Ubuntu / Apache 2.4 / Lucee 5.3.x / SSL redirect

Hello,
we have installed on an Ubuntu 20.04 LTS server Virtualmin / Apache 2.4 with the Lucee installer and mod_cfml. So far Lucee is running.

Unfortunately it is not possible to redirect a page to SSL via .htaccess and force it.
I have already found some posts about this and from my point of view not so nice solution in use. I have stored the redirect rule in the vHost entry.
With this solution we still don’t get correct values for the variable cgi.server_port_secure, cgi.server_port and cgi.request_url.
All of them indicate that SSL is not used.

Is there not a more elegant solution? Partly I have read that mod_cfml is the problem. Is there an alternative way and what would I have to do? Maybe someon give us payed support in this.

I don’t think I’m alone with this problem

Don’t forget to tell us about your stack!

OS: Ubuntu 20.04 LTS
Lucee Version: 5.3.8.206

I’,m very short of time to give you more detailed answers, but this should help a little bit. Here some hints:

No, I don’t think mod_cfml is the problem. Mod_cfml just creates contexts in Tomcat for you it identifies a cfm request coming from apache2 to an non-existent tomcat-context. That has nothing to do with the connection between apache2 and tomcat: that is done by reverse proxy or ajp.

That shouldn’t also be a problem. Do you have any settings or debug log information from apache2 to show?

You may need to set Tomcat and apache2 to communicate to pass that information to Tomcat. With reverse_proxy you need to add headers to the request ( X-Forwarded-Proto “https” and X-Forwarded-Port “443” ) with mod_headers enabled in apache, and add the RemoteIpValve to the host context in Tomcat server.xml ( see https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve).

Easiest is to use AJP with the following steps (please excuse, I usually test everything first before posting here, but I don’t have time to do so at the moment):

1. Backup everything, so you can rollback everytime
2. Enable AJP module in Apache2:
   $ sudo a2enmod proxy_ajp
3. Use the following settings as proxy_pass setting:

<IfModule mod_proxy.c>
		ProxyPreserveHost On
		ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://127.0.0.1:8009/$1$2
		ProxyPassMatch ^/(.+\.cfml)(/.*)?$ ajp://127.0.0.1:8009/$1$2
		# optional mappings as AJP
		# ProxyPassMatch ^/flex2gateway/(.*)$ ajp://127.0.0.1:8009/flex2gateway/$1
		# ProxyPassMatch ^/messagebroker/(.*)$ ajp://127.0.0.1:8009/messagebroker/$1
		# ProxyPassMatch ^/flashservices/gateway(.*)$ ajp://127.0.0.1:8009/flashservices/gateway$1
		# ProxyPassMatch ^/openamf/gateway/(.*)$ ajp://127.0.0.1:8009/openamf/gateway/$1
		# ProxyPassMatch ^/rest/(.*)$ ajp://127.0.0.1:8009/rest/$1
		# AJP	ProxyPassReverse
		ProxyPassReverse / ajp://127.0.0.1:8009/
	</IfModule>

4. Make sure AJP connector with port=“8009” is active in Tomcats server.xml, if not you may need to activate it (deactivate secret if not needed with secretRequired=“false” )

Restart and reload apache2 and restart Tomcat as well.

Hi Andreas,
thank you for your support.
I tried and now the CGI variables shows the correct values.
I still use http and not ajp. For using with ajp I had to delete the secret attribute and set secretRequired to false. After that I got a 403.

What still does not work is a redirect to SSL. That only works in the vHost. I would prefer control it in the htaccess, but i did not find a solution yet. So for the moment i will use the vHost redirect.

Thanks!

You are more than welcome!!!

You need to set also the attribute secretRequired=“false” of your ajp connector in /opt/lucee/tomcat/conf/server.xml: That is the connector that uses port=“8009”. Simply search the server.xml for the string 8009 and you’ll get right to the connector settings. Make sure you are setting the attribute on the right connector

I think in apache .htaccess is disabled by default. See this instructions to enable it.

Good luck and happy Lucee coding!