- Tech.Ed 2009 Windows 7 Experience – Netbooks for you!
-
So FINALLY we can talk about a project that’s been happening for a while now. I’ve picked up a job for Tech.Ed 2009 as overall infrastructure guy so i’ve been working on ensuring that we have the best technology to deliver and awesome event. Aside from that we had a question earlier in the year which was…”what if we give every paid teched delegate a netbook with windows 7”…. While my head is still spinning from the awesomeness of this idea and all the planning we are doing, Nick Hodge has put the hard yards and pushed it through.
All documented here:
http://blogs.msdn.com/nickhodge/archive/2009/06/30/big-things-in-mini-packages.aspx
http://www.nickhodge.com/blog/archives/3143
http://www.istartedsomething.com/20090630/teched-australia-attendees-free-hp-mini-windows-7/
So a BIG shout out to the hard work Nick Hodge has been working so hard on this for the past few months. Now we go into the fun part of getting them on the network and doing some awesome things. We’ve already started planning this, with a wireless survey of the Gold Coast Convention Centre - as you can see, there’s a lot of air to cover!
-jorke
- “Microsoft”.“Open Source” == “unhandled exceptions.”
-
Nick Hodge and I have been talking to our local Open Source communities for the past year and we’ve finally managed to get some traction to hit the road Sam and Max style in Sydney, Melbourne and Brisbane.
Microsoft and Open source? Isn’t that like cats and dogs living together? Discuss and learn what (where and why) Microsoft is embracing Open source. See which Microsoft technology can positively affect your Open source based projects, and how you can contribute. We would also like to hear your unfiltered feedback on how we should contribute, too. Come along, bring your colleagues, have some light refreshments and enjoy a relaxed conversation.
At Webdu in sydney we sat down and opened ourselves up for feedback from a community that I believe we’ve neglected for sometime. Listening to hard reality can hurt at times but I believe its a necessary pain.
So come see us in person for a relaxed evening if spirited presentations and discussions.
SYDNEY: 23 Jun 2009 - 5:30 PM to 8:30 PM AEST
City Tattersalls Club Room
The Celebrity Lounge
194 - 204 Pitt Street
Sydney
New South Wales 2000
MELBOURNE: 24 Jun 2009, 5:30 PM to 2009, 8:30 PM AEST
CQ Functions Room
Events Room 3
Level 1, 113 Queen St
Melbourne
Victoria 3000
BRISBANE: 25 Jun 2009, 5:30 PM to 8:30 PM AEST
Central Eagle Street Conference Venue Room
The Icon Theatre
175 Eagle Street
Brisbane
Queensland 4000
Australia
REGISTER HERE!
If you don’t want to go through the rego page, just drop us a line here or on @jorke / @nickhodge on twitter so we can cater for you.
- jorke
- IIS SEO Toolkit
-
Again the IIS team are kicking butt in showing the value of using Windows as a web platform, this time with the IIS SEO toolkit – to bust the jargon – Internet Information Services Search Engine Optimization Toolkit.
To get it, of course the easy way is to grab the Web Platform Installer and tick the option, it’ll become part of your IIS Manager. At this stage the Toolkit will only analyse the website you have on your server.
I didn’t have any sites locally to play with, so I yanked one that is constantly seeking publicity – Michael Korhdahi’s thetweetshirt.com – I sucked down the site content using Expression Web 2 and hosted it locally on my IIS Server.
Then selected “Site Analysis” and analysed the site, which was pretty fast, since there wasn’t much content there.. and gave me a few things to look at:
Drilling down into the first option gives you a query-able interface to find rules which is kinda neat, PLUS an insane amount of detail on the actual warning itself:
I could drill down on each detail forever, but by FAR coolest feature is under the Performance Tab, where you can analyse the speed, of the content loading. Even better is that you can export this query as a CSV – which you can then import into something like Excel and graph:
So from this we can see that the delivery of the JavaScript and Jpeg’s are the least efficient part of the site…
With a few tweaks I reckon I can fix that easy enough.. just add some output caching…
<system.webServer>
<caching>
<profiles>
<add extension=".htm" policy="DontCache" kernelCachePolicy="DontCache" />
<add extension=".gif" policy="CacheUntilChange" kernelCachePolicy="CacheUntilChange" />
<add extension=".png" policy="CacheUntilChange" kernelCachePolicy="CacheUntilChange" />
<add extension=".js" policy="DontCache" kernelCachePolicy="DontCache" />
<add extension=".jpg" policy="CacheUntilChange" kernelCachePolicy="CacheUntilChange" />
</profiles>
</caching>
</system.webServer>
And we do seem to get better results.
