we have installed on an Ubuntu 20.04 LTS server Virtualmin / Apache 2.4 with the Lucee installer and mod_cfml. So far Lucee is running.
Unfortunately it is not possible to redirect a page to SSL via .htaccess and force it.
I have already found some posts about this and from my point of view not so nice solution in use. I have stored the redirect rule in the vHost entry.
With this solution we still don’t get correct values for the variable cgi.server_port_secure, cgi.server_port and cgi.request_url.
All of them indicate that SSL is not used.
Is there not a more elegant solution? Partly I have read that mod_cfml is the problem. Is there an alternative way and what would I have to do? Maybe someon give us payed support in this.
I don’t think I’m alone with this problem
Don’t forget to tell us about your stack!
OS: Ubuntu 20.04 LTS
Lucee Version: 184.108.40.206
I’,m very short of time to give you more detailed answers, but this should help a little bit. Here some hints:
No, I don’t think mod_cfml is the problem. Mod_cfml just creates contexts in Tomcat for you it identifies a cfm request coming from apache2 to an non-existent tomcat-context. That has nothing to do with the connection between apache2 and tomcat: that is done by reverse proxy or ajp.
That shouldn’t also be a problem. Do you have any settings or debug log information from apache2 to show?
You may need to set Tomcat and apache2 to communicate to pass that information to Tomcat. With reverse_proxy you need to add headers to the request ( X-Forwarded-Proto “https” and X-Forwarded-Port “443” ) with mod_headers enabled in apache, and add the RemoteIpValve to the host context in Tomcat server.xml ( see https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve).
Easiest is to use AJP with the following steps (please excuse, I usually test everything first before posting here, but I don’t have time to do so at the moment):
- Backup everything, so you can rollback everytime
- Enable AJP module in Apache2:
$ sudo a2enmod proxy_ajp
- Use the following settings as proxy_pass setting:
ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://127.0.0.1:8009/$1$2
ProxyPassMatch ^/(.+\.cfml)(/.*)?$ ajp://127.0.0.1:8009/$1$2
# optional mappings as AJP
# ProxyPassMatch ^/flex2gateway/(.*)$ ajp://127.0.0.1:8009/flex2gateway/$1
# ProxyPassMatch ^/messagebroker/(.*)$ ajp://127.0.0.1:8009/messagebroker/$1
# ProxyPassMatch ^/flashservices/gateway(.*)$ ajp://127.0.0.1:8009/flashservices/gateway$1
# ProxyPassMatch ^/openamf/gateway/(.*)$ ajp://127.0.0.1:8009/openamf/gateway/$1
# ProxyPassMatch ^/rest/(.*)$ ajp://127.0.0.1:8009/rest/$1
# AJP ProxyPassReverse
ProxyPassReverse / ajp://127.0.0.1:8009/
- Make sure AJP connector with port=“8009” is active in Tomcats server.xml, if not you may need to activate it (deactivate secret if not needed with secretRequired=“false” )
Restart and reload apache2 and restart Tomcat as well.
thank you for your support.
I tried and now the CGI variables shows the correct values.
I still use http and not ajp. For using with ajp I had to delete the secret attribute and set secretRequired to false. After that I got a 403.
What still does not work is a redirect to SSL. That only works in the vHost. I would prefer control it in the htaccess, but i did not find a solution yet. So for the moment i will use the vHost redirect.
You are more than welcome!!!
You need to set also the attribute secretRequired=“false” of your ajp connector in /opt/lucee/tomcat/conf/server.xml: That is the connector that uses port=“8009”. Simply search the server.xml for the string 8009 and you’ll get right to the connector settings. Make sure you are setting the attribute on the right connector
I think in apache .htaccess is disabled by default. See this instructions to enable it.
Good luck and happy Lucee coding!