Recently installed Lucee on Blueonyx 5209 (Centos 7) connected to apache and all was fine. One day about a week later cfm pages started being rendered as text (showing cfm code) and lucee admin was returning 404. After some investigation I discovered lucee was up and running on port 8888. Not through Apache on 80.
What’s going on? This is a major bug and security issue.
That was one of the things I checked. I do have a conf.bak but I think it was created when lucee was installed as it does NOT contain mod_proxy.c or load mod_cfml.so
here is what’s in that section of my current httpd.conf
Include conf.modules.d/*.conf
Include /etc/httpd/conf/vhosts/site1
Include /etc/httpd/conf/vhosts/site2
Include /etc/httpd/conf/vhosts/site3
Include /etc/httpd/conf/vhosts/preview
I’m running lucee as tomcat, could that be the problem? otherwise, group is tomcat and selinux is disabled.
I always ran ColdFusion as nobody without any problems. Tried that with lucee and this issue was why I switched to tomcat… however, after a week of running fine - same issue.
Adobe ColdFusion is a bit more forgiving when it comes to configuration errors.
If you are running Lucee or Coldfusion via Apache, then the user and group running Lucee or Coldfusion must have read and execute permissions to the directories in question.
If you are running Lucee as a WAR, then the permissions would just be with Tomcat and the directories it is installed.
for testing, restart lucee as root and see if that clears up the issue.
It does not. When I try to view the lucee admin on port 80 I get this error:
The requested URL /lucee/admin/server.cfm was not found on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
I’ve never heard of a Blueonyx 5209, but this might be an Apache “order of execution” problem. Your proxy config is correct, but it sounds like Apache is simply ignoring that config and instead using the default request handler which is to display files as plain text. Perhaps an auto-update ran or something like that which borked your previously working config.
One thing you could try is to take the proxy config and add it directly to the virtual host config for your sites. This will hopefully move your proxy config “higher up the chain” so that it might get executed before the default handler picks it up. Do you have anything surrounding your proxy config? Like an <IfModule> or something like that? That might also be preventing it from being used.
There might also be something in the apache error logs that could point you in the right direction. Worth a look anyway.
Whatever the reason, Apache is the problem in that your proxy config is being ignored, so that’s what needs to be addressed. You and Terry were on the absolute right track there, just needs more digging.
Still trying to solve this problem. Nothing in pache error logs, there is this error in the lucce exceptions.log:
“ERROR”,“http-nio-8888-exec-8”,“08/05/2017”,“21:30:02”,“”,";class redefinition failed: attempted to change superclass or interfaces;lucee.runtime.exp.NativeException: class redefinition failed: attempted to change superclass or interfaces
apache is running as apache.
I’ve tried both ‘nobody’ and ‘tomcat’ for lucee. nobody worked for about a week. tomcat for almost a month. Both stopped serving on 80 for no apparent reason (why is what I’m trying to figure out) My apache conf never changed. I seriously doubt it is an apache issue.
So, I re-read this thread and I’m not sure where I got the notion earlier that Apache was returning content in plain text. I am sorry for my misdiagnosis there.
If that’s not it, then I’m on board with what Terry was eluding to earlier, that this is a permission issue with the Tomcat user. The user that you’re running Tomcat as needs read access to your CFM templates, and write access to the “WEB-INF” directory.
After assigning permissions, you can ‘su’ to a user account (assuming it has a shell) and see if I can navigate to the web site directory as that user in order to be sure that user can read and access those files. System users don’t typically have shells though, so it’d be a good idea to remove the shell once you’re done testing it for security reasons.
Thanks for the reply. If I hit the pages on port 8888 they display fine and CF works as it should. If it was a permissions problem wouldn’t it not work on any port?
It may well be permissions related in that tomcat isn’t serving through apache… for some reason tomcat can’t use the mod_proxy and I don’t know enough about tomcat to even know where to look. The error I posted above shows up in both the lucee application and error logs. Also lucee cAny help on what it means is much appreciated.
Yep. If you can hit it on port 8888 and have everything working as it should than it’s not an issue with Tomcat. Good call.
mod_proxy actually has nothing at all to do with Tomcat directly. It just means Apache will pull the site through port 8888 in the same way your browser does when you hit port 8888 directly. (See how your mod_proxy config points to port 8888 too?) If it’s the mod_proxy part that’s not working, then you know the problem is with Apache.
I checked up on the BlueOnyx thing, and it looks like a hosting control panel of sorts. I’m surprised I’ve not heard of it until now. (http://www.blueonyx.it/) I’ve worked with several control-panels in my time, and many of them require specific kinds of configurations in order for custom configs like those used with Lucee to stay permanent. For example, cPanel requires Apache configs in a config file that’s unique to each user. Without that unique config, your Apache configs will get overwritten each time a new patch comes along. Could something like that be the reason your specific users only work for a short period of time?
Maybe try something other than BlueOnyx (I like VirtualMin - also free and OSS) and see if that clears up the majority of your issues?
BlueOnyx has it’s own java and tomcat server. I left the BO tomcat disabled and it initially worked… but, I’m beginning to wonder if maybe there could be some kind of conflict with the two versions? (shouldn’t be ports - BO tomcat isn’t running)
Would it be possible to configure lucee to use the BO Java and tomcat? And if so, where do I start?