Ubuntu: How can I install Railo and Apache on Ubuntu and have it pass a basic Authentication username to Railo?


I'm trying to move from using Adobe ColdFusion to using Railo. The Application I'm trying to migrate relies on having the webserver check basic authentication, but then needs to know the authenticated user's username using the #REMOTE_USER# variable.

I tried doing a dump of the cgi scope and it just seems like the variable is not getting set. I've been chipping away at getting this going for about a week new and am stuck.


So, I finally figured it out. Like it said, it took me at least a week to get this. So, I'm sharing my notes on how to set up a fresh machine for this, so no one else has to spend as much time as I did figuring this out. The key thing seems to be that you want to proxy to railo using the AJP protocol instead of HTTP and you want to tell tomcat that it doesn't need to do authentication (which will let it pass the variable through untouched).

Let's get started:

apt-get install apache2 mysql-server apache2-utils  a2enmod proxy_ajp  service apache2 restart  


Install Railo:

Download the standard installer 64 bit version listed on the page at http://www.getrailo.org/index.cfm/download/.

Make it executable:

chmod +x <file_you_just_downloaded>  

Run it:


Pick all the defaults.


Ok, now edit the config files like this:

=== modified file '/etc/apache2/apache2.conf'  --- /etc/apache2/apache2.conf 2014-10-10 00:22:11 +0000  +++ /etc/apache2/apache2.conf 2014-10-10 00:27:48 +0000  @@ -223,18 +223,24 @@  <IfModule mod_proxy.c>  <Proxy *>  Allow from  +  + AuthType Basic  + AuthName "Employee Login"  + AuthBasicProvider file  + AuthUserFile /etc/apache2/.htpasswd  + Require valid-user  </Proxy>  ProxyPreserveHost On  - ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$$1$2  - ProxyPassMatch ^/(.+\.cfchart)(/.*)?$$1$2  - ProxyPassMatch ^/(.+\.cfml)(/.*)?$$1$2  + ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://$1$2  + ProxyPassMatch ^/(.+\.cfchart)(/.*)?$ ajp://$1$2  + ProxyPassMatch ^/(.+\.cfml)(/.*)?$ ajp://$1$2  # optional mappings  #ProxyPassMatch ^/flex2gateway/(.*)$$1  #ProxyPassMatch ^/messagebroker/(.*)$$1  #ProxyPassMatch ^/flashservices/gateway(.*)$$1  #ProxyPassMatch ^/openamf/gateway/(.*)$$1  #ProxyPassMatch ^/rest/(.*)$$1  - ProxyPassReverse /  + ProxyPassReverse / ajp://  </IfModule>        === modified file '/etc/apache2/sites-available/000-default.conf'  --- /etc/apache2/sites-available/000-default.conf 2014-10-10 00:12:20 +0000  +++ /etc/apache2/sites-available/000-default.conf 2014-10-10 00:31:59 +0000  @@ -26,6 +26,13 @@  # following line enables the CGI configuration for this host only  # after it has been globally disabled with "a2disconf".  #Include conf-available/serve-cgi-bin.conf  + <Directory /var/www/html>  + AuthType Basic  + AuthName "Employee Login"  + AuthBasicProvider file  + AuthUserFile /etc/apache2/.htpasswd  + Require valid-user  + </Directory>  </VirtualHost>  

Using the htpasswd program, create a .htpasswd file in /etc/apache2 If you want some sites to be authenticated and some not, you can put the proxy section inside the virtual hosts definition and tweak as necessary per virtual host.

Edit /opt/railo/tomcat/config/server.xml

=== modified file '/opt/railo/tomcat/config/server.xml'  --- /opt/railo/tomcat/config/server.xml 2014-10-10 00:34:48 +0000  +++ /opt/railo/tomcat/config/server.xml 2014-10-10 00:36:33 +0000  @@ -89,7 +89,7 @@  -->    <!-- Define an AJP 1.3 Connector on port 8009 -->  - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />  + <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" />  + <Connector port="8010" protocol="AJP/1.3" tomcatAuthentication="false" secure="true" scheme="https"/>    <!-- An Engine represents the entry point (within Catalina) that processes -->  

Restart Railo/Tomcat:

/opt/railo/railo_ctl restart  

Now, Railo should put the basic auth username in cgi.remote_user. I thought I might have to try putting something that copies that to #REMOTE_USER# in localconfig/application.cfm. But that already seems to be the same thing. The second AJP connector on port 8010 is for you to proxy to from SSL enabled virtual hosts in Apache. So if you have a SSL enabled virtual host, proxy to port 8010 instead of 8009. That way, Railo will set variables that lets the ColdFusion it's running know it's using SSL.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »