How to install Lucee on Windows 2019 Server IIS (Video Tutorial)

This is a quick video tutorial about installing Lucee on a clean Windows 2019 Server Datacenter and connecting it to IIS 10 with boncode connector and cfml_mod. It also guides through resolving a common 500 status code error “can’t create directory WEB-INF”, caused by the tomcat service not having the corresponding file permissions (security by default).

Step 1 - Adding the IIS Role and Features
This video explains how to add IIS Roles and Features, a prerequisite for installing Lucee in such a manner that it can connect with IIS

Step 2 - Installing Lucee
This video shows how to install Lucee with the installer that ships AdoptOpenJDK (Java JDK), Tomcat 9, Boncode Connector and mod_cfml

Step 3: Removing unwanted Handler Mappings
This video guides how to remove Handler Mappings that have been added automatically during “IIS Feature” installation by Windows Server 2019, enhancing security.

Step 4: Grant Lucee access to IIS webroots
This video explains how to add write permissions for Tomcat/Lucee service to access IIS webroots. It also shows why and when the “500 error can’t create directory WEB-INF” can occur

New Video:
Step 5: Block Remote/Public Access To Lucee’s Server/Web Admins
This video shows how to block your “Lucee’s Server/Web Administration” from beeing accessed from remote/public internet with “BonCode Connector” and “IIS Request Filtering”
1:13 - Block Public Access With “Boncode Connector Settings”
2:49 - Block Public Access With “IIS URL Filtering”

Here is the tutorial serie as a playlist:

Unfortunately the videos have no audio because I hadn’t the time and hardware to record and mix the sound in a quality I’d expect to, but the video content should be self explaining. This material was made because as an usual CFML Developer I’d like to give my part back as a contribution to the Lucee Dev Team for creating this great software, and of course help others that now are at a point, where I’ve also been before :smiley:

16 Likes

The video for Step 4 addresses this. You need to add the Local Service account with full permissions to the folder in which you setup as your document root.

Fantastic walkthroughs! Thanks!

1 Like

This a great tutorial. I have installed Lucee with all the settings shown in this tutorial. I have added a website via IIS, using a binding of:

port: 80
ip: 127.0.0.20
host: foo.bar.com

In my host file, I have added:

127.0.0.20 foo.bar.com

Within the box [locally], when I navigate to:

foo.bar.com

It says:

Page not found

There is no IIS 500 message or Lucee error. :frowning:

Within the box [locally], when I navigate to:

foo.bar.com:8888

Everything works? Do you know why?

I haven’t tried your LOCAL.SERVICE fix.
I haven’t removed that ISAPI module etc within IIS. I must say, I have never had to remove anything from the Handler Mappings module? Why exactly are you doing this?
Do you think this would help?

I really need this to work on port 80.

I never defined such an local IP for a hostname.

But: First, I’d check if the IIS webroot binding for the created website is the same path location as defined in Tomcat.

You should at least be able to open a static file (e.g. an image.jpg) on tomcat and IIS. E.g. http://foo.bar.com:8888/image.jpg
http://foo.bar.com/image.jpg

If the bindings are the same, you should be able to load the image on both URLs.

This is purely for security reasons. When addind IIS features for boncode installations, the MS Feature Installer adds a bunch of handler mappings that isn’t needed for running IIS with Tomcat/Lucee. Removing those would just reduce surface of attack. It’s a purely security decision. If you need certain mappings to use specific modules, it’s up to you to keep them active or not.

1 Like

Hi Andreas

Thank you for the reply. I feel a bit stupid.

There was a web.config in the root and basically it was causing all sorts of mayhem.
A Dev had committed it by mistake.

Once I removed this, everything worked perfectly. :slightly_smiling_face:

1 Like