Lucee, Apache, PHP - Sanity Check

I am hoping you can suggest a reference document, not asking for you to do my work.

I need to run luccee on a domain hosted on a server with several php (LAMP) sites. Lucee is there now, but only through port 8888 and an ip4 address, not a registered domain as it needs to be. I need to set this up so the outside world can get to Lucee, without having to include port numbers in the url.

I have been assured the instructions are easy to find, so I should avoid asking questions. I put the terms “lucee”, “apache”, and “php” into google. I am not finding any references containing all three.

The server is running Debian 10. It has seven virtual hosts each with a separate domain, using Apache and mod_php. None of the hosts get much traffic. The arrangement has been running pretty much like this for five years, going back to Debian 7. Each domain/host is setup with “site” configuration file. Each file has a host listening on port 80, which is redirected to port 143, so this stuff runs all ssl all the time.
Here is a sanitized version of one of the apache config files.

<VirtualHost *:80>
	ServerAdmin boss@example.com
	ServerName www.example.com
	ServerAlias example.com
	DocumentRoot /var/www/www.example.com/htdocs
	<Directory />
	       Options FollowSymLinks -Indexes
	       AllowOverride All
	</Directory>
	<Directory /var/www/www.example.com/htdocs>
		AllowOverride All
		Order Deny,Allow
		Allow from All
		RewriteEngine On
		RewriteCond %{SERVER_PORT} 80
		RewriteRule ^(.*)$ https://example.com/$1 [R,L]
 	</Directory>
	ErrorLog /var/www/www.example.com/logs/error.log
	LogLevel warn
	CustomLog /var/www/www.example.com/logs/access.log combined
	RewriteEngine On
	RewriteLog "/var/log/apache2/rewrite.log"
	RewriteLogLevel 3
</VirtualHost>
<IfModule mod_ssl.c>
	<VirtualHost *:443>
	        ServerAdmin boss@example.com
	        ServerName  www.example.com
			  ServerAlias example.com
	        DocumentRoot  /var/www/www.example.com/htdocs

			RewriteEngine On 
			RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 
			RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

		<Directory /var/www/www.example.com/htdocs>
			options -Indexes
			AllowOverride All
			Order Deny,Allow
			Allow from All
		</Directory>
		ErrorLog /var/www/www.example.com/logs/error.log
		LogLevel warn
		CustomLog /var/www/www.example.com/logs/access.log combined
	   SSLEngine on
		SSLCertificateFile    /etc/ssl/example.com/example.com------------------cert.pem
		SSLCertificateKeyFile /etc/ssl/example.com/example.com-------------------key.pem
		SSLCACertificateFile  /etc/ssl/example.com/example.com--------------------ca.pem

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
			SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
			SSLOptions +StdEnvVars
		</Directory>

		BrowserMatch "MSIE [2-6]" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0
		# MSIE 7 and newer should be able to use keepalive
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
	</VirtualHost>
</IfModule>

Any suggestions for information you can provide will be much appreciated.

Thank you.

If you are asking how to run PHP and Lucee side-by-side, all through the same Apache instance, then just put your reverse proxy or mod_cfml connector in the virtual hosts that you want to serve CFML.

How did you install Lucee? If you used the installer, did you opt to have it install mod_cfml?

Thank you for the clear cut direction.

To install Lucee, I ran the Lucee installer. Regarding mod_cfml, the first time ran the Lucee installer, I opted for mod_cfml. Unfortunately, that first install produced some complications interfering with what was already there. It’s been more than a month, and do not remember any of the specifics. It seemed clear enough that mod_cfml was in the middle of the problem, but that is just because I do not understand it. To resolve the problem, I deleted the server completely, rebuilt it, then installed only Lucee to get it working by itself. In that context, there was no need for mod_cfml. I actually went through the process of deleting the server, making a new one, and then installing Lucee with the installer around five times, until I thought i had a decent handle on what it was doing.

In the course of those exercises, I learned how to install Lucee after LAMP was installed as described above. I finally did that on the production server and the Lucee installation went without a hitch.

So, I guess what I will be doing is starting with another server I can afford to lose and try installing Lucee with mod_cflm.

