Configuring NGINX with mod_cfm

Wayne_Gregori · February 22, 2017, 5:26pm

I think that I have a successful install of Lucee 5.1…

I can go to http://myip:8888 and receive the Congratulations page…

However, when I try to setup a website with an index.cfm as my root doc…
I get a 502 Bad Gateway.

It would seem that the .cfm files are not be processed by Lucee…

My installation is on Ubuntu 14.04, Nginx system.

Any help would be much appreciated.

Wayne

Igal · February 22, 2017, 5:47pm

the installer doesn’t set up your web server AFAIK. you need to
configure nginx to forward the .cfm requests to Lucee by defining an
upstream and forwarding the requests with the proxy_pass directive.

Igal Sapir
Lucee Core Developer
Lucee.org http://lucee.org/

joe.gooch · February 23, 2017, 9:25pm

We’ll need to know what’s in lucee.conf.
-G

Wayne_Gregori · February 23, 2017, 6:33pm

Igal,

Thanks for the response. Can you provide some instruction as to how to do
this. My website config file points to a lucee config file… is there
more to do? Below is an example of a test config file. If the root
document is index.html it works fine. However, index.cfm triggers the 502
bad gate way error…

server {
  listen 307;
  server_name test.com;
  root /web/test.com/wwwroot/;

  # Mod_cfml (Lucee) specific: add a unique ID for this server block.
  # For more info, see 
http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/
  set $lucee_context "example.com";

  include lucee.conf;
}

Wayne_Gregori · February 23, 2017, 7:55pm

One more question:

I’m I right in understanding that if mod_cfm is installed properly then the
necessary entries in Tomcat server.xml are made automatically?

Wayne_Gregori · February 23, 2017, 11:49pm

Here’s my lucee.conf

location ~* /lucee/ {
    allow 192.168.1.116;
    deny all;
    include lucee-proxy.conf;
}

location ~* /lucee-server {
    return 404;
}

#block/ignore CFIDE requests
location ~* /CFIDE {
    return 404;
}

#block requests for Application.cfc/cfm
location ~* Application.cf[mc]$ {
    return 404;
}

#match cfm or cfc files and proxy them off to tomcat
#if you do not need SES urls like index.cfm/foo/bar
#then use: (\.cfm|\.cfc)$ instead
location ~* (\.cfm(\/|$)|\.cfc$) {
  include lucee-proxy.conf;
}

#set the default document to index.html or index.cfm
index index.html index.cfm;

Jordan_Michaels · February 23, 2017, 9:50pm

No. Mod_cfml doesn’t touch the server.xml file. The server.xml file adds your contexts to Tomcat during Tomcat’s bootup, where mod_cfml adds contexts to Tomcat on-the-fly.–
Kind regards,
Jordan Michaels
Vivio Technologies

joe.gooch · February 24, 2017, 2:28am

And lucee-proxy.conf?

Wayne_Gregori · February 24, 2017, 7:05pm

Hi Joseph,

I’ve had some progress. I’ve included the config files for a site
(test.com). Although still get 502 Bad Gateway it appears that Lucee has
created the WEB-INF folder in the root.

Thanks for any help that you might provide.

Wayne

lucee-proxy.conf (1.28 KB)

test.com.conf (354 Bytes)

server.xml (7.97 KB)

joe.gooch · February 24, 2017, 8:56pm

Didn’t you say your lucee install was on 8888? If so, your
lucee-proxy.conf should have 127.0.0.1:8888, not 8080. (Which is also what
I’m seeing in your server.xml. The 8080 connector is commented out)

-G

Wayne_Gregori · February 24, 2017, 9:41pm

I changed my lucee-proxy.conf to 127.0.0.1:8888 and uncommented the block
in the server.xml that has the 8080 reference… now I get the error message

Tomcat Mod_CFML error

mod_cfml request authentication failed!

I’m going to take this as progress…

Wayne

joe.gooch · February 25, 2017, 12:09am

Now, time to hand off to someone who uses mod_cfml

My expectation is you have some proxy headers to set in lucee-proxy.

There’s an example on modcfml.org, and I feel like the mod_cfml valve in
Tomcat might need a password or header or something.

But I guess the first question is, do you actually need mod_cfml? Do you
have multiple vhosts on your server or do you need multiple web contexts?
If not, going without mod_cfml is possible.
-G

Jordan_Michaels · February 25, 2017, 2:16am

Here’s some documentation:
http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/

An example of the specific header you need to fix that error can be found in this example NGINX config:

github.com

foundeo/ubuntu-nginx-lucee/blob/master/etc/nginx/lucee-proxy.conf#L12


      
          #include standard proxy headers
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          #populate the cgi.https variable with on or off based on map condition which must be specified in a http {} block
          proxy_set_header https $cgi_https;
          
          
#add headers for mod_cfml to do its work
          proxy_set_header X-Tomcat-DocRoot $document_root;
          proxy_set_header X-ModCFML-SharedKey SHARED-KEY-HERE;
          # For more info on $lucee_context, see http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/
          if ($lucee_context = false) {
          	set $lucee_context $document_root;
          }
          proxy_set_header X-Webserver-Context $lucee_context;
          
          
# Enable path_info - http://www.lucee.nl/post.cfm/enable-path-info-on-nginx-with-lucee-and-railo
          set $pathinfo "";
          # if the extension .cfm or .cfc is found, followed by a slash and optional extra
          if ($uri ~ "^(.+?\.cf[mc])(/.*)") {

The shared key is a key that authorizes your web server (whether it’s NGINX, Apache, IIS, or whatever) to send new contexts to the mod_cfml Tomcat valve. This shared key must match the shared key you have in your server.xml file. In your C:\lucee\tomcat\conf\server.xml file, there will be an entry like this:

<!-- visit modcfml.org for details on mod_cfml configuration options -->
<Valve className="mod_cfml.core"
  loggingEnabled="false"
  maxContexts="200"
  timeBetweenContexts="2000"
  scanClassPaths="false"
  sharedKey="9470da36d3fba9f62b-BoatloadsOfOtherRandomLettersAndNumbers-789f6449a11f2bc"
/>

Note the “sharedKey” value. The shared key in your NGINX config and the shared key in your server.xml config must match.

Hope this helps!–
Kind regards,
Jordan Michaels
Vivio Technologies