Lucee web contexts and mod_cfml-valve

Gavin_Baumanis · March 24, 2022, 10:35pm

Hey there - it is me again…
I am hoping someone can help me out with what I think is a mod_cfml usage issue…

And I think this is the root cause of the original scripts from my previous threadnot working, too.

I install Lucee by copying the JAR to /opt/lucee/current/
I install tomcat 9 via RPM
Install nginx via rpm

I have copied the mod_cfml jar to /usr/share/tomcat/lib
I have placed all the lucee.conf / luce-proxy.conf (from mod_cfml) into the nginx root directory
I have updated all my “sites.conf” to include

set $lucee_context "application1";
include lucee.conf;

I have copied the cfml_mod valve element into tomcat’s server.xml within the localhost’s configuration.

<Valve className="mod_cfml.core"
    loggingEnabled="false"
    waitForContext="5"
    maxContexts="200"
    timeBetweenContexts="2000"
    scanClassPaths="false"
    sharedKey="SHARED-KEY-HERE"
/>

I have updated the - everywhere, as required,

And I have inserted (via sed) directly into the lucee-server.xml a labels block.
where the context matches that in the site conf and the id is md5 hash of the webroot of the application’s web root.

<labels>
	<label id="2619d11e4ba672a848b6e31624b075cb" name="application1"/>
	<label id="033abba4218938f7aeb57b3aa523dd61" name="application2"/>
	<label id="5e72cd3571965cf29811c5649c947cb8" name="application3"/>
	<label id="1a456059fdd36b8560052cb5a2490e92" name="application4" />
</labels>

Despite all this - the contexts - do not appear in the Lucee admin.
Nor are they physically created on disk.

And this is where I ask for help, please : and as always THANKS

Here is my tomcat server.xml;

<Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

        <!-- visit modcfml.org for details on mod_cfml configuration options -->
        <Valve className="mod_cfml.core"
                loggingEnabled="false"
                waitForContext="5"
                maxContexts="200"
                timeBetweenContexts="2000"
                scanClassPaths="false"
                sharedKey="<mySecretHere>"
                />

      </Host>

Here is my nginx.conf;

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

Here is a nginx site config that is in /etc/nginx/conf.d

server {
    listen 80;
    server_name subdomain.domain.com subdomain.localhost;
    root /web/directory1/myCFMLapp
    set $lucee_context "application1";
    include lucee.conf;
    rewrite "^/([0-9a-zA-Z-\+/=]{20,})(/image\.png)?$" /web.cfm?vars=$1$2 last;
}

Don’t forget to tell us about your stack!

OS: Amazon Linux 2
Java Version: 11
Tomcat Version: 9
Lucee Version: 5.3.8.206

bdw429s · March 24, 2022, 11:09pm

Firstly, the web context hashes are NOT just a hash of the web root, so I’m not sure where you got that idea. I wouldn’t recommend ever trying to force the information into Lucee’s XML files. Lucee will create the web contexts as necessary the first time they are hit.

There is no mod_cfml module for Nginx, so in order for this to work, you have to manually set the X-Tomcat-DocRoot HTTP Header that the valve is looking for with a value of the web root path for each host.

proxy_set_header X-Tomcat-DocRoot "/path/to/webroot";
proxy_set_header X-ModCFML-SharedKey "SHARED-KEY-HERE";

On a related note, you can greatly simplify what you’re doing by using CommandBox. The 5.5.0-alpha builds which are about to release have mod CFML support built in. You still need to set the headers I showed above in Nginx, but enabling mod CFML is as easy as

server set modCFML.enable=true
server set modCFML.sharedKey=myKey

and you’re off.

Gavin_Baumanis · March 25, 2022, 1:42am

Hi there,
I am VERY happy to be corrected… But I am pretty sure that you are wrong with everything you just posted.

I am certain that the context hashes are EXACTLY/JUST a MD5 hash of the web root.
If I create an MD5 hash of the webroot path with a trailing “/” - then my MD5 hash is an “exact” match for the original context directory created by Lucee.

