

  • Open a file: vi filename
  • Run a vi command: Esc :some-command
  • Insert Text: Esc :i
  • Save file: Esc :w
  • Save file and exit: Esc :wq
  • Exit a file: Esc :q
  • Exit without writing: Esc :q!
  • Go to line 8: Esc :8

Users


  • root - sometimes called the superuser, equivalent to Administrator on windows.
    • You should use your own user account instead of root, as much as possible.
    • After logging in you can become root by running: su
    • You can use sudo to execute privileged commands
    • Configure SSH to deny root logins
  • Users can belong to multiple groups.

File System Permissions


  • To view permissions of files in a directory run ls -l 
-rw-r-----  1 user group 3631 Oct 7  2013 style.cssdrwxrwx---  6 user group 4096 Oct 22 2013 folder
 
-       ---       ---       ---
d       rwx       rwx       rwx
dir  user  group   other

Linux File System

  • / - the root (there are no drive letters)
  • /etc - stores configuration files for most stuff
  • /var - files that change during runtime  /var/log
  • /root - the home directory for the root user
  • /home - home directories for other users

UPLOADING Files

  • The SSH service provides a SFTP subsystem
    • No need to install any extra FTP software it runs on the same SSH port (22 by default).
    • You can use scp to copy files from server to server or from a mac to your linux server.
    • Most FTP clients support SFTP.
  • If you really need FTP/FTPS consider vsftpd

SENDING EMAIL

  • Lots of options, sendmail and qmail are popular.
  • Also consider third party SMTP servers like SendGrid, Mandrill, etc.

SCHEDULED TASKS


  • You can create shell scripts that run on a periodic basis
    • Create a shell script, mark it executable and drop it in:
      • /etc/cron.daily/
      • /etc/cron.hourly/
      • /etc/cron.weekly/
      • /etc/cron.monthly/
    • The /etc/crontab file for more advanced timing


ColdFusion Installation

Configuring APACHE

  • Look in /etc/httpd/ or /etc/apache2/
  • The main configuration file is typically called httpd.conf
    • Depending on the distribution httpd.conf may have Include somefolder/*.conf
    • Lines that start with # are comments
  • Apache is a modular web server, you can pick and choose which modules you want, look for LoadModule directives.

APACHE CONFIG

  • A site is typically configured in a <VirtualHost>  directive.
    • Minimally specify a ServerName and DocumentRoot
    • Make sure NameVirtualHost and Listen
       are used to define the ip/port mappings.

<VirtualHost *:80>    DocumentRoot /var/www/example.com/wwwroot/    ServerName example.com</VirtualHost>

SYSTEM ADMIN TASKS


  • Monitor Log files 
    • Most logs are under /var/log (CF's logs will be in its own dir)
    • Install logwatch (yum install logwatch) or similar to email log summaries 
    • More advanced options like splunk
  • Manage local firewall
    • Use iptables command 
    • Dome9 - firewall management service
  • Update, add yum update to a cron task.

TWO FACTOR AUTH SSH


  • Duo Security:  Smart Phone Applications (push msg), sms, landline integration. Free for up to 10/users
  • Google Authenticator: OTP generator app

Thanks

Questions?







foundeo.com | hackmycf.com | fuseguard.com