So that’s a very fast look that analytics part of the package but there’s also the ability to create a sitemap for the spiders or bots to follow:
And then the Robots Exclusion Module that allows you to create the robots.txt file and set sitemap locations:
So all in all, a very neat little module that helps the developer setup their site to be ideal for search engines to index.
-jorke
- Old New Series – Cannon PI
-
Keep watching as Cannon makes life easier for today's web developers using the Microsoft Web Platform Installer.
- jorke
- Windows 7 RC download
-
get it now, now now, while it lasts - http://www.microsoft.com.au/windows7 its HOT HOT HOT!
Don’t for get to grab Windows Server 2008 R2 Release Candidate
- jorke
- Remix Australia 09 – Register now!
-
REMIX 09 – The Next Web Now, registration is open now! – check out the action packed agenda.
![remix[1]](http://blogs.technet.com/blogfiles/jorke/WindowsLiveWriter/RemixAustralia09Registernow_12E44/remix%5B1%5D_thumb.jpg "remix[1]")
June 11 Sydney, Star City Casino.
Register now to get the earlybird!
- jorke
- FastCGI timeout on IIS7
-
Had a couple of question this week around some issues that people were experiencing from long running PHP scripts that appear to timeout/hang and eventually stop/crash and is this problem with FastCGI or the application pool settings.
Let’s take a look at the FastCGI settings in the ApplicationHost.config
<fastCgi>
<application fullPath="C:\PHP\php-cgi.exe" activityTimeout="60" instanceMaxRequests="10000">
<environmentVariables>
<environmentVariable name="PHP_FCGI_MAX_REQUESTS" value="10000" />
<environmentVariable name="PHPRC" value="c:\php\" />
</environmentVariables>
</application>
</fastCgi>
You’ll the highlighted entries, the one that causes the PHP scripts to hang and stop running is activityTimeout – simply put this value defines for FastCGI to timeout when the cgi process doesn’t talk to IIS for that amount of time specified. So if you have a script that will run longer than this, make sure you adjust it appropriately. Of course, use this sensibly.
Couple other things highlighted are environment variables for PHP with FastCGI. PHP_FCGI_MAX_REQUESTS governs how many requests will be processed by PHP before the PHP recycling process happens. PHPRC tells PHP where the PHP runtime configuration (php.ini) configuration file is located for this fastcgi process.
- jorke
- “The subsystem needed to support the image type is not present"
-
You might be getting this error on server 2008 R2 or in fact any x64 system. I’ve had a bunch of people getting this particularly on running 2008 server core R2 x64.
The problem occurs when the executable you are running has not been compiled for x64 AND you haven’t installed WOW64 – yeah that’s right WOW64 is now an optional component in Windows Server 2008 R2 Core – cool eh?
so to fix this just run:
start /w ocsetup.exe ServerCore-WOW64
you will need to reboot to get your WOW64 goodness..
-jorke
- linux.conf.au
-
So i attended linux.conf.au (LCA) in Tassie this year, i reckon i was the only person walking around with Windows installed on my machine :) This year LCA was held at the University of Tasmania’s Sandy Bay Campus in Hobart, and you can see key media reports are here: http://www.itwire.com/component/option,com_tag/tag,linux.conf.au/tag_id,23107/
My Highlights
- some Perception change about ms evident
- Attendance by the guys at corp who are doing the hard hards in protocol documenation helped to bolster commitment – you know how much aussie tech audiences swoon at American accents..
- Great work in the community by the likes of Samba and OpenChange
- Managed to have a chat with Linus Torvalds on the way back to the Hotel (he looks much more fit than is wikipedia picture..)
- Experiencing a different community involvement and action.
- I gave out an inch of business cards, and have had many contacts back saying it was great to see us there.
My Lowlights
- Still a long way to go with being able to work cohesively, and i think with this community
- Lawrence took it on the chin to soften them up for us during the week
- History is still biting us in the ass – the amount of conversations that I had where people complained about buggy ie6 or win98...
Day -2 Monday 19th Jan Miniconfs
Lawrence Crumpton (Platform Strategy Manger) delivered the infamous “Did hell freeze over?” talking about what Microsoft is doing in the Open Source community and our strategy moving forward. As is well documented in the press ... http://www.itwire.com/content/view/22752/1090/1/0/
Most issues that were raised were quite valid, however most were coming grips with the idea the Microsoft was in the room, and didn’t have some underhanded motive to it all which led to some suspicion and revisiting history. I can only commend Lawrence for his patience during this talk, as this was truly on the front line of the field, and helped us later during the week in further conversations.
