New to lucee with nginx but stuck on 403 not found error /lucee/admin/server.cfm

Glen here, I am new to Lucee with nginx and I am stuck with a 403 forbidden
error when trying to access url: mydomain.co.za/lucee/admin/server.cfm. I
would really appreciate it if someone can point out where I am going wrong
here.

I followed this awesome script
https://github.com/foundeo/ubuntu-nginx-lucee which I adapted a little for
installing on debian 8.2 x64. When I get to the end of the script I get the
success statement and I can view my site page but when I try access
mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I hope
I am not being too long winded with the details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

*My ports output: *

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
904/sshd

tcp6 0 0 :::22 :::* LISTEN
904/sshd

My configs and changes as follows,

./install.sh config

#!/bin/bash

#configuration options
export LUCEE_VERSION=“4.5.2.018”
export JVM_MAX_HEAP_SIZE=“512m”
export JVM_FILE=“server-jre-8u66-linux-x64.gz”
export JVM_VERSION=“1.8.0_66”

File changes to 100-ubuntu-update.sh adapted for debian 8.2 x64

#!/bin/bash

echo “Updating Debian Software”
aptitude update
aptitude upgrade -y

aptitude remove apt-listchanges
aptitude install curl -y

aptitude install unzip -y
aptitude install git -y

500-nginx.sh changes

#!/bin/bash
web_root="/web"

echo “Installing nginx”
aptitude install nginx -y
echo “Adding lucee nginx configuration files”
cp etc/nginx/conf.d/lucee-global.conf /etc/nginx/conf.d/lucee-global.conf
cp etc/nginx/lucee.conf /etc/nginx/lucee.conf
cp etc/nginx/lucee-proxy.conf /etc/nginx/lucee-proxy.conf

echo “Configuring modcfml shared secret in nginx”
shared_secret=cat /opt/lucee/modcfml-shared-key.txt
sed -i “s/SHARED-KEY-HERE/$shared_secret/g” /etc/nginx/lucee-proxy.conf

echo "Creating web root and default sites here: " $web_root
mkdir $web_root
mkdir $web_root/mydomain.co.za
mkdir $web_root/mydomain.co.za/wwwroot

echo “Creating a default index.html”
echo “<!doctype html>

CFML Webroot…

” >
$web_root/mydomain.co.za/wwwroot/index.html

#add tomcat7 to www-data group so it can read files
usermod -aG www-data tomcat7

#set the web directory permissions
chown -R root:www-data $web_root
chmod -R 750 $web_root

echo “Adding Default and Example Site to nginx”
cp etc/nginx/sites-available/*.conf /etc/nginx/sites-available/
echo “Removing nginx default site”
rm /etc/nginx/sites-enabled/default
echo “Adding our default site”
ln -s /etc/nginx/sites-available/mydomain.co.za.conf
/etc/nginx/sites-enabled/mydomain.co.za.conf

service nginx restart

changes to /etc/hosts

178.62.29.247 mydomain.co.za www.mydomain.co.za

changes to /etc/nginx/lucee.conf

#block the lucee-context except for certain ip

location ~* /lucee/ {

    # Add my domain

    allow 178.62.29.247;

    deny all;

    include lucee-proxy.conf;

}

Sites directory structure

sites-available/

/default

/mydomain.co.za.conf

*Changes to mydomain.co.za.conf *

server {

listen 80 default_server;

root /web/mydomain.co.za/wwwroot/;

server_name mydomain.co.za www.mydomain.co.za;

Mod_cfml (Lucee) specific: add a unique ID for this server block.

For more info, see

http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/

set $lucee_context “mydomain.co.za”;

include lucee.conf;

}

I think the problem is either an empty directory root mapping and I do not
know lucee well enough to know why or how the folder structure works yet.
Or it is a permissions and ownership issue.

Any help here will be greatly appreciated, I have spent many hours on this
and the solution is probably simple, I hope!!!

I checked tomcat again with - service tomcat7 status and got back *unable
to stat /opt/lucee/jvm/current/bin/java (No such …directory) *

This could be the problem.

tomcat7.service - LSB: Start Tomcat.

Loaded: loaded (/etc/init.d/tomcat7)

Active: active (exited) since Wed 2016-01-13 16:51:20 EST; 1h 3min ago

Jan 13 16:51:20 mydomain.co.za tomcat7[23703]: Starting Tomcat servlet
engine: tomcat7start-stop-daemon: unable to stat
/opt/lucee/jvm/current/bin/java (No such …directory)

Jan 13 16:51:20 mydomain.co.za tomcat7[23703]: (already running).

Hint: Some lines were ellipsized, use -l to show in full.On Wednesday, 13 January 2016 22:48:57 UTC+2, Juan Aguilar wrote:

Maybe I’m missing something so forgive me if this is obvious, but, given
your netstat output, is Tomcat installed and running?

On Wednesday, January 13, 2016 at 3:13:14 PM UTC-5, GlenS wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403
forbidden error when trying to access url:
mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if
someone can point out where I am going wrong here.

I followed this awesome script
https://github.com/foundeo/ubuntu-nginx-lucee which I adapted a little
for installing on debian 8.2 x64. When I get to the end of the script I get
the success statement and I can view my site page but when I try access
mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I
hope I am not being too long winded with the details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

*My ports output: *

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 904/sshd

tcp6 0 0 :::22 :::*
LISTEN 904/sshd

Hi Juan,

When I run netstat-tulpen and these are the ports I get.