Regarding my reverse proxy, I honestly had no idea that I have one. Everything I know about reverse proxy fits in a half thimball. I tried setting up nginx with apache one time. The instructions mentioned reverse proxy… it actually emphasized the term. I never understood what it meant.

Will Lucee and PHP run together in the same domain?

The issue you had with mod cfml was likely just that it installed globally and tried to fire for ALL sites. You’d have wanted to only enable that module in the virtual hosts where you needed it. You can install mod cfml manually, but I’d defer to the mod cfml docs for that.

https://viviotech.github.io/mod_cfml/docs-modcfml.html

A reverse proxy is simply a module in Apache that take incoming HTTP requests and re-sends them to another hosts/IP for processing, and then proxies back the results to the original HTTP request. mod cfml is basically a form of a reverse proxy, but with some extra magic added in. To be clear, you don’t need mod cfml AND a reverse proxy. That was two possible solutions to the same issue.

Also, on an unrelated note, if you are looking for an easier way to handle the setup and configuration of Lucee, you can look into CommandBox, which is a CLI capable of starting up Lucee servers for you from the command line in a fashion that allows you to full automated the configuration of the engine. The only catch is, you’d need one Lucee server process per web root so this may not be ideal if you have dozens of separate CF sites.

Potentially, but it depends on how you expect it to work. The way it generally works is you have an Apache module and a CF module (or just a reverse proxy) installed in Apache and then you direct each request to a different backend location based on something such as the file extension. So requests ending in .cfm go to Lucee, etc.

Planning only a small number of lucee sites.

Reverse proxy… I guess it is different from a non-reverse proxy, in where it sits in the overall process. Thank you for clearing that up for me.

I understand that mod_cfml provides reverse proxy, so I won’t need another one, thank you for emphasizing that.

CommandBox is impressive.

I was thinking the file extension can be relied upon to direct traffic where it needs to be processed.

So, I guess I need to choose what I am going to use for a reverse proxy… and maybe CommandBox is a platform for doing that, with or without mod_cfml?

Well, even if you go with CommandBox, it would just take the place of your standard Lucee servers and would still listen on its own HTTP port and your proxy would send CF requests to it. It’s just easier to automate in case you need to rebuild a server.

As far as the reverse proxy, yes usually you’d only apply it to the file extensions you wanted. The trick part would be if you wanted to also have some rewrite rule in place for SES URLs that turned URLs like site.com/foo into site.com/index.cfm/foo.

What mod_cfml does is sets up a VirtualHost in Tomcat, it does this by passing some headers across with the request which allow it to distinguish your virtual hosts in Apache. So if you only have one domain / site on the server it is not necessary to use mod_cfml. If you want to do virtual hosts and don’t want to setup virtual host configuration twice (once on apache and again in Tomcat server.xml), then mod_cfml saves you some time.

mod_cfml is not a reverse proxy, you would set that up with Apache’s directives provided by the mod_proxy module. When you run the lucee installer it will set this up globally with the apache directives so that all sites can be served by lucee.

CommandBox is great, and it could be used as a backend server for your reverse proxy setup as well, but you would probably have to spin up a new server (jvm process) for each site and that might take more resources than just a single lucee instance with mod_cfml. You can’t use mod_cfml with commandbox because it doesn’t run on Tomcat, and mod_cfml requires a tomcat valve to be setup.

I think the reason you won’t find many guides on lucee + php is that if you just follow a setup guide for lucee on Apache and then follow a guide for php on Apache it should just work in most cases.

Hope that helps clarify.

Pete Freitag
https://foundeo.com/

2 Likes

Having a couple of severs that do exactly this

www.example.com/phpfile.php —> calls the php interpreter …IE PHP
www.example.com/cfmlfile.cfm —> calls the cfm interpreter …IE LUCEE

Apache’s configuration for file type can be global or by host

What you need to do is include the proxy path for each interpreter inside each virtual host.

For your configuration I will just assume PHP is global running static or or module and not in fast cgi mode such as PHP-FPM

For Lucee I will assume you’re running it on the defaults.

