Alternate location for WEB-INF folder

Michael_Sprague1 · June 7, 2017, 7:01pm

Does anyone know if it is possible to specify a different location for the WEB-INF folder in a Windows (IIS) install of Lucee 5 (Tomcat 8)?

For example, have the web root be c:\inetpub\wwwroot\mysite but have the WEB-INF folder reside at c:\contexts\mysite\WEB-INF.

Lucee seems to automatically create the WEB-INF folder and place it in the web site’s root folder.

pfreitag · June 7, 2017, 7:17pm

Yes it is possible, if you configure the root tomcat web.xml file and specify the init param lucee-web-directory you can specify the path.

See example:

github.com

foundeo/ubuntu-nginx-lucee/blob/master/etc/tomcat8/web.xml#L54-L71


      
          <init-param>
            <param-name>lucee-server-directory</param-name>
            <param-value>/opt/lucee/config/server/</param-value>
            <description>Lucee Server configuration directory (for Server-wide configurations, settings, and libraries)</description>
          </init-param>
          
          
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
          <!-- to specify the location of the Web Contexts' config and libraries,  -->
          <!-- uncomment the init-param below.  make sure that the param-value     -->
          <!-- points to a valid folder, and that the process that runs Lucee has  -->
          <!-- write permissions to that folder.  the {web-context-label} can be   -->
          <!-- set in Lucee Server Admin homepage.  leave commented for defaults.  -->
          
          
<init-param>
            <param-name>lucee-web-directory</param-name>
            <param-value>/opt/lucee/config/web/{web-context-label}/</param-value>
            <description>Lucee Web Directory (for Website-specific configurations, settings, and libraries)</description>
          </init-param>

Pete Freitag
Foundeo Inc.

Michael_Sprague1 · June 7, 2017, 7:57pm

Thanks Pete. That almost gets me there. However, that changes the path for all contexts on that server. I was only looking the change the path for one context.

pfreitag · June 14, 2017, 2:12pm

Hi Mike - Correct that setting would apply to all site/contexts - I’m not aware of a way to do it for just one context, not to say it isn’t possible.

dawesi · August 5, 2021, 12:43am

my question is why does it matter? is it a grumpy sysadmin?

could always try a virtual directory called web-inf and map it to other path and see if that works… #nastyworkarounds

Still would like to know why?

Zackster · August 5, 2021, 8:44am

why is it recommended?

because keep absolutely everything which doesn’t need to be under the webroot, out of the webroot reduces the potential attack surface

LionelHolt · July 2, 2022, 4:36am

In fact, why is the lucee-web-directory param in /opt/lucee/tomcat/conf/web.xml commented out by default? Seems like the extra security of WEB-INF being outside each web root would be the best setup with each new installation.

andreas · July 2, 2022, 6:24am

I know this is a whish of other Lucee core devs too. The main problem is, that if you just uncomment that line, the Lucee installation willl not run and will throw 500 errors, because then the low privileged user running Tomcat won’t have permissions to create/write that web-inf folder. That means: The installer (also) would need creating that directory, give the user running Tomcat writing privileges to it. Another point is, that this directory entry needs to be created dynamically depending on the OS somewhere. I think, the best place would be Tomcats users home directory (or maybe somewhere else, depending on the OS administrators preference). You may need to create a new dialogue at the installer, prefilling the users home directory in that manner that the OS administrator would know or change that directory location. If you want to see the insallers code, it’s open source as a Lucee github repository.

LionelHolt · July 6, 2022, 1:47am

@Zackster has a great update here:

“With Lucee 6, we’re going to move the WEB-INF folder out of the web root.”