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State
User Inode PID/Program name

tcp 0 0 0.0.0.0:49356 0.0.0.0:* LISTEN
106 10305 509/rpc.statd

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
0 10195 500/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
0 40548 26442/nginx -g daem

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
0 11597 584/sshd

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
109 39807 26231/mysqld

tcp6 0 0 :::111 :::* LISTEN
0 10198 500/rpcbind

tcp6 0 0 :::55890 :::* LISTEN
106 10311 509/rpc.statd

tcp6 0 0 :::22 :::* LISTEN
0 11606 584/sshd

udp 0 0 0.0.0.0:675 0.0.0.0:*
0 10194 500/rpcbind

udp 0 0 127.0.0.1:685 0.0.0.0:*
0 10297 509/rpc.statd

udp 0 0 0.0.0.0:39474 0.0.0.0:*
106 10302 509/rpc.statd

udp 0 0 0.0.0.0:111 0.0.0.0:*
0 10191 500/rpcbind

udp6 0 0 :::675 :::*
0 10197 500/rpcbind

udp6 0 0 :::35391 :::*
106 10308 509/rpc.statd

udp6 0 0 :::111 :::*
0 10196 500/rpcbind

When I run $ ps -ef | grep java

root 26458 631 0 17:02 pts/0 00:00:00 grep javaOn Wednesday, 13 January 2016 22:48:57 UTC+2, Juan Aguilar wrote:

Maybe I’m missing something so forgive me if this is obvious, but, given
your netstat output, is Tomcat installed and running?

On Wednesday, January 13, 2016 at 3:13:14 PM UTC-5, GlenS wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403
forbidden error when trying to access url:
mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if
someone can point out where I am going wrong here.

I followed this awesome script
https://github.com/foundeo/ubuntu-nginx-lucee which I adapted a little
for installing on debian 8.2 x64. When I get to the end of the script I get
the success statement and I can view my site page but when I try access
mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I
hope I am not being too long winded with the details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

*My ports output: *

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 904/sshd

tcp6 0 0 :::22 :::*
LISTEN 904/sshd

Maybe I’m missing something so forgive me if this is obvious, but, given
your netstat output, is Tomcat installed and running?On Wednesday, January 13, 2016 at 3:13:14 PM UTC-5, GlenS wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403
forbidden error when trying to access url:
mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if
someone can point out where I am going wrong here.

I followed this awesome script
https://github.com/foundeo/ubuntu-nginx-lucee which I adapted a little
for installing on debian 8.2 x64. When I get to the end of the script I get
the success statement and I can view my site page but when I try access
mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I
hope I am not being too long winded with the details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

*My ports output: *

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 904/sshd

tcp6 0 0 :::22 :::*
LISTEN 904/sshd

NGINX runs under the user account “nginx” so, based on the permissions you’re setting in the script below you may need to add the “nginx” user to the group “www-data” (that’s the group you’re setting ownership of the web root to) to ensure permissions for non-proxy access from NGINX:

usermod -a -G www-data nginx
Looking at Pete’s lucee.conf file in the repo you linked below, though the /lucee path is IP restricted. Does your IP match that IP (he has 10.0.0.10 as the IP in his file)?

https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/etc/nginx/lucee.conf On January 13, 2016 at 3:13:18 PM, @brandexpedia (@brandexpedia) wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403 forbidden error when trying to access url: mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if someone can point out where I am going wrong here.

I followed this awesome script https://github.com/foundeo/ubuntu-nginx-lucee which I adapted a little for installing on debian 8.2 x64. When I get to the end of the script I get the success statement and I can view my site page but when I try access mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I hope I am not being too long winded with the details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

My ports output:

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd

tcp6 0 0 :::22 :::* LISTEN 904/sshd

My configs and changes as follows,

./install.sh config

#!/bin/bash

#configuration options
export LUCEE_VERSION=“4.5.2.018”
export JVM_MAX_HEAP_SIZE=“512m”
export JVM_FILE=“server-jre-8u66-linux-x64.gz”
export JVM_VERSION=“1.8.0_66”

File changes to 100-ubuntu-update.sh adapted for debian 8.2 x64

#!/bin/bash

echo “Updating Debian Software”
aptitude update
aptitude upgrade -y

aptitude remove apt-listchanges
aptitude install curl -y

aptitude install unzip -y
aptitude install git -y

500-nginx.sh changes

#!/bin/bash
web_root="/web"

echo “Installing nginx”
aptitude install nginx -y
echo “Adding lucee nginx configuration files”
cp etc/nginx/conf.d/lucee-global.conf /etc/nginx/conf.d/lucee-global.conf
cp etc/nginx/lucee.conf /etc/nginx/lucee.conf
cp etc/nginx/lucee-proxy.conf /etc/nginx/lucee-proxy.conf

echo “Configuring modcfml shared secret in nginx”
shared_secret=cat /opt/lucee/modcfml-shared-key.txt
sed -i “s/SHARED-KEY-HERE/$shared_secret/g” /etc/nginx/lucee-proxy.conf

echo "Creating web root and default sites here: " $web_root
mkdir $web_root
mkdir $web_root/mydomain.co.za
mkdir $web_root/mydomain.co.za/wwwroot

echo “Creating a default index.html”
echo “<!doctype html>

CFML Webroot…

” > $web_root/mydomain.co.za/wwwroot/index.html

#add tomcat7 to www-data group so it can read files
usermod -aG www-data tomcat7

#set the web directory permissions
chown -R root:www-data $web_root
chmod -R 750 $web_root

echo “Adding Default and Example Site to nginx”
cp etc/nginx/sites-available/*.conf /etc/nginx/sites-available/
echo “Removing nginx default site”
rm /etc/nginx/sites-enabled/default
echo “Adding our default site”
ln -s /etc/nginx/sites-available/mydomain.co.za.conf /etc/nginx/sites-enabled/mydomain.co.za.conf

service nginx restart

changes to /etc/hosts

178.62.29.247 mydomain.co.za www.mydomain.co.za

changes to /etc/nginx/lucee.conf

#block the lucee-context except for certain ip

location ~* /lucee/ {

    # Add my domain

    allow 178.62.29.247;

    deny all;

    include lucee-proxy.conf;

