Jordan Michaels helps to maintain several excellent Lucee installers bundled with Tomcat, which can be found in the Lucee downloads section:
http://lucee.org/downloads.html
9 times out of 10, those will do everything you need to do. Here’s what I would suggest to make it easier with what you currently have in place:
Install Apache, and then elect to install the connectors during the Lucee installation script. Then uninstall Apache. You just need it so the installer can set up mod_cfml shared keys - otherwise it won’t add the keys to the mod_cfml valve configuration.
The NGINX proxy configuration to Lucee you already have in place should work with the installers, by simply changing the key to the new mod_cfml key, though I haven’t verified this - as of yet. With the installer, Tomcat is located in /opt/lucee/tomcat and you can grab the shared key from the mod_cfml valve configuration in /opt/lucee/tomcat/conf/server.xml to match up in /etc/nginx/lucee-proxy.conf
If you still have trouble getting mod_cfml up and running you can also just do a direct HTTP proxy to port 8888 from NGINX and configure your web context manually, which works fine too if you don’t mind setting up a new web context context configuration for each app. This is how NGINX/Lucee servers were set up before recent mod_cfml updates, which made it fully compatible with NGINX.
In your nginx.conf add the upstream inside the the http{} config (and use some of the excellent security config blocks that are in your existing install) without :
#upstream configuration - may be used to configure additional servers and options for load balancing
upstream lucee {
server 127.0.0.1:8888;
}
Then add the following inside your server config:
#Proxy all CFML to Lucee
location ~ .(cfm|cfml|cfc)(.*)$ {
proxy_pass $scheme://lucee;
proxy_cache_bypass $no_cache;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## CGI.REMOTE_ADDR
proxy_set_header X-Forwarded-Proto $scheme; ## CGI.SERVER_PORT_SECURE
proxy_set_header X-Real-IP $remote_addr;
#everything below is optional and is for tuning:
expires epoch;
client_max_body_size 32m;
client_body_buffer_size 800k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
#let NGINX handle static files
location ~* ^.+.(jpe?g|jpg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|avi|mp3|ttf|woff)$
{
root /web;
expires 30d;
}On January 13, 2016 at 9:25:09 PM, GlenS (@brandexpedia) wrote:
Hi Jon,
Thank you, I followed your advise with the following process:
I checked for directory /opt/lucee/jvm
I ran $ chown -R root:root /opt/lucee/jvm && chmod -R 755 /opt/lucee/jvm
I removed symlink at $ rm /opt/lucee/jvm/current
I linked files again $ ln -s /opt/lucee/jvm/jdk1.8.0_66 /opt/lucee/jvm/current
I restarted Tomcat7 $ service tomcat7 restart
I restarted Nginx $ service nginx restart
I tested for 8080 port $ netstat -ntlp and have ports listing on 8080 for tomcat now.
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:34140 0.0.0.0:* LISTEN 462/rpc.statd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 939/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 451/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1200/nginx -g daemo
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1108/sshd
tcp6 0 0 :::111 :::* LISTEN 451/rpcbind
tcp6 0 0 :::8080 :::* LISTEN 1243/java
tcp6 0 0 :::22 :::* LISTEN 1108/sshd
tcp6 0 0 :::37976 :::* LISTEN 462/rpc.statd
I ran $ service tomcat7 status and got success message.
I ran $ service nginx restart and got success message
I believe that Tomcat is up and working, however I am now getting a 504 gateway timeout. I am going to re-install lucee and see if this helps.
You mentioned you always installed Lucee using the installers. Not having much experience with Lucee setup is there another method that you may recommend?
On Thursday, 14 January 2016 01:53:07 UTC+2, Jon Clausen wrote:
Excellent. You’ve solved the 403. Your bad gateway is because Tomcat isn’t running, as referenced in your preceding email. Frankly, I’ve always installed Lucee using the installers so Pete’s installation method is unfamiliar to me. Looking your startup error at his scripts and docs, it looks like the JVM installation wasn’t successful. I would suggest running the “400-jvm.sh” script (ubuntu-nginx-lucee/400-jvm.sh at master · foundeo/ubuntu-nginx-lucee · GitHub ) manually again. That should extract it to the /opt/lucee/jvm/current directory.
On January 13, 2016 at 6:34:08 PM, GlenS (te...@brandexpedia.com) wrote:
Hi Jon, thanks when I add my ip address as in my outbound ip address not my server ip, I then get a 502 Bad Gateway response.
lucee.conf looks like this
#block the lucee-context except for certain ip
location ~* /lucee/ {
allow 123.56.789.111;
deny all;
include lucee-proxy.conf;
}
Checking my /var/log/nginx/error.log shows:
2016/01/13 18:07:37 [error] 26790#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 123.56.789.111, server: mydomain.co.za, request: "GE$
2016/01/13 18:10:11 [error] 26805#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 123.56.789.111, server: mydomain.co.za, request: "GE$
On Thursday, 14 January 2016 00:53:46 UTC+2, Jon Clausen wrote:
Right, you’re getting the 403 because your config is disallowing access to the admin from any IP except 10.0.0.10.