Day -1 Tuesday 20th Jan Miniconfs
I attended the “Free as in Freedom” track. Interesting things to look at IMHO;
- http://openaustralia.org - lots of respect for Matthew Launder – awesome job.
- Free culture presentation by Jessica Coates - http://linux.conf.au/wiki/index.php?n=Freedom.FreedomFighting-HowDoWeConvinceThePowersThatBeToRelaxTheirGrip
- A look at citizen journalism – Crikey.com.au – followed by a great presentation by Jeff Waugh - http://linux.conf.au/wiki/index.php?n=Freedom.WeAreTheTranslators – touched on how to make a case for technology, this was delivered fairly agnostically as well.
Day 0 Wednesday 21st Jan Official Start
Keynote by Thomas Limoncelli was delivered quite well but not the right fit for this audience as it focused primarily on how to be successful as a sysadmin, but quite well received.
Standout presentation for the day from me was from Rasmus Lerdorf from yahoo, one of the creators of PHP on PHP architecture, Scalability and Security. Great content, and demos all demonstrated on linux but after some discussion with Rasmus there are windows ports of a lot of the debugging tools.
Penguin Dinner was on that night, where a photo was auctioned for almost $30K + the beard of Bdale Garbee (CTO for OSS at HP - http://apcmag.com/Content.aspx?id=3422
Day 1 Thursday 22nd Jan
Standout presentation was “Displacing Active Directory – first Samba4 deployments” by Andrew Barlett. Main points where:
- Working with Microsoft has been extraordinarily helpful
- Documentation of the protocols is a huge step in the right direction ( resulting in a round of applause for MS - wow )
- A lot of the work on understanding what’s on the wire is no longer an issue, now the samba team is looking for Active Directory specialists to help them, as they’re not.
- A fair bit of disbelief from the audience that MS was being helpful, several times it had to be reinforced that we had voluntarily published the protocols without being required by court ruling.
The most disappointing talk Interesting/Terrible talk by OpenOffice.org (Louis Suarez-Potts) – “Where the future lies: OpenOffice.org and the ODF in the world” – A demo of the product or how odf works with it would have been nice, but apparently just playing a slideshow is demo enough... Feedback from other conference delegates was much the same in that they were very disappointed at this presentation. http://www.itwire.com/content/view/22826/1090/
Professional Networking that night was quite relaxed, and had some great conversations with many community people.
Day 2 Friday 23rd Jan
Keynote by Simon Phipps (Sun) – interesting predictions for the future, a couple of digs at microsoft and his own company, without pushing any product. I thought the best part of the presentation was when he picked up a netbook and said “put a free OS on this that doesn’t become my hobby”. Question time during this presentation brought the wrath of the conference down on a redhat representative.
Other great presentations:
- Awesome things you’ve missed in Perl – Paul Fenwick (I’m biased on Perl :) )
- OLPC in Australia – Pia Waugh – same presentation as at OSDC in Sydney, good questions from the audience, a bit of an MS smackdown about trying to run Win XP on a XO – interesting there were some audience members suggesting they try win7....
- System Admin in a large scale web hosting environment – Terri Haber (DreamHost) – (I’m biased again) a bit disappointing as Terri concentrated more on the development troubles of their Open Source scaling Disk system.
OpenChange and KDE – Bridging to Microsoft Exchange – Brad Hards – Great session on how the OpenChange team has been using the protocol documentation to develop a mail client to talk directly to MS Exchange. Demos where of a command line version doing the MAPI connections and reading/delivering email –at this stage the MAPI connector is scheduled to release mid this year as part of Evolution on KDE. My concerns for what Brad has going is that he’s testing only on Exchange 2003, and on some small infrastructure that he’s built himself. I’ve connected with him locally and we’re working out what we can do to support him testing on the latest platforms.
Closing celebrations were sponsored by Google but still had to pay for drinks?? nevermind – I got my fair share of flashing badges to hand out in the office. I had the chance here to talk to some community leaders here and they were interested in working with us in the future.
Next year
Linux Conf down under will be held in Wellington New Zealand.
- jorke
- Samsung Blackjack on Telstra NextG as a modem
-
This works on Vista and Windows 7.
Most Windows Mobile devices can be used as a network device to connect to high speed wireless networks such as Telstra NextG, by allowing Internet Connection Sharing on the Mobile Device while connected over USB.
Unfortunately with the ancient Samsung Blackjack (v1) that I have, that has the Telstra Windows Mobile 6 ROM, the Internet Connection Sharing Feature has been removed.