}

Sites directory structure

sites-available/

/default

/mydomain.co.za.conf

Changes to mydomain.co.za.conf

server {

listen 80 default_server;

root /web/mydomain.co.za/wwwroot/;

server_name mydomain.co.za www.mydomain.co.za;

Mod_cfml (Lucee) specific: add a unique ID for this server block.

For more info, see http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/

set $lucee_context “mydomain.co.za”;

include lucee.conf;

}

I think the problem is either an empty directory root mapping and I do not know lucee well enough to know why or how the folder structure works yet. Or it is a permissions and ownership issue.

Any help here will be greatly appreciated, I have spent many hours on this and the solution is probably simple, I hope!!!


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jordan Michaels helps to maintain several excellent Lucee installers bundled with Tomcat, which can be found in the Lucee downloads section:

http://lucee.org/downloads.html

9 times out of 10, those will do everything you need to do. Here’s what I would suggest to make it easier with what you currently have in place:

Install Apache, and then elect to install the connectors during the Lucee installation script. Then uninstall Apache. You just need it so the installer can set up mod_cfml shared keys - otherwise it won’t add the keys to the mod_cfml valve configuration.

The NGINX proxy configuration to Lucee you already have in place should work with the installers, by simply changing the key to the new mod_cfml key, though I haven’t verified this - as of yet. With the installer, Tomcat is located in /opt/lucee/tomcat and you can grab the shared key from the mod_cfml valve configuration in /opt/lucee/tomcat/conf/server.xml to match up in /etc/nginx/lucee-proxy.conf

If you still have trouble getting mod_cfml up and running you can also just do a direct HTTP proxy to port 8888 from NGINX and configure your web context manually, which works fine too if you don’t mind setting up a new web context context configuration for each app. This is how NGINX/Lucee servers were set up before recent mod_cfml updates, which made it fully compatible with NGINX.

In your nginx.conf add the upstream inside the the http{} config (and use some of the excellent security config blocks that are in your existing install) without :

#upstream configuration - may be used to configure additional servers and options for load balancing
upstream lucee {
server 127.0.0.1:8888;
}
Then add the following inside your server config:

#Proxy all CFML to Lucee
location ~ .(cfm|cfml|cfc)(.*)$ {
proxy_pass $scheme://lucee;
proxy_cache_bypass $no_cache;
proxy_http_version 1.1;
proxy_set_header Connection “”;

proxy_set_header    Host                $host;
proxy_set_header    X-Forwarded-Host    $host;
proxy_set_header    X-Forwarded-Server  $host;
proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;     ## CGI.REMOTE_ADDR
proxy_set_header    X-Forwarded-Proto   $scheme;                   ## CGI.SERVER_PORT_SECURE
proxy_set_header    X-Real-IP           $remote_addr;

#everything below is optional and is for tuning:
expires epoch;

client_max_body_size    32m;
client_body_buffer_size 800k;
proxy_connect_timeout   900;
proxy_send_timeout      900;
proxy_read_timeout     900;
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;

}

#let NGINX handle static files
location ~* ^.+.(jpe?g|jpg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|avi|mp3|ttf|woff)$
{
root /web;
expires 30d;
}On January 13, 2016 at 9:25:09 PM, GlenS (@brandexpedia) wrote:
Hi Jon,

Thank you, I followed your advise with the following process:

I checked for directory /opt/lucee/jvm
I ran $ chown -R root:root /opt/lucee/jvm && chmod -R 755 /opt/lucee/jvm
I removed symlink at $ rm /opt/lucee/jvm/current
I linked files again $ ln -s /opt/lucee/jvm/jdk1.8.0_66 /opt/lucee/jvm/current

I restarted Tomcat7 $ service tomcat7 restart
I restarted Nginx $ service nginx restart

I tested for 8080 port $ netstat -ntlp and have ports listing on 8080 for tomcat now.

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:34140 0.0.0.0:* LISTEN 462/rpc.statd

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 939/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 451/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1200/nginx -g daemo

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1108/sshd

tcp6 0 0 :::111 :::* LISTEN 451/rpcbind

tcp6 0 0 :::8080 :::* LISTEN 1243/java

tcp6 0 0 :::22 :::* LISTEN 1108/sshd

tcp6 0 0 :::37976 :::* LISTEN 462/rpc.statd

I ran $ service tomcat7 status and got success message.

I ran $ service nginx restart and got success message

I believe that Tomcat is up and working, however I am now getting a 504 gateway timeout. I am going to re-install lucee and see if this helps.

You mentioned you always installed Lucee using the installers. Not having much experience with Lucee setup is there another method that you may recommend?

