search

Bilal-S / iis2tomcat

AJP Connector between Internet Information Services (IIS) and Apache Tomcat
http://www.boncode.net/boncode-connector
49 stars 32 forks source link

Server 2016 / IIS 10 Supported #67

Closed ghost closed 6 years ago

ghost commented 6 years ago

Hi,

I'm not entirely sure if this is a bug with the connector or mod_cfml but looking at the connector logs it suggest it might be the connector.

I've installed lucee 5.2.5 with the global/wildcard configuration for the connector in a new aws ec2 windows 2016 machine and after creating a new site in iis i only ever see the lucee welcome page instead the new sites index.cfm which suggest that the context isn't be setup in tomcat and when i enable the connector logging i don't see "x-tomcat-docroot" header mentioned which makes me think this might be caused by the connector, relevant config and logs included below.

C:\Windows\BonCodeAJP13.settings

<Settings>
<Server>localhost</Server>
<Port>8009</Port>
<LogLevel>3</LogLevel>
<LogDir>c:\windows\Temp</LogDir>
<EnableRemoteAdmin>True</EnableRemoteAdmin>
<EnableHeaderDataSupport>True</EnableHeaderDataSupport>
<ForceSecureSession>False</ForceSecureSession>
<AllowEmptyHeaders>False</AllowEmptyHeaders>
<ModCFMLSecret>61f235075130dd873efd7b037709b0951605f01631a8581d16cf25e82a40c402</ModCFMLSecret>
</Settings>

C:\Windows\Temp\BonCodeAJP13Connection_2_EC2AMAZ-RP875G7_20180706.log

2018-07-06 08:47:57 Closing Connection ID: 2 [T-5240]
2018-07-06 08:47:57 Closing Connection ID: 1 [T-5240]
2018-07-06 08:48:01 New Connection 1 of 0 to tomcat: [::1]:8009 ID: 1 [T-5448]
2018-07-06 08:48:01 BonCodeAJP13.ServerPackets.BonCodeAJP13ForwardRequest GET /index.cfm 694 bytes
 < appl-physical-path : C:\blah\
 < Content-Length : 0
 < gateway-interface : CGI/1.1
 < https : off
 < local-addr : 127.0.0.1
 < path-info : /index.cfm
 < remote-port : 51053
 < script-name : /index.cfm
 < server-port : 88
 < server-port-secure : 0
 < Connection : Keep-Alive
 < Accept : text/html, application/xhtml+xml, image/jxr, */*
 < Accept-Encoding : gzip, deflate
 < Accept-Language : en-US
 < Host : 127.0.0.1:88
 < User-Agent : Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
 < DNT : 1
2018-07-06 08:48:01 BonCodeAJP13.TomcatPackets.TomcatSendHeaders 217 bytes
 > Set-Cookie : cftoken=0;Path=/;Expires=Thu, 26-Jul-2018 10:26:05 UTC;HTTPOnly
 > Content-Type : text/html;charset=UTF-8
 > Content-Length : 10686
2018-07-06 08:48:01 BonCodeAJP13.TomcatPackets.TomcatSendBodyChunk  8188 bytes
2018-07-06 08:48:01 BonCodeAJP13.TomcatPackets.TomcatSendBodyChunk  2506 bytes
2018-07-06 08:48:01 BonCodeAJP13.TomcatPackets.TomcatSendBodyChunk  4 bytes
2018-07-06 08:48:01 BonCodeAJP13.TomcatPackets.TomcatEndResponse  2 bytes
2018-07-06 08:48:04 New Connection 2 of 0 to tomcat: [::1]:8009 ID: 2 [T-5448]
2018-07-06 08:48:04 BonCodeAJP13.ServerPackets.BonCodeAJP13ForwardRequest GET /index.cfm 694 bytes
 < appl-physical-path : C:\blah\
 < Content-Length : 0
 < gateway-interface : CGI/1.1
 < https : off
 < local-addr : 127.0.0.1
 < path-info : /index.cfm
 < remote-port : 51057
 < script-name : /index.cfm
 < server-port : 88
 < server-port-secure : 0
 < Connection : Keep-Alive
 < Accept : text/html, application/xhtml+xml, image/jxr, */*
 < Accept-Encoding : gzip, deflate
 < Accept-Language : en-US
 < Host : 127.0.0.1:88
 < User-Agent : Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
 < DNT : 1
2018-07-06 08:48:04 BonCodeAJP13.TomcatPackets.TomcatSendHeaders 217 bytes
 > Set-Cookie : cftoken=0;Path=/;Expires=Thu, 26-Jul-2018 10:26:08 UTC;HTTPOnly
 > Content-Type : text/html;charset=UTF-8
 > Content-Length : 10686
2018-07-06 08:48:04 BonCodeAJP13.TomcatPackets.TomcatSendBodyChunk  8188 bytes
2018-07-06 08:48:04 BonCodeAJP13.TomcatPackets.TomcatSendBodyChunk  2506 bytes
2018-07-06 08:48:04 BonCodeAJP13.TomcatPackets.TomcatSendBodyChunk  4 bytes
2018-07-06 08:48:04 BonCodeAJP13.TomcatPackets.TomcatEndResponse  2 bytes