Rather than buying yet another gadget to use high speed wireless and since I don’t get the free phone benefits of some of my other colleagues :) , and because I travel a fair amount, I need to use my device as a high speed modem. Easy way to do this is:
On your phone: Settings, Connections select “USB”, and change the setting to “Modem” – then plug in your phone in via the datacable to your laptop (or desktop – but I’m assuming your not lugging a desktop machine travelling…)
Once you connect, Windows will look for the device drivers (it does help to be internet connected when you set this) and will install some Samsung CDMA Technologies or Samsung Mobile Modem. I have managed to get mine working on x64 which is interesting as there are no x64 drivers available from Samsung for this, so I do not condone the course of action I took to get this too work nor will I supply you the drivers I am using, all I will say is the hardware ID of the device that installed is: USB\Vid_04e8&Pid_6640&Class_02&SubClass_02
Then all you need to do is set up a dial up connection to the internet and use the following details, Dial-up number is *99# and use your mobile number as the username (don’t use mine..)
Then hit connect, you may get a couple of false starts, I found a couple people need to use a modem initialisation string like the following: at+cgdcont=1,”IP”,”telstra.internet”
Otherwise you should get something like:
and you’re connected!
- jorke
- Apache httpd/htaccess config for IE8 Compatability
-
Some great advice for infrastructure providers that may get calls from customers wondering why their sites are broken after they install IE8 and they haven’t developed their sites to standards…
The full info is here can be found here: http://blogs.msdn.com/hanuk/archive/2008/08/28/apache-httpd-configuration-for-ie7-standard-mode-rendering-in-ie8.aspx
But in short you can tell the browsing clients to render in IE7 standards mode at a server level or site level.
At the Server level:
1. Open httpd.conf in a text editor
2. Uncomment (or add) “LoadModule headers_module modules/mod_headers.so”
3. Add the following configuration fragment at the end of the httpd.conf file:
<IfModule headers_module>
Header set X-UA-Compatible: IE=EmulateIE7
</IfModule>
4. Save httpd.conf and reload the apache config
At the site/directory level – make sure you are allowing .htaccess files to be read from each directory.
1. Add to your .htaccess file:
<IfModule headers_module>
Header set X-UA-Compatible: IE=EmulateIE7
</IfModule>
Stacks more info here: http://blogs.msdn.com/ie/archive/2008/08/27/introducing-compatibility-view.aspx and here http://blogs.msdn.com/ie/archive/2008/06/10/introducing-ie-emulateie7.aspx
- jorke
- Developers Developers Developers – Steve Ballmer in Australia
-
As part of a whirlwind visit to Sydney early next month, Steve Ballmer will be presenting Microsoft's future vision for developers in the world of software-plus-services. He'll discuss the next wave of technologies just launched at the Professional Developer Conference. There will also be a live Q&A session with Steve.
Immediately following Steve’s session, we’ll drill into the Software + Services vision even deeper with Microsoft Directors Gianpaolo Carraro and Tim Sneath, delivering sessions on “Understanding Cloud Computing” and “Amazing Software Experiences for Windows and the Web”. Although all the seats at the Sydney event are gone, we’ll be streaming live and a number of user groups are running events around the country to get together and watch the stream.
Watch the stream from here : http://www.microsoft.com.au/powertodevelopers/
Or if you are in Brisbane, watch it locally at the Queensland MSDN User Group
-jorke
- Cat Power - Tomcat on Server 2008 Core with IIS7
-
EPIC START
So this turned out to be much longer than I thought - the basic goal is to utilise two of the coolest features of Window Server 2008 - Core and IIS7. The idea is to create an ultimately low footprint web server on Microsoft Windows Web Server 2008 Core and show how that can easily support the Apache Software Foundation's Open Source Java Server - Tomcat. Ideally I don't want to logon to the console or via Remote Desktop of the server at any point - and I'll use our remote management tools to configure and install in a true 'headless' environment. My Starting point is a clean install of Windows Web Server 2008 Core on Hyper-V, not on a domain and just having had the computer name set to "servercore". Let see how I go!
Set for Remote Management
So this the one thing I must do on the console (or I can script it as part of install). I need to configure our remote management tools WinRM to allow connections from my workstation to the server. (note that you should NOT leave WinRM with Basic auth set to true in a production environment - I need to do this because the machine is not in a domain)
WinRM quickconfig
WinRM set winrm/config/service/auth @{Basic="true"}
WinRM set winrm/config/client @{TrustedHosts="jorkeo-hp"}
WinRM set winrm/config/service/auth @{Basic="true"}
WinRM set winrm/config/client @{TrustedHosts="servercore"}
Now I connect to the server from the command prompt on my workstation ("jorkeo-hp") using WinRS, and I'm going to instantiate a remote command prompt:
WinRS -r:servercore -u:Administrator -p:****** cmd.exe
Now we have our remote shell - all commands from this point forward are run here.