From the mod_cfml home page;

Mod_cfml is a community-driven suite of programs that automatically configures Tomcat hosts to match hosts created in Apache, NGINX, or IIS.

And here are the install instructions for NGINX, that I followed but still seem to be having an issue with.

Which include copying a file lucee-proxy.conf which includes the two header lines you have posted.

Genuinely - with no hint of sarcasm… please feel free to set me straight - if I have something wrong.

Gavin.

bdw429s · March 25, 2022, 2:28am

Yep, you’re correct

github.com

lucee/Lucee/blob/6.0/core/src/main/java/lucee/commons/io/SystemUtil.java#L652


      
          				}
          				else path = SystemUtil.parsePlaceHolder(path);
          			}
          
          			if ((path.indexOf("{web-context-hash}")) != -1) {
          				String id = hash(sc);
          				path = StringUtil.replace(path, "{web-context-hash}", id, false);
          			}
          		}
          		return path;
          	}
          
          	public static String hash(ServletContext sc) {
          		String id = null;
          		try {
          			id = MD5.getDigestAsString(ReqRspUtil.getRootPath(sc));
          		}
          		catch (IOException e) {
          		}
          		return id;
          	}

I swear, I looked at that code years ago and the web context hash was a combination of sevearl things all hashed together, but I looked back as far as I could find in the Railo code and it was always just the web root. Sorry, I don’t recall what I must have confused that with. That said, I still wouldn’t attempt auto-creating the web contexts. Let Lucee do that.

I stand by what I said There is no mod_cfml module for Nginx, I said there was no module, I didn’t say it couldn’t be done. The docs you linked to don’t say anything about an Nginx module. And when I say “module”, I been a native module you install into the web server like the mod_cfml module that exists for Apache. The docs you linked to show example nginx config files that just add the proxy headers, just like I said you needed to do.

github.com

foundeo/ubuntu-nginx-lucee/blob/master/etc/nginx/lucee-proxy.conf#L11-L12


      
          proxy_set_header X-Tomcat-DocRoot $document_root;
          proxy_set_header X-ModCFML-SharedKey SHARED-KEY-HERE;

Though, honestly I think those docs are unecessarily complicated. I’ve used Lucee/tomcat/mod_cfml with Nginx before and all I needed to do was set the two headers I mentioned above.

Not sure- I haven’t used Lucee with the Tomcat valve in years. Like I said, CommandBox has it built in now. I’d look in the catalina.out log for clues. I’m pretty sure the Tomcat valve may have some debugging you can enable too.

Gavin_Baumanis · April 4, 2022, 6:01am

Hi everyone and thanks for all the ongoing help everyone has been giving me over the past couple of months. I really appreciate it.

I’d like to close of this thread with …
I have no idea what I am now doing differently - but it is now working.

Obviously, something IS different - but I’ll be damned if I know what it is!

I can successfully create a Lucee server, (with Tomcat 9) and with NGINX for some rewrites.
I can set the admin password programmatically, add all the data sources, and by using CURL, add all the scheduled tasks and get all the contexts to show up in Lucee Admin.
Which I give labels to by "sed"ing the lucee-server.xml.

Anyway - just wanted to say thanks…

Gavin.

kenricashe · April 30, 2024, 10:03pm

Apologies for reviving this old topic, but as I happened upon it today, I thought it could use some clarity.

I was initially confused by the statement because my definition of “native” Apache module was simply when it’s authored by Apache Software Foundation as opposed to third party modules such as mod_cfml which is authored by Vivio Technologies.

And technically mod_cfml isn’t “installed” like an app, but rather the mod_cfml.so file is copied to the appropriate Apache directory depending on the version and O/S, enabled, and configured. That’s all the “installer” script does.

But then I surmised you were referring to the mod_cfml.so file existing specifically for Apache while there is no such equivalent for NGINX which relies solely on the Tomcat valve jar file and some extra config.

Just wanted to clear that all up in case it helps anyone else finding this in the future!