On Thursday, 14 January 2016 01:53:07 UTC+2, Jon Clausen wrote:
Excellent. You’ve solved the 403. Your bad gateway is because Tomcat isn’t running, as referenced in your preceding email. Frankly, I’ve always installed Lucee using the installers so Pete’s installation method is unfamiliar to me. Looking your startup error at his scripts and docs, it looks like the JVM installation wasn’t successful. I would suggest running the “400-jvm.sh” script (https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/scripts/400-jvm.sh ) manually again. That should extract it to the /opt/lucee/jvm/current directory.

On January 13, 2016 at 6:34:08 PM, GlenS (te...@brandexpedia.com) wrote:

Hi Jon, thanks when I add my ip address as in my outbound ip address not my server ip, I then get a 502 Bad Gateway response.

lucee.conf looks like this
#block the lucee-context except for certain ip

location ~* /lucee/ {

    allow 123.56.789.111;

    deny all;

    include lucee-proxy.conf;

}

Checking my /var/log/nginx/error.log shows:

2016/01/13 18:07:37 [error] 26790#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 123.56.789.111, server: mydomain.co.za, request: "GE$

2016/01/13 18:10:11 [error] 26805#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 123.56.789.111, server: mydomain.co.za, request: "GE$

On Thursday, 14 January 2016 00:53:46 UTC+2, Jon Clausen wrote:
Right, you’re getting the 403 because your config is disallowing access to the admin from any IP except 10.0.0.10.

You’ll need to add your IP or comment out that location block to gain access to the admin.

[Note: Typo assistance courtesy of iPhone]

On Jan 13, 2016, at 5:11 PM, GlenS te...@brandexpedia.com wrote:

Hi Jon,

My /etc/nginx/lucee.cnf looks as follows:

#block the lucee-context except for certain ip

location ~* /lucee/ {

    allow 10.0.0.10;

    deny all;

    include lucee-proxy.conf;

}

And I added nginx as a user and then added to the group www-data and restarted nginx. No change in 403 error.

On Wednesday, 13 January 2016 23:04:35 UTC+2, Jon Clausen wrote:
NGINX runs under the user account “nginx” so, based on the permissions you’re setting in the script below you may need to add the “nginx” user to the group “www-data” (that’s the group you’re setting ownership of the web root to) to ensure permissions for non-proxy access from NGINX:

usermod -a -G www-data nginx

Looking at Pete’s lucee.conf file in the repo you linked below, though the /lucee path is IP restricted. Does your IP match that IP (he has 10.0.0.10 as the IP in his file)?

On January 13, 2016 at 3:13:18 PM, te...@brandexpedia.com (te...@brandexpedia.com) wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403 forbidden error when trying to access url: mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if someone can point out where I am going wrong here.

I followed this awesome script https://github.com/foundeo/ubuntu-nginx-lucee which I adapted a little for installing on debian 8.2 x64. When I get to the end of the script I get the success statement and I can view my site page but when I try access mydomain.co.za /lucee/admin/server.cfm I get a 403 forbidden error. I hope I am not being too long winded with the details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

My ports output:

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd

tcp6 0 0 :::22 :::* LISTEN 904/sshd

My configs and changes as follows,

./install.sh config

#!/bin/bash

#configuration options
export LUCEE_VERSION=“4.5.2.018”
export JVM_MAX_HEAP_SIZE=“512m”
export JVM_FILE=“server-jre-8u66-linux-x64.gz”
export JVM_VERSION=“1.8.0_66”

File changes to 100-ubuntu-update.sh adapted for debian 8.2 x64

#!/bin/bash

echo “Updating Debian Software”
aptitude update
aptitude upgrade -y

aptitude remove apt-listchanges
aptitude install curl -y

aptitude install unzip -y
aptitude install git -y

500-nginx.sh changes

#!/bin/bash
web_root="/web"

echo “Installing nginx”
aptitude install nginx -y
echo “Adding lucee nginx configuration files”
cp etc/nginx/conf.d/lucee-global.conf /etc/nginx/conf.d/lucee-global.conf
cp etc/nginx/lucee.conf /etc/nginx/lucee.conf
cp etc/nginx/lucee-proxy.conf /etc/nginx/lucee-proxy.conf

echo “Configuring modcfml shared secret in nginx”
shared_secret=cat /opt/lucee/modcfml-shared-key.txt
sed -i “s/SHARED-KEY-HERE/$shared_secret/g” /etc/nginx/lucee-proxy.conf

echo "Creating web root and default sites here: " $web_root
mkdir $web_root
mkdir $web_root/mydomain.co.za
mkdir $web_root/mydomain.co.za/wwwroot

echo “Creating a default index.html”
echo “<!doctype html>

CFML Webroot…

” > $web_root/mydomain.co.za/wwwroot/index.html

#add tomcat7 to www-data group so it can read files
usermod -aG www-data tomcat7

#set the web directory permissions
chown -R root:www-data $web_root
chmod -R 750 $web_root

echo “Adding Default and Example Site to nginx”
cp etc/nginx/sites-available/*.conf /etc/nginx/sites-available/
echo “Removing nginx default site”
rm /etc/nginx/sites-enabled/default
echo “Adding our default site”
ln -s /etc/nginx/sites-available/mydomain.co.za.conf /etc/nginx/sites-enabled/mydomain.co.za.conf

service nginx restart

changes to /etc/hosts

178.62.29.247 mydomain.co.za www.mydomain.co.za

changes to /etc/nginx/lucee.conf

#block the lucee-context except for certain ip

location ~* /lucee/ {

    # Add my domain

    allow 178.62.29.247;

    deny all;

    include lucee-proxy.conf;

}

Sites directory structure

sites-available/

/default

/mydomain.co.za.conf

Changes to mydomain.co.za.conf

server {

listen 80 default_server;

root /web/mydomain.co.za/wwwroot/;

server_name mydomain.co.za www.mydomain.co.za;

Mod_cfml (Lucee) specific: add a unique ID for this server block.