<VirtualHost *:80>
	ServerAdmin boss@example.com
	ServerName www.example.com
	ServerAlias example.com
	DocumentRoot /var/www/www.example.com/htdocs
	<Directory />
	       Options FollowSymLinks -Indexes
	       AllowOverride All
	</Directory>
	<Directory /var/www/www.example.com/htdocs>
		AllowOverride All
		Order Deny,Allow
		Allow from All
		RewriteEngine On
		RewriteCond %{SERVER_PORT} 80
		RewriteRule ^(.*)$ https://example.com/$1 [R,L]
 	</Directory>
	

<IfModule mod_proxy.c>
        ProxyPreserveHost On
        ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ http://127.0.0.1:8888/$1$2
        ProxyPassMatch ^/(.+\.cfml)(/.*)?$ http://127.0.0.1:8888/$1$2
        # optional mappings
        #ProxyPassMatch ^/flex2gateway/(.*)$ http://127.0.0.1:8888/flex2gateway/$1
        #ProxyPassMatch ^/messagebroker/(.*)$ http://127.0.0.1:8888/messagebroker/$1
        #ProxyPassMatch ^/flashservices/gateway(.*)$ http://127.0.0.1:8888/flashservices/gateway$1
        #ProxyPassMatch ^/openamf/gateway/(.*)$ http://127.0.0.1:8888/openamf/gateway/$1
        #ProxyPassMatch ^/rest/(.*)$ http://127.0.0.1:8888/rest/$1
        ProxyPassReverse / http://127.0.0.1:8888/
</IfModule>

	
	
	
	ErrorLog /var/www/www.example.com/logs/error.log
	LogLevel warn
	CustomLog /var/www/www.example.com/logs/access.log combined
	RewriteEngine On
	RewriteLog "/var/log/apache2/rewrite.log"
	RewriteLogLevel 3
</VirtualHost>
<IfModule mod_ssl.c>
	<VirtualHost *:443>
	        ServerAdmin boss@example.com
	        ServerName  www.example.com
			  ServerAlias example.com
	        DocumentRoot  /var/www/www.example.com/htdocs

			RewriteEngine On 
			RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 
			RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

		<Directory /var/www/www.example.com/htdocs>
			options -Indexes
			AllowOverride All
			Order Deny,Allow
			Allow from All
		</Directory>

		ErrorLog /var/www/www.example.com/logs/error.log
		LogLevel warn
		CustomLog /var/www/www.example.com/logs/access.log combined
	   SSLEngine on
		SSLCertificateFile    /etc/ssl/example.com/example.com------------------cert.pem
		SSLCertificateKeyFile /etc/ssl/example.com/example.com-------------------key.pem
		SSLCACertificateFile  /etc/ssl/example.com/example.com--------------------ca.pem

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
			SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
			SSLOptions +StdEnvVars
		</Directory>
		

<IfModule mod_proxy.c>
        ProxyPreserveHost On
        ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ http://127.0.0.1:8888/$1$2
        ProxyPassMatch ^/(.+\.cfml)(/.*)?$ http://127.0.0.1:8888/$1$2
        # optional mappings
        #ProxyPassMatch ^/flex2gateway/(.*)$ http://127.0.0.1:8888/flex2gateway/$1
        #ProxyPassMatch ^/messagebroker/(.*)$ http://127.0.0.1:8888/messagebroker/$1
        #ProxyPassMatch ^/flashservices/gateway(.*)$ http://127.0.0.1:8888/flashservices/gateway$1
        #ProxyPassMatch ^/openamf/gateway/(.*)$ http://127.0.0.1:8888/openamf/gateway/$1
        #ProxyPassMatch ^/rest/(.*)$ http://127.0.0.1:8888/rest/$1
        ProxyPassReverse / http://127.0.0.1:8888/
</IfModule>
		

		BrowserMatch "MSIE [2-6]" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0
		# MSIE 7 and newer should be able to use keepalive
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
	</VirtualHost>
</IfModule>
1 Like

I have not been on this since you posted the solution. Wow, I really appreciate what you provided. I will give this a try and let you know how it goes.