Apache Virtual Host files and Lucee

Pierre_Larde · December 14, 2021, 5:07pm

My environment configuration is :
Linux debian 10
apache 2.4
Lucee 5.3.7.47

I have strange links between the apache virtual host conf files and Lucee.
I attach an exemple of virtual host file for the site “saint-auban.fr”
saint-auban.fr.conf (272 Bytes)
When I restart Lucee, sometime all work (names and alias).
And sometime one of the server name or alias does not work, it goes to another directory : /var/www/C002/site and it shoud be /var/www/C022/site
(in this example it is C002 and C022, but it could be any directory number, like C024
which goes also to C002, always in C002 when it breaks).
Then, I am very afraid to restart Lucee, because, I am sure some links will break.
Sometime this and sometime other server name or alias

Could you help me with this random links ?
(it is difficult to explain).

I would like to restart Lucee without fear.
Thanks, Pierre.

Don’t forget to tell us about your stack!

OS: ???
Java Version: ???
Tomcat Version: ???
Lucee Version: ???

Terry_Whitney · December 14, 2021, 7:02pm

Make sure all your packages are up to date
sudo apt-get update
sudp apt-get upgrade
if there is a kernel update, which their should be, restart the server

in /etc/hosts
you need a line that looks like
127.0.0.1 www.saint-auban.fr patrimoine.saint-auban.fr localhost localhost.localdomain

now lucee, needs to have the same either ACL or group (www-data) or permission to read your directory

Note, that is barebones… I suggest you run your site in SSL, and use a 3rd party SSL proxy server or service.

Pierre_Larde · December 14, 2021, 7:48pm

I will look for update/upgrade, and look for permission to read (www-data)

But, I do not have a directory called /etc/hosts
Is that absolutly a need ?
Who create that directory ?

Thanks, Pierre.

Terry_Whitney · December 14, 2021, 7:54pm

its a file

you have /etc/ as a directory
you have hosts file located in /etc/
unless you are running in specialized container or some other weird install.

Unless you are going to setup DNS to resolve to a separate ip address, for pure performance not to mention some internal kernel items, yes, you want your local server understanding that it should respond to all names its called in addition to what Apache is “listening for” to be called.

Pierre_Larde · December 15, 2021, 10:43am

I do not understand well.
I looked into the file hosts.conf which is located in /etc
And inside , there is only one line which does not mean anything to me.
(file content : multi on ) that’s all it contents.
See attached file here.host.conf (9 Bytes)
Do you think, I should edit that file and add all necessary information about sites ?
What module is looking inside this file ?

Thanks for your help. I am not a Linux specialist,
(I come from windows/IIS/coldfusion.)
I have difficulties to understand all of these.

On 20 domains declared through apache virtual host, 5 are not working.
If I restart Lucee, the number 5 will change to another number, not with same sites not working.
Also, I can say that some sites are root-root as group owner
and some are www-data as group owner.
But no logic with the one which are good, and the others not good.

Thanks again, Pierre.

Terry_Whitney · December 15, 2021, 7:50pm

Hi,

you are running the sites as root? Um DONT DO THAT, seriously a bad security idea for anything production related.

instead, I believe your issue is with permissions.

Again, not sure how you have Lucee configured with Apache2, I will assume you just let the installer run.
Again, not judging just trying to help.

what you will want to do is make sure where ever you have your vhosts web root, have the same permissions as the user / group that is running the lucee service, which usually is

www-data user and the same for the group.

If you are running with default install values, then
you would want to make sure all your vhosts are owned by

www-data:www-data

you can check the permissions by running

ls -lt /what/ever/top/level/path/to/vhost

chown -R www-data:www-data /path/to/vhost/folder would be a quick fix

Pierre_Larde · December 16, 2021, 12:24pm

Thanks for assistance and advise,
I try to answer :
1 - yes , Lucee has been installed with the installer run.
2 - If I look at all Lucee files, they are all in root-root owner group
So, I suppose the Lucee service is under root-root ? See attached image
lucee_1

3 - See all sites group owners, some are root-root and others are www-data
Can I modify , to have all sites under same group ? and which one ?
As Lucee is under root-root, is this good ?
Which group (root-root or www-data) for all sites ? See attached image.
lucee_2
4 - Before doing any action, I want to make sure I will make the rights actions,
What is the best to change ?

5 - For the moment, all sites are running correctly (under production),
but i am afraid to restart Lucee. And I will have to do it sometime.

Again, thanks for all, I really need to have a stable environment, then I can concentrate on all CFML coding.
Pierre.

Terry_Whitney · December 16, 2021, 2:40pm

Hi,

Root on a UNIX box = god
God can do anything and root is GOD on a *NIX box

the first thing I would do is make var/www owned by www-data:www-data
chown -R /var/www www-data:www-data

now restart apache2
systemctl restart apache2

Pierre_Larde · December 16, 2021, 5:26pm

OK, thanks, I will do that during next week-end.
(less people impacted)
Pierre.

Pierre_Larde · December 19, 2021, 12:26pm

Well, I did that command on : /var/www
Restart apache. (command was : chown -R www-data:www-data /var/www )
All directories Cxxx and files are under www-data.
So now, it should be better, but I do not know how to verify it is better.
I may restart Lucee, to see a result ?
Directory “/var” is under "root root " , I assume , it should be left as that ?

Thanks for your assistance.
Pierre.

Terry_Whitney · December 19, 2021, 7:52pm

from what you describe, that is correct.

I would restart apache and lucee.

Pierre_Larde · December 20, 2021, 12:19pm

OK, as all is now stable, I let pass the end of year,
and I will restart Lucee first days of next january.
Thanks, again,
I will let you know.
Pierre.

Pierre_Larde · December 20, 2021, 3:38pm

I just see something, I do not understand.
When a user (the site administrator) create a new product in the site , with an image/photo
That image has root root as owner, then it does not display for visitors.
(why does it get : root root as owner ?)
I did change the owner to www-data , then it becomes visible for visitors.
How to explain this ? Who is the “site administrator” user for linux ?
Thanks, Pierre.

Terry_Whitney · December 20, 2021, 4:22pm

I am not sure what product you are using to create your image, but it would be the underlying process user that, that application is running as.

so if you installed Lucee as root and run lucee as root, then it would create those items as root

Pierre_Larde · December 21, 2021, 11:10am

To create image, I use the cffile upload, then imageResize and imageWrite (CFML code) and this function for permissions : FileSetAccessMode(“#dest_dir##name#”, “644” )
Yes Owner of Lucee is root root , it did it by default at install,
and all sites/applications are under www-data.
Could I change something on Lucee to ensure users will not create files owned by root root ?
Else, I must do it by hand (chown etc…)
Thanks for advise,
Pierre.

Terry_Whitney · December 21, 2021, 1:39pm

The documentation for this is straight forward

the command for this would be

sudo /opt/lucee/sys/change_user.sh www-data /opt/lucee/ lucee nobackup

Pierre_Larde · December 22, 2021, 12:31pm

OK, thanks you.
I will look at that after 1st of january.
(hope the change, will not affect other sites)
Pierre.