For more info, see http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/

set $lucee_context “mydomain.co.za”;

include lucee.conf;

}

I think the problem is either an empty directory root mapping and I do not know lucee well enough to know why or how the folder structure works yet. Or it is a permissions and ownership issue.

Any help here will be greatly appreciated, I have spent many hours on this and the solution is probably simple, I hope!!!


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/231c614b-f3c4-4264-b4d7-23541903b5af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/0a870562-567e-446d-a924-1edd42ae2cf1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8dca3859-4c6f-4860-bf44-8c5d241eb1e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks Jon, thank you to you, Nando, and Juan for your support. I will work
through your recommendations and share back the details. Best regards GlenOn Thursday, 14 January 2016 06:01:54 UTC+2, Jon Clausen wrote:

Jordan Michaels helps to maintain several excellent Lucee installers
bundled with Tomcat, which can be found in the Lucee downloads section:

http://lucee.org/downloads.html

9 times out of 10, those will do everything you need to do. Here’s what I
would suggest to make it easier with what you currently have in place:

Install Apache, and then elect to install the connectors during the Lucee
installation script. Then uninstall Apache. You just need it so the
installer can set up mod_cfml shared keys - otherwise it won’t add the keys
to the mod_cfml valve configuration.

The NGINX proxy configuration to Lucee you already have in place should
work with the installers, by simply changing the key to the new mod_cfml
key, though I haven’t verified this - as of yet. With the installer, Tomcat
is located in /opt/lucee/tomcat and you can grab the shared key from the
mod_cfml valve configuration in /opt/lucee/tomcat/conf/server.xml to match
up in /etc/nginx/lucee-proxy.conf

If you still have trouble getting mod_cfml up and running you can also
just do a direct HTTP proxy to port 8888 from NGINX and configure your web
context manually, which works fine too if you don’t mind setting up a new
web context context configuration for each app. This is how NGINX/Lucee
servers were set up before recent mod_cfml updates, which made it fully
compatible with NGINX.

In your nginx.conf add the upstream inside the the http{} config (and use
some of the excellent security config blocks that are in your existing
install) without :

#upstream configuration - may be used to configure additional servers and options for load balancing
upstream lucee {
server 127.0.0.1:8888;
}

Then add the following inside your server config:

#Proxy all CFML to Lucee
location ~ .(cfm|cfml|cfc)(.*)$ {
proxy_pass $scheme://lucee;
proxy_cache_bypass $no_cache;
proxy_http_version 1.1;
proxy_set_header Connection “”;

proxy_set_header    Host                $host;
proxy_set_header    X-Forwarded-Host    $host;
proxy_set_header    X-Forwarded-Server  $host;
proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;     ## CGI.REMOTE_ADDR
proxy_set_header    X-Forwarded-Proto   $scheme;                   ## CGI.SERVER_PORT_SECURE
proxy_set_header    X-Real-IP           $remote_addr;

#everything below is optional and is for tuning:
expires epoch;

client_max_body_size    32m;
client_body_buffer_size 800k;
proxy_connect_timeout   900;
proxy_send_timeout      900;
proxy_read_timeout     900;
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;

}

#let NGINX handle static files
location ~* ^.+.(jpe?g|jpg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|avi|mp3|ttf|woff)$
{
root /web;
expires 30d;
}

On January 13, 2016 at 9:25:09 PM, GlenS (te...@brandexpedia.com <javascript:>) wrote:

Hi Jon,

Thank you, I followed your advise with the following process:

I checked for directory /opt/lucee/jvm
I ran $ chown -R root:root /opt/lucee/jvm && chmod -R 755 /opt/lucee/jvm
I removed symlink at $ rm /opt/lucee/jvm/current
I linked files again $ ln -s /opt/lucee/jvm/jdk1.8.0_66
/opt/lucee/jvm/current

I restarted Tomcat7 $ service tomcat7 restart
I restarted Nginx $ service nginx restart

I tested for 8080 port $ netstat -ntlp and have ports listing on 8080 for
tomcat now.

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name

tcp 0 0 0.0.0.0:34140 0.0.0.0:*
LISTEN 462/rpc.statd

tcp 0 0 127.0.0.1:3306 0.0.0.0:*
LISTEN 939/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 451/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 1200/nginx -g daemo

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1108/sshd

tcp6 0 0 :::111 :::*
LISTEN 451/rpcbind

tcp6 0 0 :::8080 :::
LISTEN 1243/java *

tcp6 0 0 :::22 :::*
LISTEN 1108/sshd

tcp6 0 0 :::37976 :::*
LISTEN 462/rpc.statd

I ran $ service tomcat7 status and got success message.

I ran $ service nginx restart and got success message

I believe that Tomcat is up and working, however I am now getting a 504
gateway timeout. I am going to re-install lucee and see if this helps.

You mentioned you always installed Lucee using the installers. Not having
much experience with Lucee setup is there another method that you may
recommend?