Install Basic IIS requirements
Normally I would use ocsetup to install everything with dependencies, but since I'm attempting a low footprint web server I want pick the exact packages I need to install without installing everything - to do this I use package manager - pkgmgr - and select the roles/modules to install.
start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-Security;IIS-BasicAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementScriptingTools;WAS-WindowsActivationService;WAS-ProcessModel;
Installation dependencies can be found here:http://learn.iis.net/page.aspx/130/understanding-setup-in-iis-7/
Then you need to create the site under IIS7 to host your servlets.
mkdir c:\inetpub\mytomcat
C:\windows\system32\inetsrv\appcmd.exe add site /name:"mytomcat.com" /bindings:http://mytomcat.com:80
/physicalPath:"c:\inetpub\mytomcat"
SITE object "mytomcat.com" added
APP object "mytomcat.com/" added
VDIR object "mytomcat.com/" added
c:\windows\system32\inetsrv\appcmd.exe add apppool /name:mytomcat
APPPOOL object "tomcat" added
c:\windows\system32\inetsrv\appcmd.exe set site "mytomcat.com"
/applicationDefaults.applicationPool:"mytomcat"
SITE object "mytomcat.com" changed
Install JRE + Tomcat
Now we need to install the Java Runtime Environment - I just download the latest one from http://java.sun.com and install with defaults, the version I ended up with was JRE6 update 7 - the offline installation - I then ran the installer like so:
jre-6u7-windows-i586-p.exe /passive
Verified that was in place, by looking for the java directories under \Program Files
Then just downloaded the latest version of Apache Tomcat from my buddies at AussieHQ. There are a couple of ways you can deploy this, by running the installer service/downloading the file - I like to run the installer on a reference machine then copy the contents of the tomcat directory to the server - it seems to clear out all the unnecessary stuff at installation time. I've copied my contents of a reference install to c:\tomcat on servercore.
Run Tomcat as a service
Now this took aaaggess as the installation syntax is overly sensitive, case sensitive etc. So to save you the time here is my installation script line to install with all options pointing to my new installation of JRE:
tomcat6.exe //IS//Tomcat6 --Install="c:\tomcat\bin\tomcat6.exe" --StartClass=org.apache.catalina.startup.Bootstrap --StopClass=org.apache.catalina.startup.Bootstrap --StartParams=start --StopParams=stop --JvmOptions "-Dcatalina.home=c:\tomcat;-Dcatalina.base=c:\tomcat;-Djava.endorsed.dirs=c:\tomcat\common\endorsed;-Djava.io.tmpdir=c:\tomcat\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=c:\tomcat\conf\logging.properties;" --Jvm="C:\Program Files\Java\jre1.6.0_07\bin\client\jvm.dll" --JavaHome="C:\Program Files\Java\jre1.6.0_07" --Classpath="c:\tomcat\bin\bootstrap.jar" --LogPath=c:\tomcat\logs --StdError=auto --StdOutput=auto --StartPath=c:\tomcat --StopPath=c:\tomcat --StartMode=jvm --StopMode=jvm
At this point I found that tomcat would fail to start
C:\tomcat\bin>net start tomcat6
The Tomcat6 service is starting.
The Tomcat6 service could not be started.
A service specific error occurred: 0.
More help is available by typing NET HELPMSG 3547.
C:\tomcat\bin>C:\tomcat\bin>tomcat6 //TS//Tomcat6
C:\tomcat\bin>
hmmm nothing... looking in tomcat\logs folder the "jakarta_service.log" file seemed to be the latest timestamp, opening that in notepad and its full of this:
2008-09-16 12:39:50] [info] Procrun (2.0.3.0) started
[2008-09-16 12:39:50] [info] Debugging Service...
[2008-09-16 12:39:50] [info] Starting service...
[2008-09-16 12:39:50] [174 javajni.c] [error] The specified module could not be found.
[2008-09-16 12:39:50] [986 prunsrv.c] [error] Failed creating java C:\Program Files\Java\jre1.6.0_07\bin\client\jvm.dll
[2008-09-16 12:39:50] [1260 prunsrv.c] [error] ServiceStart returned 1
[2008-09-16 12:39:50] [info] Debug service finished.
