I am hoping you can suggest a reference document, not asking for you to do my work.
I need to run luccee on a domain hosted on a server with several php (LAMP) sites. Lucee is there now, but only through port 8888 and an ip4 address, not a registered domain as it needs to be. I need to set this up so the outside world can get to Lucee, without having to include port numbers in the url.
I have been assured the instructions are easy to find, so I should avoid asking questions. I put the terms “lucee”, “apache”, and “php” into google. I am not finding any references containing all three.
The server is running Debian 10. It has seven virtual hosts each with a separate domain, using Apache and mod_php. None of the hosts get much traffic. The arrangement has been running pretty much like this for five years, going back to Debian 7. Each domain/host is setup with “site” configuration file. Each file has a host listening on port 80, which is redirected to port 143, so this stuff runs all ssl all the time.
Here is a sanitized version of one of the apache config files.
<VirtualHost *:80>
ServerAdmin boss@example.com
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/www.example.com/htdocs
<Directory />
Options FollowSymLinks -Indexes
AllowOverride All
</Directory>
<Directory /var/www/www.example.com/htdocs>
AllowOverride All
Order Deny,Allow
Allow from All
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
</Directory>
ErrorLog /var/www/www.example.com/logs/error.log
LogLevel warn
CustomLog /var/www/www.example.com/logs/access.log combined
RewriteEngine On
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 3
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin boss@example.com
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/www.example.com/htdocs
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
<Directory /var/www/www.example.com/htdocs>
options -Indexes
AllowOverride All
Order Deny,Allow
Allow from All
</Directory>
ErrorLog /var/www/www.example.com/logs/error.log
LogLevel warn
CustomLog /var/www/www.example.com/logs/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/example.com/example.com------------------cert.pem
SSLCertificateKeyFile /etc/ssl/example.com/example.com-------------------key.pem
SSLCACertificateFile /etc/ssl/example.com/example.com--------------------ca.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Any suggestions for information you can provide will be much appreciated.
If you are asking how to run PHP and Lucee side-by-side, all through the same Apache instance, then just put your reverse proxy or mod_cfml connector in the virtual hosts that you want to serve CFML.
How did you install Lucee? If you used the installer, did you opt to have it install mod_cfml?
To install Lucee, I ran the Lucee installer. Regarding mod_cfml, the first time ran the Lucee installer, I opted for mod_cfml. Unfortunately, that first install produced some complications interfering with what was already there. It’s been more than a month, and do not remember any of the specifics. It seemed clear enough that mod_cfml was in the middle of the problem, but that is just because I do not understand it. To resolve the problem, I deleted the server completely, rebuilt it, then installed only Lucee to get it working by itself. In that context, there was no need for mod_cfml. I actually went through the process of deleting the server, making a new one, and then installing Lucee with the installer around five times, until I thought i had a decent handle on what it was doing.
In the course of those exercises, I learned how to install Lucee after LAMP was installed as described above. I finally did that on the production server and the Lucee installation went without a hitch.
So, I guess what I will be doing is starting with another server I can afford to lose and try installing Lucee with mod_cflm.
Regarding my reverse proxy, I honestly had no idea that I have one. Everything I know about reverse proxy fits in a half thimball. I tried setting up nginx with apache one time. The instructions mentioned reverse proxy… it actually emphasized the term. I never understood what it meant.
The issue you had with mod cfml was likely just that it installed globally and tried to fire for ALL sites. You’d have wanted to only enable that module in the virtual hosts where you needed it. You can install mod cfml manually, but I’d defer to the mod cfml docs for that.
A reverse proxy is simply a module in Apache that take incoming HTTP requests and re-sends them to another hosts/IP for processing, and then proxies back the results to the original HTTP request. mod cfml is basically a form of a reverse proxy, but with some extra magic added in. To be clear, you don’t need mod cfml AND a reverse proxy. That was two possible solutions to the same issue.
Also, on an unrelated note, if you are looking for an easier way to handle the setup and configuration of Lucee, you can look into CommandBox, which is a CLI capable of starting up Lucee servers for you from the command line in a fashion that allows you to full automated the configuration of the engine. The only catch is, you’d need one Lucee server process per web root so this may not be ideal if you have dozens of separate CF sites.
Potentially, but it depends on how you expect it to work. The way it generally works is you have an Apache module and a CF module (or just a reverse proxy) installed in Apache and then you direct each request to a different backend location based on something such as the file extension. So requests ending in .cfm go to Lucee, etc.
I was thinking the file extension can be relied upon to direct traffic where it needs to be processed.
So, I guess I need to choose what I am going to use for a reverse proxy… and maybe CommandBox is a platform for doing that, with or without mod_cfml?
Well, even if you go with CommandBox, it would just take the place of your standard Lucee servers and would still listen on its own HTTP port and your proxy would send CF requests to it. It’s just easier to automate in case you need to rebuild a server.
As far as the reverse proxy, yes usually you’d only apply it to the file extensions you wanted. The trick part would be if you wanted to also have some rewrite rule in place for SES URLs that turned URLs like site.com/foo into site.com/index.cfm/foo.
What mod_cfml does is sets up a VirtualHost in Tomcat, it does this by passing some headers across with the request which allow it to distinguish your virtual hosts in Apache. So if you only have one domain / site on the server it is not necessary to use mod_cfml. If you want to do virtual hosts and don’t want to setup virtual host configuration twice (once on apache and again in Tomcat server.xml), then mod_cfml saves you some time.
mod_cfml is not a reverse proxy, you would set that up with Apache’s directives provided by the mod_proxy module. When you run the lucee installer it will set this up globally with the apache directives so that all sites can be served by lucee.
CommandBox is great, and it could be used as a backend server for your reverse proxy setup as well, but you would probably have to spin up a new server (jvm process) for each site and that might take more resources than just a single lucee instance with mod_cfml. You can’t use mod_cfml with commandbox because it doesn’t run on Tomcat, and mod_cfml requires a tomcat valve to be setup.
I think the reason you won’t find many guides on lucee + php is that if you just follow a setup guide for lucee on Apache and then follow a guide for php on Apache it should just work in most cases.
I have not been on this since you posted the solution. Wow, I really appreciate what you provided. I will give this a try and let you know how it goes.