On Thursday, 14 January 2016 01:53:07 UTC+2, Jon Clausen wrote:

Excellent. You’ve solved the 403. Your bad gateway is because Tomcat
isn’t running, as referenced in your preceding email. Frankly, I’ve always
installed Lucee using the installers so Pete’s installation method is
unfamiliar to me. Looking your startup error at his scripts and docs, it
looks like the JVM installation wasn’t successful. I would suggest running
the “400-jvm.sh” script (
https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/scripts/400-jvm.sh ) manually
again. That should extract it to the /opt/lucee/jvm/current directory.

On January 13, 2016 at 6:34:08 PM, GlenS (te...@brandexpedia.com) wrote:

Hi Jon, thanks when I add my ip address as in my outbound ip address not
my server ip, I then get a 502 Bad Gateway response.

lucee.conf looks like this

#block the lucee-context except for certain ip

location ~* /lucee/ {

    allow 123.56.789.111;

    deny all;

    include lucee-proxy.conf;

}

Checking my /var/log/nginx/error.log shows:

2016/01/13 18:07:37 [error] 26790#0: *1 connect() failed (111: Connection
refused) while connecting to upstream, client: 123.56.789.111, server:
mydomain.co.za, request: "GE$

2016/01/13 18:10:11 [error] 26805#0: *1 connect() failed (111: Connection
refused) while connecting to upstream, client: 123.56.789.111, server:
mydomain.co.za, request: "GE$

On Thursday, 14 January 2016 00:53:46 UTC+2, Jon Clausen wrote:

Right, you’re getting the 403 because your config is disallowing access
to the admin from any IP except 10.0.0.10.

You’ll need to add your IP or comment out that location block to gain
access to the admin.

[Note: Typo assistance courtesy of iPhone]

On Jan 13, 2016, at 5:11 PM, GlenS te...@brandexpedia.com wrote:

Hi Jon,

My /etc/nginx/lucee.cnf looks as follows:

#block the lucee-context except for certain ip

location ~* /lucee/ {

    allow 10.0.0.10;

    deny all;

    include lucee-proxy.conf;

}

And I added nginx as a user and then added to the group www-data and
restarted nginx. No change in 403 error.

On Wednesday, 13 January 2016 23:04:35 UTC+2, Jon Clausen wrote:

NGINX runs under the user account “nginx” so, based on the permissions
you’re setting in the script below you may need to add the “nginx” user to
the group “www-data” (that’s the group you’re setting ownership of the web
root to) to ensure permissions for non-proxy access from NGINX:

usermod -a -G www-data nginx

Looking at Pete’s lucee.conf file in the repo you linked below, though
the /lucee path is IP restricted. Does your IP match that IP (he has
10.0.0.10 as the IP in his file)?

https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/etc/nginx/lucee.conf

On January 13, 2016 at 3:13:18 PM, te...@brandexpedia.com ( te...@brandexpedia.com) wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403
forbidden error when trying to access url:
mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if
someone can point out where I am going wrong here.

I followed this awesome script
https://github.com/foundeo/ubuntu-nginx-lucee
https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Ffoundeo%2Fubuntu-nginx-lucee&sa=D&sntz=1&usg=AFQjCNHafEn55F6ZPLee83P8YxYhUeupUQ
which I adapted a little for installing on debian 8.2 x64. When I get to
the end of the script I get the success statement and I can view my site
page but when I try access mydomain.co.za /lucee/admin/server.cfm I
get a 403 forbidden error. I hope I am not being too long winded with the
details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

*My ports output: *

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 904/sshd

tcp6 0 0 :::22 :::*
LISTEN 904/sshd

My configs and changes as follows,

./install.sh config

#!/bin/bash

#configuration options
export LUCEE_VERSION=“4.5.2.018”
export JVM_MAX_HEAP_SIZE=“512m”
export JVM_FILE=“server-jre-8u66-linux-x64.gz”
export JVM_VERSION=“1.8.0_66”

File changes to 100-ubuntu-update.sh adapted for debian 8.2 x64

#!/bin/bash

echo “Updating Debian Software”
aptitude update
aptitude upgrade -y

aptitude remove apt-listchanges
aptitude install curl -y

aptitude install unzip -y
aptitude install git -y

500-nginx.sh changes

#!/bin/bash
web_root="/web"

echo “Installing nginx”
aptitude install nginx -y
echo “Adding lucee nginx configuration files”
cp etc/nginx/conf.d/lucee-global.conf
/etc/nginx/conf.d/lucee-global.conf
cp etc/nginx/lucee.conf /etc/nginx/lucee.conf
cp etc/nginx/lucee-proxy.conf /etc/nginx/lucee-proxy.conf

echo “Configuring modcfml shared secret in nginx”
shared_secret=cat /opt/lucee/modcfml-shared-key.txt
sed -i “s/SHARED-KEY-HERE/$shared_secret/g” /etc/nginx/lucee-proxy.conf

echo "Creating web root and default sites here: " $web_root
mkdir $web_root
mkdir $web_root/mydomain.co.za
mkdir $web_root/mydomain.co.za/wwwroot

echo “Creating a default index.html”
echo “<!doctype html>

CFML
Webroot…

” > $web_root/
mydomain.co.za/wwwroot/index.html

#add tomcat7 to www-data group so it can read files
usermod -aG www-data tomcat7

#set the web directory permissions
chown -R root:www-data $web_root
chmod -R 750 $web_root

echo “Adding Default and Example Site to nginx”
cp etc/nginx/sites-available/*.conf /etc/nginx/sites-available/
echo “Removing nginx default site”
rm /etc/nginx/sites-enabled/default
echo “Adding our default site”
ln -s /etc/nginx/sites-available/mydomain.co.za.conf
/etc/nginx/sites-enabled/mydomain.co.za.conf

service nginx restart

changes to /etc/hosts

178.62.29.247 mydomain.co.za www.mydomain.co.za

changes to /etc/nginx/lucee.conf

#block the lucee-context except for certain ip

location ~* /lucee/ {

    # Add my domain

    allow 178.62.29.247;

    deny all;

    include lucee-proxy.conf;