[2008-09-16 12:39:50] [info] Procrun finished.
which appears to be a problem finding an api to connect to, but the error is pretty vague as to what its actually trying to do..
GROAN - this is the FIRST time i have to logon to the server via RDP/Console.. remember everything else so far has been via a remote winrs console...
Log On... Fire up sysinternals Process Monitor (thank you Mr Russinovich) to see what this tomcat process is trying to talk to (after some thought, I reckon I could probably spawn this remotely with a backing file to disk and load that on another machine... but too much stuffing around..). After attaching to the tomcat process, aha - there it is:
When the tomcat process fires up it pokes around the OS looking for MSVCR71.dll - which is the a bunch of C libraries generally shipped with the Microsoft C runtime library. So all I needed to do is find that file and put it in path - hang- on.. I remembered back to my Java development days in University - pretty sure that the JRE ships with the libraries in tow... ah... looking into the JRE\bin directory of my Java Runtime Environment install, there it is, I'll copy that to my tomcat\bin folder and try again.
Ok - lets log off that server real quick - and back to our remote shell.
So I kicked off starting tomcat from the command line again.. success!
You'll see its started with the default of http listening on port 8080 - so browsing to this (hoping no random proxy in the way) - Yee ha!
Awesome, now I just have to CTRL-BREAK out of that and start the service:
C:\tomcat\bin>net start tomcat6
The Tomcat6 service is starting.
The Tomcat6 service was started successfully.
And test again - also a Screen shot to prove it:
But this is only the first step - Now I need to serve Tomcat through IIS7.
Setting up the IIS ISAPI Redirector
Download the IIS Tomcat connector - http://tomcat.apache.org/download-connectors.cgi
The connector acts as a broker between IIS and Tomcat and as far as IIS is concerned just an ISAPI filter.
For this example I've grabbed isapi_redirect-1.2.26.dll - and renamed it to isapi_redirect.dll just to make it easy.
Now this is where your configuration choice can get interesting. Depending on how you're supporting tomcat you have the choice of using the registry for storing configuration information for the ISAPI filter OR using a file. This of course depends on how you intend to host it as well. If you intend host this in a multi-tenant environment with several java sites on the same server and possibly different customers as well I would recommend using a file based approach as you can set a configuration file per site. If you are just looking after one site on the server, registry configuration is fine. One thing to remember though, is when you need to replicate the configuration to another server then you will have to make sure the registry entries follow the site.
For the purposes of this example, I'm going to attempt a multi-tenant configuration to allow the most flexibility, plus prevents me from having to play in the registry. When you need to create another site on the same server, create a new folder for the site under tomcat\conf and tomcat\logs and simply follow these steps for each new site :) (or script it)
1. Create a folder under the website root called jakarta
2. Copy the isapi_redirect.dll into the jakarta folder.
3. Create a file in the jakarta folder called isapi_redirect.properties (note that the name before the extension MUST match the dll filename)
4. Edit the isapi_redirect.properties file in notepad (server core IDE) - paste in the following:
# Configuration file for the Jakarta ISAPI Redirector
# The path to the ISAPI Redirector Extension, relative to the website
# This must be in a virtual directory with execute privileges
extension_uri=/jakarta/isapi_redirect.dll
# Full path to the log file for the ISAPI Redirector
log_file=c:\tomcat\logs\mytomcat\isapi_redirect.log
# Log level (debug, info, warn, error or trace)
log_level=INFO
# Full path to the workers.properties file
worker_file=c:\tomcat\conf\mytomcat\workers.properties
# Full path to the uriworkermap.properties file
worker_mount_file=c:\tomcat\conf\mytomcat\uriworkermap.properties
5. You can see that the log_file directive is going to a folder that doesn't exist so we need to create the folder tomcat\logs\mytomcat\ - and also the configuration folder tomcat\conf\mytomcat\ - by creating a separate folder for each site you allow the separation of site logging and configuration.
6. Now we need to create the workers.properties and uriworkermap.properties files under the tomcat\conf\tomcatsite1\ folder. Create the worker.properties file first - This controls the configuration of tomcat worker processes allows control of resources to the site - something best left to the server administrators (more info on tomcat workers) - lets create the file notepad.exe tomcat\conf\mytomcat\workers.properties - and populate with the following:
# list of workers
worker.list=mytomcat,ajp13
worker.mytomcat.type=ajp13
worker.ajp13.type=ajp13
# worker mytomcat
worker.mytomcat.host=localhost
worker.mytomcat.port=8009
worker.mytomcat.lbfactor=1
# worker ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
worker.ajp13.lbfactor=1
# time out
worker.mytomcat.connection_pool_timeout=600
worker.mytomcat.socket_timeout=60
You can see here we are trying to make sure we keep the naming specific to the site. Save the worker.properties file, then create the uriworkermap.properties file - notepad.exe tomcat\conf\mytomcat\uriworkermap.properties - this is where we map the request to the tomcat worker process. There is a whole level of URI re-mapping you can do here, but for the moment we are just going to take everything that comes to the site is fed to tomcat - just make sure we match up with the worker specified in the workers.properties file.