As you can see from the logs the connector does have the "appl-physical-path" header which the correct path for the web root but doesn't have a "x-tomcat-docroot" header which my understanding is should be enabled with <EnableHeaderDataSupport>True</EnableHeaderDataSupport> and is used by mod_cfml to setup the site context in tomcat.

I've also tried changing the settings file to include <DocRoot>C:\blah</DocRoot> to see if it would be included that way but it didn't help.

ghost commented 6 years ago

Also i've read about a permissions issue with some boncode files when install lucee on server 2016 here but i'm running the app pool as administrator so if there was a permissions issue that shouldn't be a problem in this case, although i'm not really clear what the poster did to fix their issue to be honest.

Bilal-S commented 6 years ago

Mostly looks good. I am assuming you restart IIS or AppPool after you made changes to BonCode setting file. The "x-" headers should be there otherwise something is not being picked up in config. Check your running values on server with: http://localhost/a.cfm?BonCodeConfigList=true

Best, Bilal

Bilal-S commented 6 years ago

Look for a package Type:18 it should contain the extra headers sent for the request

ghost commented 6 years ago

The default connector installed with lucee doesn't seem to have that command and would 404 on non existent files but i installed the latest release to get the config list. When you say look for a package what do mean? i couldn't see anything in the boncode logs should i look in the windows event logs?

I think i restarted IIS to get the connector to enable logging but i've restarted the box on this attempt just to be sure it all working ok as the server roles/features were fresh installs.

Default Connector (/index.cfm?BonCodeConnectorVersion=true)

BonCodeAJP Connector Version 1.0.27
using setting file in C:\Windows\BonCodeAJP13.settings

Newest Release (/index.cfm?BonCodeConnectorVersion=true)

BonCodeAJP Connector Version 1.0.36
using setting file in C:\Windows\BonCodeAJP13.settings

Newest Release (/index.cfm?BonCodeConfigList=true)

