Using ssl for web context inside server

Barbara_ONeal · October 14, 2017, 3:54pm

I have an issue getting to the Lucee Web Context inside the server in Chrome or Firefox.

First for the Server

We are on Windows 2008 Standard
Sites are run on IIS
These are Loadbalanced servers
Lucee 4.5.5.011 final

The way we set up Lucee for sites is each context is in a different directory on a different drive. I have a host file set up to be able to browse to the site from within the server.

Typically to get to the context admin I would put in:
http://www.thesitename.com:8805/lucee/admin/web.cfm

The 8805 changes depending on which instance of Lucee the site is running on.

However, due to recent changes to the way browser handle SSL settings if I have gone to just the main site like
https://www.thesitename.com if I ever just try going back to http using the 8805 port I can’t connect due to the ssl settings.

Is there a way in the boncode connector or anywhere else to set the ssl connection?

Due to our PCI and security settings the Lucee Context files are never stored in the site directory. They are stored in a different directory to prevent issues and connection outside the server is never allowed.

In the server.xml file I have this setup

<Connector port="8805" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

So in the connector port 8443 I see that I could turn it on however, can I change that port for each server instance. Also we cannot run OpenSSL due to PCI.

In the web.xml I have this setting

<init-param>
      <param-name>lucee-web-directory</param-name>
      <param-value>E:\Lucee05-Web-INF/{web-context-label}/</param-value>
      <description>Lucee Web Directory directory</description>
 </init-param>

I guess I am asking does anyone have a way for me to get to the context for each site when ssl is a required setting or a way to bypass the ssl from inside the server?

I hope this makes sense it is rather hard to explain.

Thank you,
Barbara

kabutotx · October 14, 2017, 4:49pm

Server 2008 or 2008R2? I wouldn’t really run a secure site on either. 2008 finally got an update for TLS1.2 but there is other stuff non-compliant about it without a lot of work.
Why not OpenSSL? I have been running Apache/OpenSSL on a PCI compliant site for may years.