# Use www.foo.org as virtual host
# /www.foo.org/myapp/*=myworker
# Normal mapping
/mytomcat.com/*=mytomcat
/mytomcat.com/=mytomcat
Save that file.
7. The last bit of hacking around in tomcat is that we need to tell it that we've setup a site for it to to be aware of. To kick this I opened the file tomcat\conf\server.xml in notepad.
Between the <Service> xml tags another <Engine> tag that describes our site needs to put into place - this is the syntax I entered:
<Engine name="Catalina" defaultHost="mytomcat.com">
<Host name="mytomcat.com" appBase="c:\inetpub\mytomcat" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="c:\tomcat\logs\mytomcat" prefix="mytomcat_access_log." suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
</Engine>
( Note the Valves in place to dump engine logs - http access etc )
You will need to restart the tomcat service to pick up these changes - if any weirdness happens just run the service from the console to pick up any issues.
8. Now we need to tell IIS that we're using an ISAPI filter to serve the content - we just need to add the ISAPI filter via APPCMD. First allow the ISAPI filter into the CGI/ISAPI restriction policy - then we unlock the handlers config in applicationhost.config then actually add the ISAPI filter.
appcmd.exe set config -section:system.webServer/security/isapiCgiRestriction
/+"[path='c:\inetpub\mytomcat\jakarta\isapi_redirect.dll',allowed='True',description='tomcat']" /commit:apphost
c:\windows\system32\inetsrv\appcmd.exe unlock config /section:system.webserver/handlers
Unlocked section "system.webServer/handlers" at configuration path "MACHINE/WEBROOT/APPHOST".
c:\windows\system32\inetsrv\appcmd.exe set config "mytomcat.com"
-section:system.webServer/handlers
/+"[name='tomcat',path='*',verb='*',
scriptProcessor='c:\inetpub\mytomcat\jakarta\isapi_redirect.dll']"
Applied configuration changes to section "system.webServer/handlers" for "MACHIN
E/WEBROOT/APPHOST/mytomcat.com" at configuration commit path "MACHINE/WEBROOT/APPHOST/mytomcat.com"
9. One thing I almost forgot is that we need make sure that the context our site is running on has the ability to read the tomcat configuration and files. Because our application pool runs as the built in account - "Network Service" I have to ensure it can read and write in the appropriate locations around tomcat. Now I'm being a little lazy here - if I really wanted to lock it down I would create a user account, remove it from all groups and then sit with Process Monitor and find the exact settings required. But this is enough to get me over the hump. Allowing read to all of tomcat, and allowing write to tomcat\logs
cacls c:\tomcat /T /E /C /G "NETWORK SERVICE":R
cacls c:\tomcat\logs /T /E /C /G "NETWORK SERVICE":C
10. Finally we need to drop some content to serve, I'm just going to drop in the examples that ship with the default tomcat build, normally found in the tomcat\webapps\examples folder. I've just copied all the files into the root of my site and now lets browse to my site http://mytomcat.com/servlets/servlet/HelloWorldExample (local demo site) ... and:
Its working - HOORAY!