BonCode Active Configuration: 
-----------------------------------------------
BONCODEAJP13_ADOBE_SUPPORT = False
BONCODEAJP13_PORT = 8009
BONCODEAJP13_SERVER = localhost
BONCODEAJP13_AUTOFLUSHDETECTION_TICKS = 0
BONCODEAJP13_AUTOFLUSHDETECTION_BYTES = 0
MAX_BONCODEAJP13_CONCURRENT_CONNECTIONS = 0
BONCODEAJP13_LOG_LEVEL = 3
BONCODEAJP13_LOG_DIR = c:\windows\Temp
BONCODEAJP13_LOG_FILE = BonCodeAJP13Connection
BONCODEAJP13_ENABLE_REMOTE_MANAGER = True
BONCODEAJP13_AUTOCOMPRESS = False
BONCODEAJP13_TEXT_MARK = System.String[]
BONCODEAJP13_MANAGER_URLS = System.String[]
BONCODEAJP13_MANAGER_FLEXURLS = System.String[]
BONCODEAJP13_HEADER_SUPPORT = True
BonCodeAjp13_DocRoot = C:\blah\
BonCodeAjp13_PhysicalFilePath = C:\blah\index.cfm
BONCODEAJP13_BLACKLIST_HEADERS = URL,SERVER_SOFTWARE,SERVER_NAME,SERVER_PROTOCOL
BONCODEAJP13_WHITELIST_HEADERS = 
BONCODEAJP13_FLUSH_TIMEOUT = 30
BONCODEAJP13_SERVER_READ_TIMEOUT = 0
BONCODEAJP13_SERVER_WRITE_TIMEOUT = 0
BONCODEAJP13_FORCE_SECURE_SESSION = False
BONCODEAJP13_REMOTEADDR_FROM = 
BONCODEAJP13_ALLOW_EMTPY_HEADERS = False
BONCODEAJP13_PATHINFO_HEADER = xajp-path-info
BONCODEAJP13_ENABLE_HTTPSTATUSCODES = True
BONCODEAJP13_TOMCAT_DOWN_URL = 
BONCODEAJP13_TOMCAT_STREAM_ERRORMSG = 
BONCODEAJP13_TOMCAT_TCPCLIENT_ERRORMSG = 
BONCODEAJP13_PATH_PREFIX = 
MAX_BONCODEAJP13_PACKET_LENGTH = 8192
MAX_BONCODEAJP13_USERDATA_LENGTH = 8186
BONCODEAJP13_ENABLE_CLIENTFINGERPRINT = False
BONCODEAJP13_FINGERPRINTHEADERS = REMOTE_ADDR,HTTP_ACCEPT,HTTP_ACCEPT_CHARSET,HTTP_ACCEPT_ENCODING,HTTP_ACCEPT_LANGUAGE,HTTP_USER_AGENT,UA_CPU,REMOTE_HOST
BONCODEAJP13_SKIP_IISCUSTOMERRORS = False
BONCODEAJP13_LOG_IPFILTER = 
BONCODEAJP13_REQUEST_SECRET = 
BONCODEAJP13_FORCE_GC = False
BONCODE_MODCFML_SECRET = b5f5968b2f8399af717fddb62a36c68c7613bc07f10557d99e77a7f7ab69e872
BONCODE_DOCROOT_OVERRIDE =
ghost commented 6 years ago

Also if it helps this is my server role/feature setup but i assume if i'd got something wrong here the connector wouldn't work at all

image

ghost commented 6 years ago

i used wireshare to capture the request going to the ajp connector which clearly showed the correct header being set so started looking into the possibility the problem is being caused by mod_cfml which after enabling logging on it seems likely it is a bug in mod_cfml.

Sorry for wasting you time, would it be worth adding a feature request to add the tomcat doc root header to the connector log? as not seeing it there was my main reason for thinking it was caused by the connector.

Here's the log from mod_cfml for anyone else who come across the same behaviour.

[mod_cfml] Counters have been reset (maxContexts, timeBetweenContexts)
[mod_cfml] host [127.0.0.1:88] contains ':'. New value => 127.0.0.1
[mod_cfml] Decoded Request URI => /index.cfm
[mod_cfml] QueryString => null
[mod_cfml] DocRoot Value => C:\blah\
[mod_cfml] Webserver main Host => w3svc2
[mod_cfml] Alias Value => 127.0.0.1
[mod_cfml] FATAL: Host [127.0.0.1] already exists.
Bilal-S commented 6 years ago

You need to set the log level to 4 You should see the X-headers in special data package type (18).

If you do, all data is sent correctly and further investigation should take place on tomcat side. Mod_cfml valve should then automatically determine the site context and return index.cfm.

If not, you can also setup the new site manually on tomcat as new context.

Bilal