I setup the connection to mod_cfml from nginx based on what I found here, and have been trying to fix a few issues:
everything is working except for a couple minor things, any assistance would be greatly appreciated!
lucee says cgi.remote_addr is: 127.0.0.1
and sometimes index.cfm gets added to the url, especially just after restarting lucee service, can that be prevented?
here are my nginx conf files:
nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name mypetmask.ca www.mypetmask.ca;
return 301 https://mypetmask.ca$request_uri;
}
server {
listen 443 ssl;
server_name www.mypetmask.ca;
return 301 https://mypetmask.ca$request_uri;
ssl_certificate H:\Certificates\mypetmask.ca-chain.pem;
ssl_certificate_key H:\Certificates\mypetmask.ca-key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
ssl_prefer_server_ciphers on;
}
server {
listen 443 ssl;
server_name mypetmask.ca;
root H:/wwwroot/mypetmask.ca;
set $lucee_context "mypetmask.ca";
include lucee.conf;
#charset koi8-r;
#access_log logs/host.access.log main;
ssl_certificate H:\Certificates\mypetmask.ca-chain.pem;
ssl_certificate_key H:\Certificates\mypetmask.ca-key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
ssl_prefer_server_ciphers on;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
lucee.conf
#to enable Lucee for a server: include lucee.conf;
#block the lucee-context except for certain ip
location ~* /lucee/ {
#allow 10.0.0.10;
deny all;
include lucee-proxy.conf;
}
location ~* /lucee-server {
return 404;
}
#block/ignore CFIDE requests
location ~* /CFIDE {
return 404;
}
#block requests for Application.cfc/cfm
location ~* Application.cf[mc]$ {
return 404;
}
location ~* (\.cfm(\/|$)|\.cfc$) {
include lucee-proxy.conf;
}
#set the default document to index.html or index.cfm
index index.html index.cfm;
lucee-proxy.conf
set $path_info $request_uri;
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 100s;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header https $https;
#add headers for mod_cfml to do its work
proxy_set_header X-Tomcat-DocRoot $document_root;
proxy_set_header X-ModCFML-SharedKey [correct-sharedkey-is-here];
# For more info on $lucee_context, see http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/
if ($lucee_context = false) {
set $lucee_context $document_root;
}
proxy_set_header X-Webserver-Context $lucee_context;