Just to verify, looking at my IIS logs you can see the requests coming through to the server:
008-09-17 00:50:32 192.168.0.2 GET /servlets/servlet/HelloWorldExample - 80 - 127.0.0.1 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-GB;+rv:1.9)+Gecko/2008052906+Firefox/3.0+(.NET+CLR+3.5.30729) JSESSIONID=A86ABA6C645C8FC922551765899D09A0 - mytomcat.com 200 0 0 511 513 194
2008-09-17 00:50:32 192.168.0.2 GET /servlets/images/code.gif - 80 - 127.0.0.1 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-GB;+rv:1.9)+Gecko/2008052906+Firefox/3.0+(.NET+CLR+3.5.30729) JSESSIONID=A86ABA6C645C8FC922551765899D09A0 http://mytomcat.com/servlets/servlet/HelloWorldExample mytomcat.com 200 0 0 519 538 17
2008-09-17 00:50:32 192.168.0.2 GET /servlets/images/return.gif - 80 - 127.0.0.1 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-GB;+rv:1.9)+Gecko/2008052906+Firefox/3.0+(.NET+CLR+3.5.30729) JSESSIONID=A86ABA6C645C8FC922551765899D09A0 http://mytomcat.com/servlets/servlet/HelloWorldExample mytomcat.com 200 0 0 1460 540 21
The request loads through the ISAPI filters, so looking at the tomcat access logs:
127.0.0.1 - - [17/Sep/2008:10:44:33 +1000] "GET /servlets/servlet/HelloWorldExample HTTP/1.1" 200 359
127.0.0.1 - - [17/Sep/2008:10:44:38 +1000] "GET /servlets/servlet/HelloWorldExample HTTP/1.1" 200 359
127.0.0.1 - - [17/Sep/2008:10:44:55 +1000] "GET /servlets/servlet/HelloWorldExample HTTP/1.1" 200 359
127.0.0.1 - - [17/Sep/2008:10:45:12 +1000] "GET /servlets/servlet/HelloWorldExample HTTP/1.1" 200 359
127.0.0.1 - - [17/Sep/2008:10:45:57 +1000] "GET /servlets/servlet/HelloWorldExample HTTP/1.1" 200 359
Further Security Lock Downs
One very important you should to for your site is to ensure that the jakarta folder is blocked from http reading, i.e. just being able to browse to it - this can be controlled by the request filtering feature that is built into IIS7. To protect the folder, very simply appcmd directive:
appcmd.exe set config "mytomcat.com/jakarta" -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='jakarta']"
Then remember to rollback the WinRM configuration when going into production:
WinRM set winrm/config/service/auth @{Basic="false"}
EPIC DONE!
And we are done - so this is my no means an exhaustive configuration guide - merely a glimpse of how you can configure some competitive technologies with Windows Server 2008 Core and IIS7.
- jorke
p.s. (Fineprint) this whole post is totally without warranty, if you try this and it works or doesn't work its not my fault. If you girlfriend/wife/cat leaves you because of this - believe me it wasn't this - you have something else to worry about..
- Configuring NFS on Windows Server 2008 core
-
Hasn't really changed since 2003 R2, but its all over the command line. From the start:
Installation of the NFS components:
start /w ocsetup ServerForNFS-Base
Make a directory to store your content and ACL it appropriately for NFS - I don't recommend this as best practice, but I'm assuming we're in safe environment, i.e. a management / storage network. Oh and wack a file in to test with:
mkdir content
echo hello! > hello.txt
cacls content /t /e /g:"anonymous logon":C
cacls content /t /e /g:everyone:C
Now I just need to start the NFS server
nfsadmin server localhost start
Then just create the NFS share - I'm using the anonymous userid and groupid to 0 which is the root user and group:
nfsshare nfscontent=c:\content -o root rw anon=yes anonuid=0 anongid=0
And then over to our *nix machine to mount the share, first I'll just make sure I can see them, then mount and test to read the file.
[root@localhost /]# showmount -e servercore
Export list for servercore:
/nfscontent (everyone)
[root@localhost /]# mount -t nfs servercore:/nfscontent /mnt/content
[root@localhost /]# cat /mnt/content/hello.txt
Hello!
[root@localhost /]#
easy!
-jorke
- Partial Trust MVC, LINQ and OLE/ODBC Providers
-
So if you're a hosting provider or even just developer, you'll be running your applications in Medium trust when on the Internet, right? suuurree... Well you really should..
Anyway a couple people have noticed some issues running LINQ in their hosted environments under the "Medium" trust level. If this is your issue, then you'll need to update your trust config file with with the following (remembering to install asp.net 3.5 first..) :
In the SecurityClasses element, make sure it's set to the following:
<SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
Then dig about for the "ASP.net" PermissionSet element and set the following:
<IPermission class="ReflectionPermission" version="1" Flags="RestrictedMemberAccess" />
A few people also have asked about getting OLE/ODBC providers for the likes of MS Access to work, weelllll this has been around since ASP.NET 2.0 was released - and basically the same story as above:
Set the SecurityClass element:
<SecurityClass Name="OleDbPermission" Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
and set the IPermission in the PermissionSet
<IPermission class="OleDbPermission" version="1" Unrestricted="true"/>
That should fix the LINQ and OLE/ODBC issue. All I can say for MVC, at this stage its still waiting a couple of updates to allow partial trust. Keep an eye out on Scottgu blog and you should see something soon.
-jorke
