Internet Explorer strikes again, sometimes. In Chrome, Firefox and Safari the problem doesn’t present. On a couple of webservers in a cluster we recently noticed the following type of error being returned randomly on images, CSS and JavaScript files when calling the page via SSL.

GET ERROR_INTERNET_SECURITY_CHANNEL_ERROR image/gif https://www.domain.com/path/to/image.gif


Now the majority of our SSL certificates for the site in question are server out via a SSL accelerator on our Cisco LBAL’s but this site wasn’t. It was still using a cert on the local box. Having dug deeper I noticed that a couple of the servers had the following lines of code in whereas all the others didn’t. Due to the load balancing that solves the randomness side of it.

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

Something in those lines of code causes the issues, I’m stabbing in the dark that it’s the session cache as none of the others would seem to be causing the problem. I’ve not tried line by line to find the offender.

Hopefully that will help someone out as I found lots of results in Google but not many solutions!

I’ve finally got resin, railo and caucho playing together in a nice, no longer ripping each other’s hair, out kind of way. I have to say my biggest comment (and probably one of the more tricky things to do) is that for Railo to become a big player in trying to take away Adobe’s CF user base installers are going to be essential. That said railo does seem quicker on processing CFML (need to do more tests to verify that).

I’ve got apache 2.2.3 running on CentOS 5.3. I have railo 3.1.0.015 (not updated to 016 yet) and caucho.

My resin.conf has this addition (multiple times for the different domains):

<host id="www.domain.co.uk" root-directory="/home/domain/public_html">
<host-name>www.domain.co.uk</host-name>
<host-alias>domain.co.uk</host-alias>
<web-app id="/" document-directory="."/>
</host>

The apache virtual hosts are just normal vhosts. No extras.

My caucho.conf (in /etc/httpd/conf.d) looks like this:

LoadModule caucho_module /usr/lib64/httpd/modules/mod_caucho.so
ResinConfigServer localhost 6800
CauchoConfigCacheDirectory /tmp
CauchoStatus yes
<Location /caucho-status>
SetHandler caucho-status
</Location>

Hopefully that might help someone out. I’m going to try and do a from scratch CentOS build guide for The Rackspace Cloud sometime next week. I’ve started migrating some sites over to the cloud server and so far not hit any issues.

Been playing with Rails 2.3.2.1 and Passenger 2.1.2 but had some problems upgrading from the two respective earlier versions. The key was in the fact I probably didn’t RTFM. Following the guides.rubyonrails.org I’d got as far as section 4, changing the default index but whenever I did this or tried to view the controller directly on my Mac (10.5.6) it just 500 errored. The key was something that a friend (@neilmiddleton) alluded to was that the app was running in production mode. There was no errors in the log files also aiding the diagnosis.

Solution? Pretty simple, just add an environment variable.

ServerName rortest.local
DocumentRoot "/Users/ian/Sites/rortest/public"
RailsEnv development

Now I’ve got to try and write something useful rather than hello world or a blog post/view page.

To save bandwidth on one off the servers I look after I decided to implement mod_gzip.

The server in questions is running RedHat ES3, apache 1.3.37, Coldfusion 7.0.2 and has the cPanel/WHM control panel.

First off was to get mod_gzip compiled, now this can be done manually, download a pre compiled one or in my case just go into WHM and rebuild apache with the mod_gzip box checked. The version it puts in is 1.3.26.1a.

As I’d already got Coldfusion running on this webserver the resulting httpd.conf file it creates became invalid so I had to move a few things about. To cut to the chase the order in which modules load is crucial with Coldfusion due to the was the mod_gzip and mod_jrun modules work intercepting requests. The following is my httpd.conf (abbriviated) with the relevant sections.

LoadModule ...
--snip--
LoadModule jrun_module /usr/local/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun.so
<IfModule mod_jrun.c>
JRunConfig Verbose false
JRunConfig Apialloc false
JRunConfig Ssl false
JRunConfig Ignoresuffixmap false
JRunConfig Serverstore /usr/local/coldfusionmx7/runtime/lib/wsconfig/1/jrunserver.store
JRunConfig Bootstrap 127.0.0.1:51011
#JRunConfig Errorurl <optionally redirect to this URL on errors>
#JRunConfig ProxyRetryInterval 600
#JRunConfig ConnectTimeout 15
#JRunConfig RecvTimeout 300
#JRunConfig SendTimeout 15
AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr .cfswf
</IfModule>
LoadModule gzip_module libexec/mod_gzip.so
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_can_negotiate Yes
mod_gzip_static_suffix .gz
AddEncoding gzip .gz
mod_gzip_update_static No
mod_gzip_command_version '/mod_gzip_status'
mod_gzip_temp_dir /tmp
mod_gzip_keep_workfiles No
mod_gzip_minimum_file_size 500
mod_gzip_maximum_file_size 500000
mod_gzip_maximum_inmem_size 60000
mod_gzip_min_http 1000
mod_gzip_handle_methods GET POST
mod_gzip_item_exclude file .js$
mod_gzip_item_exclude file .css$
mod_gzip_item_exclude file .swf$
mod_gzip_item_exclude mime ^image/
mod_gzip_item_include file .php$
mod_gzip_item_include file .cfm$
mod_gzip_item_include file .jsp$
mod_gzip_item_exclude file .pdf$
mod_gzip_item_include file .fic$
mod_gzip_item_include file .html$
mod_gzip_item_include file .htm$
mod_gzip_item_include mime ^text/html
mod_gzip_item_include mime ^text/plain
mod_gzip_item_include mime ^text/xml
#mod_gzip_item_include mime ^application/force_download$
#mod_gzip_item_include mime ^application/pdf$
mod_gzip_item_include handler type-coldfusion
mod_gzip_item_include handler jrun-handler
mod_gzip_dechunk Yes
#then the logging directives
LogFormat "%h %l %u %t "%V %r" %<s %b mod_gzip: %{mod_gzip_result}n In:%{mo
d_gzip_input_size}n -< Out:%{mod_gzip_output_size}n = %{mod_gzip_compression_rat
io}n pct." common_with_mod_gzip_info2
CustomLog "logs/mod_gzip.log" common_with_mod_gzip_info2
mod_gzip_add_header_count Yes
mod_gzip_send_vary On
</IfModule>
AddType type-coldfusion .fic
--snip--
ClearModuleList
AddModule ...
--snip--
AddModule mod_jrun.c
AddModule mod_gzip.c

In my test case I had a page show as 18224 bytes originally which compressed down to 3956 bytes a saving of 14268 bytes or 79%! To test the compression I was using the port80software.com compression check. You can also see this site’s report.

More Information (stuff I read):

• owensperformance.com – cheers Irvin!
• mod_gzip on sourceforge
• How to install mod_gzip