}

Sites directory structure

sites-available/

/default

/mydomain.co.za.conf

*Changes to mydomain.co.za.conf *

server {

listen 80 default_server;

root /web/mydomain.co.za/wwwroot/;

server_name mydomain.co.za www.mydomain.co.za;

Mod_cfml (Lucee) specific: add a unique ID for this server block.

For more info, see

http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/

set $lucee_context “mydomain.co.za”;

include lucee.conf;

}

I think the problem is either an empty directory root mapping and I do
not know lucee well enough to know why or how the folder structure works
yet. Or it is a permissions and ownership issue.

Any help here will be greatly appreciated, I have spent many hours on
this and the solution is probably simple, I hope!!!


Love Lucee? Become a supporter and be part of the Lucee project today!


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com
https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/231c614b-f3c4-4264-b4d7-23541903b5af%40googlegroups.com
https://groups.google.com/d/msgid/lucee/231c614b-f3c4-4264-b4d7-23541903b5af%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/0a870562-567e-446d-a924-1edd42ae2cf1%40googlegroups.com
https://groups.google.com/d/msgid/lucee/0a870562-567e-446d-a924-1edd42ae2cf1%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/8dca3859-4c6f-4860-bf44-8c5d241eb1e1%40googlegroups.com
https://groups.google.com/d/msgid/lucee/8dca3859-4c6f-4860-bf44-8c5d241eb1e1%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Hi Jon,

Thank you, I followed your advise with the following process:

I checked for directory /opt/lucee/jvm
I ran $ chown -R root:root /opt/lucee/jvm && chmod -R 755 /opt/lucee/jvm
I removed symlink at $ rm /opt/lucee/jvm/current
I linked files again $ ln -s /opt/lucee/jvm/jdk1.8.0_66
/opt/lucee/jvm/current

I restarted Tomcat7 $ service tomcat7 restart
I restarted Nginx $ service nginx restart

I tested for 8080 port $ netstat -ntlp and have ports listing on 8080 for
tomcat now.

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name

tcp 0 0 0.0.0.0:34140 0.0.0.0:* LISTEN
462/rpc.statd

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
939/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
451/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
1200/nginx -g daemo

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1108/sshd

tcp6 0 0 :::111 :::* LISTEN
451/rpcbind

tcp6 0 0 :::8080 :::
LISTEN 1243/java *

tcp6 0 0 :::22 :::* LISTEN
1108/sshd

tcp6 0 0 :::37976 :::* LISTEN
462/rpc.statd

I ran $ service tomcat7 status and got success message.

I ran $ service nginx restart and got success message

I believe that Tomcat is up and working, however I am now getting a 504
gateway timeout. I am going to re-install lucee and see if this helps.

You mentioned you always installed Lucee using the installers. Not having
much experience with Lucee setup is there another method that you may
recommend?On Thursday, 14 January 2016 01:53:07 UTC+2, Jon Clausen wrote:

Excellent. You’ve solved the 403. Your bad gateway is because Tomcat
isn’t running, as referenced in your preceding email. Frankly, I’ve always
installed Lucee using the installers so Pete’s installation method is
unfamiliar to me. Looking your startup error at his scripts and docs, it
looks like the JVM installation wasn’t successful. I would suggest running
the “400-jvm.sh” script (
https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/scripts/400-jvm.sh ) manually
again. That should extract it to the /opt/lucee/jvm/current directory.

On January 13, 2016 at 6:34:08 PM, GlenS (te...@brandexpedia.com <javascript:>) wrote:

Hi Jon, thanks when I add my ip address as in my outbound ip address not
my server ip, I then get a 502 Bad Gateway response.

lucee.conf looks like this

#block the lucee-context except for certain ip

location ~* /lucee/ {

    allow 123.56.789.111;

    deny all;

    include lucee-proxy.conf;

}

Checking my /var/log/nginx/error.log shows:

2016/01/13 18:07:37 [error] 26790#0: *1 connect() failed (111: Connection
refused) while connecting to upstream, client: 123.56.789.111, server:
mydomain.co.za, request: "GE$

2016/01/13 18:10:11 [error] 26805#0: *1 connect() failed (111: Connection
refused) while connecting to upstream, client: 123.56.789.111, server:
mydomain.co.za, request: "GE$

On Thursday, 14 January 2016 00:53:46 UTC+2, Jon Clausen wrote:

Right, you’re getting the 403 because your config is disallowing access
to the admin from any IP except 10.0.0.10.

You’ll need to add your IP or comment out that location block to gain
access to the admin.

[Note: Typo assistance courtesy of iPhone]

On Jan 13, 2016, at 5:11 PM, GlenS te...@brandexpedia.com wrote:

Hi Jon,

My /etc/nginx/lucee.cnf looks as follows:

#block the lucee-context except for certain ip

location ~* /lucee/ {

    allow 10.0.0.10;

    deny all;

    include lucee-proxy.conf;

}

And I added nginx as a user and then added to the group www-data and
restarted nginx. No change in 403 error.

