Friday, August 30, 2019

Working with FTP with TLS/SSL on ColdFusion

It appears that cfftp does not support connecting to a server using FTP with TLS/SSL, their secure connection only works if the server is setup as SFTP. So in order to hopefully help others, below is some example code of how you can do this easily on ColdFusion using Java's FTPSClient Class.

Tuesday, March 05, 2019

My ColdFusion 2016 to ColdFusion 2018 Upgrade

Well yesterday I finally decided to upgrade my production server from ColdFusion 2016 to ColdFusion 2018. I know I am a bit behind on this and those who know me, know I would have done this sooner, but honestly it has been hard to make the time. Anyways, I finally did it last night and this post is more about my experience and to give kudos for making this upgrade so pleasant.

MY SETUP

I know that not everyone's experience might be the same due to their setup / environment so to give some insight, this is how my production server was setup with ColdFusion 2016.
  • Windows Server 2016 - IIS 10
  • ColdFusion 2016 Enterprise w/ 2 instances
  • WebSockets via Proxy ( OF COURSE !!!! )
  • 2016 Auto Lock Down ( The Manual Process ... more on this later )
  • Fusion Reactor

UPGRADE STEPS

Now before I began, I did advise all my clients about the upgrade downtime and the possible bugs we might encounter after the update. Now on to my steps of how I executed this upgrade.
  1. Placed all sites on maintenance
  2. Removed all Connectors ( IIS and WebSockets )
  3. Stopped ColdFusion 2016 instances
  4. Removed instances from Fusion Reactor
  5. Installed ColdFusion 2018 and allowed it import the main instance settings.
    • Started 2018 and confirmed all settings
    • Downloaded and installed the latest update
    • After update shut down ColdFusion 2018
      The reason for this is that I wanted to use the same admin ports as 2016 was using, which is why I never had both on at the same time.
  6. Added 1st instance to Fusion Reactor
  7. Started both ColdFusion 2016 instances
    • Logged into 2nd instance and created an archive of the settings to import to new 2018 instance. I also went ahead and created an archive of the 1st instance's settings ( just in case )
    • Logged into 1st instance and removed 2nd instance ( handles windows service removal )
    • Shut down ColdFusion 2016
  8. Uninstalled ColdFusion 2016 ( bye bye old version )
  9. Started ColdFusion 2018
    • Created 2nd instance and started it
      * 1st hiccup here noted later
    • Imported settings archive to 2nd instance
    • Reviewed both instances and made sure datasources connections and mail settings worked
    • Added 2nd instance to Fusion Reactor
  10. Added all connectors ( IIS and WebSockets )
    * 2nd hiccup here noted later
  11. Ran Adobe's Server Auto Lockdown on both instances.
    OMG, talk about time saver!!!!!
  12. Removed sites from maintenance mode
  13. Tested all sites
  14. Upgrade Complete!!!!
I know that seems like a lot of steps but each one executed flawlessly and the only 2 problems I ran into where simple to fix. One of them was purely my fault due to my steps.

ISSUES ENCOUNTERED

  1. Second instance of ColdFusion 2018 would not start.
    To troubleshoot this I attempted to start the instance via the command prompt using the console output command and saw that it would not start due to the Fusion Reactor Instance settings in the jvm.config file which was copied over from the first instance. I removed the settings and the instance started up without an issue. This of course would have not happened if I would have added the instances to Fusion Reactor after installing the second instances.
  2. cfws Virtual Application created by the wsconfigproxy tool set the Application Pool to Default instead of the Application Pool of the site.
    This is one of those gotcha's that I have mentioned in my WebSockets presentation and although I had stated that in 2018 it no longer happens it appears it did, so always good to check.

ERRORS ENCOUNTERED

In regard to errors, the only one I ran into is actually embarrassing and a reminder of sometimes looking at old code hurts but it humbles us. A reminder that we all started the same and that we can all make simple mistakes.

It appears that in some places, yours truly did not add a proper space between a date and a time entry when executing createODBCDate and / or createODBCDateTime. Yup, sounds silly and some might complain that it should not error out because it worked before but hey when it is your fault own it and accept a stricter and better language.

In case you are wondering how I track errors....

I use to always send myself an email containing a dump of the error so I can debug. Then Google did this little thing where the CSS for the dump was stripped and it looked like crap ( yes it affected me ). I always wanted a better way of having a record of errors outside of my email box, and Google's change inspired me to think about creating my own solution but then I learned about Sentry. Sentry is great and they have a free version of their service which is very generous ( it is what I use ). If you do not have anything in place I recommend using it or giving a try. I have a CFC to integrate with on my GitHub which you can see and download @ https://github.com/GiancarloGomez/sentry-cfml.

SERVER LOCK DOWN AND PERFORMANCE MONITOR TOOLSET

I have to say that running the Server Auto Lock Down was the best experience overall. I had to run it twice due to having 2 instances and they each took a few minutes to run but it saved me HOURS!!!! Can I say that again ... "HOURS!!!!" They both executed without any errors!!!!

I also installed the Performance Monitor Toolset so I can play with and hopefully work with the Adobe team to see if we can get it to view and debug WebSockets connections and communications. If this does occur, you can expect it in my next WebSockets presentation.

CLOSING NOTES

Like stated before, this post was to outline my process and give kudos. Most of my steps where pretty straight forward to any upgrade I have done before but the Auto Lockdown Tool takes the cake!!!!

With that being said, I would like to give ...
KUDOS and a big THANK YOU to
Adobe's ColdFusion Team and Pete Freitag!!!!
We all know Pete is the main reason we have a Lock Down Guide and now this wonderful tool plus all the other things he already provides for the community.