You’ll need to add your IP or comment out that location block to gain access to the admin.
[Note: Typo assistance courtesy of iPhone]
On Jan 13, 2016, at 5:11 PM, GlenS te...@brandexpedia.com wrote:
Hi Jon,
My /etc/nginx/lucee.cnf looks as follows:
#block the lucee-context except for certain ip
location ~* /lucee/ {
allow 10.0.0.10;
deny all;
include lucee-proxy.conf;
}
And I added nginx as a user and then added to the group www-data and restarted nginx. No change in 403 error.
On Wednesday, 13 January 2016 23:04:35 UTC+2, Jon Clausen wrote:
NGINX runs under the user account “nginx” so, based on the permissions you’re setting in the script below you may need to add the “nginx” user to the group “www-data” (that’s the group you’re setting ownership of the web root to) to ensure permissions for non-proxy access from NGINX:
usermod -a -G www-data nginx
Looking at Pete’s lucee.conf file in the repo you linked below, though the /lucee path is IP restricted. Does your IP match that IP (he has 10.0.0.10 as the IP in his file)?
On January 13, 2016 at 3:13:18 PM, te...@brandexpedia.com (te...@brandexpedia.com) wrote:
Glen here, I am new to Lucee with nginx and I am stuck with a 403 forbidden error when trying to access url: mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if someone can point out where I am going wrong here.
I followed this awesome script GitHub - foundeo/ubuntu-nginx-lucee: Script for standing up a Lucee server using nginx and Tomcat on Ubuntu which I adapted a little for installing on debian 8.2 x64. When I get to the end of the script I get the success statement and I can view my site page but when I try access mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I hope I am not being too long winded with the details, but here goes.
When I test nginx I get syntax ok:
$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
My ports output:
$ netstat -ntlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8920/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd
tcp6 0 0 :::22 :::* LISTEN 904/sshd
My configs and changes as follows,
./install.sh config
#!/bin/bash
#configuration options
export LUCEE_VERSION=“4.5.2.018”
export JVM_MAX_HEAP_SIZE=“512m”
export JVM_FILE=“server-jre-8u66-linux-x64.gz”
export JVM_VERSION=“1.8.0_66”
File changes to 100-ubuntu-update.sh adapted for debian 8.2 x64
#!/bin/bash
echo “Updating Debian Software”
aptitude update
aptitude upgrade -y
aptitude remove apt-listchanges
aptitude install curl -y
aptitude install unzip -y
aptitude install git -y
500-nginx.sh changes
#!/bin/bash
web_root=“/web”
echo “Installing nginx”
aptitude install nginx -y
echo “Adding lucee nginx configuration files”
cp etc/nginx/conf.d/lucee-global.conf /etc/nginx/conf.d/lucee-global.conf
cp etc/nginx/lucee.conf /etc/nginx/lucee.conf
cp etc/nginx/lucee-proxy.conf /etc/nginx/lucee-proxy.conf
echo “Configuring modcfml shared secret in nginx”
shared_secret=cat /opt/lucee/modcfml-shared-key.txt
sed -i “s/SHARED-KEY-HERE/$shared_secret/g” /etc/nginx/lucee-proxy.conf
echo "Creating web root and default sites here: " $web_root
mkdir $web_root
mkdir $web_root/mydomain.co.za
mkdir $web_root/mydomain.co.za/wwwroot
echo “Creating a default index.html”
echo “<!doctype html>
CFML Webroot…
” > $web_root/mydomain.co.za/wwwroot/index.html
#add tomcat7 to www-data group so it can read files
usermod -aG www-data tomcat7
#set the web directory permissions
chown -R root:www-data $web_root
chmod -R 750 $web_root
echo “Adding Default and Example Site to nginx”
cp etc/nginx/sites-available/*.conf /etc/nginx/sites-available/
echo “Removing nginx default site”
rm /etc/nginx/sites-enabled/default
echo “Adding our default site”
ln -s /etc/nginx/sites-available/mydomain.co.za.conf /etc/nginx/sites-enabled/mydomain.co.za.conf
service nginx restart
changes to /etc/hosts
178.62.29.247 mydomain.co.za www.mydomain.co.za
changes to /etc/nginx/lucee.conf
#block the lucee-context except for certain ip
location ~* /lucee/ {
# Add my domain
allow 178.62.29.247;
deny all;
include lucee-proxy.conf;
}
Sites directory structure
sites-available/
/default
/mydomain.co.za.conf
Changes to mydomain.co.za.conf
server {
listen 80 default_server;
root /web/mydomain.co.za/wwwroot/;
server_name mydomain.co.za www.mydomain.co.za;
Mod_cfml (Lucee) specific: add a unique ID for this server block.
set $lucee_context “mydomain.co.za”;
include lucee.conf;
}
I think the problem is either an empty directory root mapping and I do not know lucee well enough to know why or how the folder structure works yet. Or it is a permissions and ownership issue.
Any help here will be greatly appreciated, I have spent many hours on this and the solution is probably simple, I hope!!!
You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8dca3859-4c6f-4860-bf44-8c5d241eb1e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.