On Wednesday, 13 January 2016 23:04:35 UTC+2, Jon Clausen wrote:

NGINX runs under the user account “nginx” so, based on the permissions
you’re setting in the script below you may need to add the “nginx” user to
the group “www-data” (that’s the group you’re setting ownership of the web
root to) to ensure permissions for non-proxy access from NGINX:

usermod -a -G www-data nginx

Looking at Pete’s lucee.conf file in the repo you linked below, though
the /lucee path is IP restricted. Does your IP match that IP (he has
10.0.0.10 as the IP in his file)?

https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/etc/nginx/lucee.conf

On January 13, 2016 at 3:13:18 PM, te...@brandexpedia.com ( te...@brandexpedia.com) wrote:

Glen here, I am new to Lucee with nginx and I am stuck with a 403
forbidden error when trying to access url:
mydomain.co.za/lucee/admin/server.cfm. I would really appreciate it if
someone can point out where I am going wrong here.

I followed this awesome script
https://github.com/foundeo/ubuntu-nginx-lucee
https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Ffoundeo%2Fubuntu-nginx-lucee&sa=D&sntz=1&usg=AFQjCNHafEn55F6ZPLee83P8YxYhUeupUQ
which I adapted a little for installing on debian 8.2 x64. When I get to
the end of the script I get the success statement and I can view my site
page but when I try access mydomain.co.za /lucee/admin/server.cfm I get
a 403 forbidden error. I hope I am not being too long winded with the
details, but here goes.

When I test nginx I get syntax ok:

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

*My ports output: *

$ netstat -ntlp

tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 8920/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 904/sshd

tcp6 0 0 :::22 :::*
LISTEN 904/sshd

My configs and changes as follows,

./install.sh config

#!/bin/bash

#configuration options
export LUCEE_VERSION=“4.5.2.018”
export JVM_MAX_HEAP_SIZE=“512m”
export JVM_FILE=“server-jre-8u66-linux-x64.gz”
export JVM_VERSION=“1.8.0_66”

File changes to 100-ubuntu-update.sh adapted for debian 8.2 x64

#!/bin/bash

echo “Updating Debian Software”
aptitude update
aptitude upgrade -y

aptitude remove apt-listchanges
aptitude install curl -y

aptitude install unzip -y
aptitude install git -y

500-nginx.sh changes

#!/bin/bash
web_root="/web"

echo “Installing nginx”
aptitude install nginx -y
echo “Adding lucee nginx configuration files”
cp etc/nginx/conf.d/lucee-global.conf /etc/nginx/conf.d/lucee-global.conf
cp etc/nginx/lucee.conf /etc/nginx/lucee.conf
cp etc/nginx/lucee-proxy.conf /etc/nginx/lucee-proxy.conf

echo “Configuring modcfml shared secret in nginx”
shared_secret=cat /opt/lucee/modcfml-shared-key.txt
sed -i “s/SHARED-KEY-HERE/$shared_secret/g” /etc/nginx/lucee-proxy.conf

echo "Creating web root and default sites here: " $web_root
mkdir $web_root
mkdir $web_root/mydomain.co.za
mkdir $web_root/mydomain.co.za/wwwroot

echo “Creating a default index.html”
echo “<!doctype html>

CFML Webroot…

$web_root/mydomain.co.za/wwwroot/index.html

#add tomcat7 to www-data group so it can read files
usermod -aG www-data tomcat7

#set the web directory permissions
chown -R root:www-data $web_root
chmod -R 750 $web_root

echo “Adding Default and Example Site to nginx”
cp etc/nginx/sites-available/*.conf /etc/nginx/sites-available/
echo “Removing nginx default site”
rm /etc/nginx/sites-enabled/default
echo “Adding our default site”
ln -s /etc/nginx/sites-available/mydomain.co.za.conf
/etc/nginx/sites-enabled/mydomain.co.za.conf

service nginx restart

changes to /etc/hosts

178.62.29.247 mydomain.co.za www.mydomain.co.za

changes to /etc/nginx/lucee.conf

#block the lucee-context except for certain ip

location ~* /lucee/ {

    # Add my domain

    allow 178.62.29.247;

    deny all;

    include lucee-proxy.conf;

}

Sites directory structure

sites-available/

/default

/mydomain.co.za.conf

*Changes to mydomain.co.za.conf *

server {

listen 80 default_server;

root /web/mydomain.co.za/wwwroot/;

server_name mydomain.co.za www.mydomain.co.za;

Mod_cfml (Lucee) specific: add a unique ID for this server block.

For more info, see

http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/

set $lucee_context “mydomain.co.za”;

include lucee.conf;

}

I think the problem is either an empty directory root mapping and I do
not know lucee well enough to know why or how the folder structure works
yet. Or it is a permissions and ownership issue.

Any help here will be greatly appreciated, I have spent many hours on
this and the solution is probably simple, I hope!!!


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com
https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/231c614b-f3c4-4264-b4d7-23541903b5af%40googlegroups.com
https://groups.google.com/d/msgid/lucee/231c614b-f3c4-4264-b4d7-23541903b5af%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/0a870562-567e-446d-a924-1edd42ae2cf1%40googlegroups.com
https://groups.google.com/d/msgid/lucee/0a870562-567e-446d-a924-1edd42ae2cf1%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.