404 from Nginx with Lucee

285 views
Skip to first unread message

Andy Jarrett

unread,
May 23, 2016, 6:36:34 AM5/23/16
to Lucee
Hi all

Stuck on a setup issue after I have installed Lucee and Nginx using Pete Freitag's script. I can browse to http://example.com/index.cfm and everything works fine. 

I then added my FW/1 app and tried going to a few routes and Nginx is throwing 404 messages. I've tried http://example.com/security and http://example.com/index.cfm/security are both the same.  I've had a google looking at issues relating to CGI.PATH_INFO and Rewrite rules but the Pete's script covers these already.

When I look in the logs this is what I see when I try different combinations of the same route:


2016/05/23 10:34:12 [error] 10363#10363: *9 open() "/var/www/example.com/www/security" failed (2: No such file or directory), client: 82.17.13.119, server: example.com, request: "GET /security HTTP/1.1", host: "example.com"

2016/05/23 10:34:20 [error] 10363#10363: *9 open() "/var/www/example.com/www/index.cfm/security" failed (20: Not a directory), client: 82.17.13.119, server: example.com, request: "GET /index.cfm/security HTTP/1.1", host: "example.com"

2016/05/23 10:34:23 [error] 10363#10363: *9 "/var/www/example.com/www/index.cfm/security/index.html" is not found (20: Not a directory), client: 82.17.13.119, server: example.com, request: "GET /index.cfm/security/ HTTP/1.1", host: "example.com"

Any help appreciated.

Andy J

Nando Breiter

unread,
May 23, 2016, 7:39:55 AM5/23/16
to lu...@googlegroups.com
You say that Pete's script already "covers" rewrite rules for Nginx / FW/1? Can you be more explicit regarding the rewrite rules you've included in your Nginx config?

There's some information about rewriting urls for FW/1 here: https://github.com/framework-one/fw1/wiki/Helpful-Links





Aria Media Sagl
+41 (0)76 303 4477 cell
skype: ariamedia

--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/f76fb15c-d9b3-461a-b3d4-8bc2a1150b8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Andy Jarrett

unread,
May 23, 2016, 8:16:39 AM5/23/16
to Lucee
Ok, looking at this a bit more and I got confused - A quick update and I am now getting a 500 error which looks like its a problem with the Nginx rewrite. 

I've added 

location / {
  try_files $uri $uri/ @rewrites;
}

location @rewrites {
  # Can put some of your own rewrite rules in here
  # for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last;
  rewrite ^/(.*)? /index.cfm/$1 last;
  rewrite ^ /index.cfm last;
}

And I now get 

2016/05/23 13:07:44 [error] 3054#0: *2 rewrite or internal redirection cycle while redirect to named location "@rewrites", client: 172.16.20.1, server: example.com, request: "GET /security HTTP/1.1", host: "example.com"
2016/05/23 13:11:10 [error] 3054#0: *4 rewrite or internal redirection cycle while redirect to named location "@rewrites", client: 172.16.20.1, server: example.com, request: "GET /index.cfm/security HTTP/1.1", host: "example.com"


hmmmm ... still confused by this one.

Nando Breiter

unread,
May 23, 2016, 8:24:45 AM5/23/16
to lu...@googlegroups.com
There's an FW/1 google group - may be better for this question. 



Aria Media Sagl
+41 (0)76 303 4477 cell
skype: ariamedia

Jon Clausen

unread,
May 23, 2016, 8:44:51 AM5/23/16
to lu...@googlegroups.com

Andy,

I had some similar issues when setting up a Docker composition with Lucee/NGINX. A few tweaks to the regex Andy wrote (specifically the preceeding slash in the index.cfm rewrite directive), resolved the issue:

    location / {
         # First attempt to serve real files or directory, else it sends it to the @rewrite location for processing
         try_files $uri $uri/ @rewrite;
    }

    location @rewrite {
      rewrite ^(.*)? /index.cfm$uri last;
      rewrite ^ /index.cfm last;
    }

Andy Jarrett

unread,
May 23, 2016, 8:52:53 AM5/23/16
to Lucee
Cheers Jon

Thats not worked ... I can't help but feel I've missed a step or something. 

This is the host setup (after copying your example) and I still get the same error. 

server {
  listen 80;
  server_name example.com;
  root /var/www/ufoundmytag/www/;
  set $lucee_context "example.com";

  location / {
       # First attempt to serve real files or directory, else it sends it to the @rewrite location for processing
       try_files $uri $uri/ @rewrite;
  }

  location @rewrite {
    rewrite ^(.*)? /index.cfm$uri last;
    rewrite ^ /index.cfm last;
  }


  include lucee.conf;
}

Argh!

Jon Clausen

unread,
May 23, 2016, 9:04:31 AM5/23/16
to lu...@googlegroups.com

Jon Clausen

unread,
May 23, 2016, 9:06:07 AM5/23/16
to lu...@googlegroups.com

Oops. Hit send on that last empty response by mistake? Is your Lucee port correct? My install uses 8888 (from lucee.conf):

location ~ \.(cfm|cfml|cfc|jsp)(.*)$ {

    proxy_pass http://luceehost:8888;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 600;

}

Andy Jarrett

unread,
May 23, 2016, 9:13:36 AM5/23/16
to lu...@googlegroups.com
Just checked my server.xml and 8080 is correct.

    <Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    URIEncoding="UTF-8"
    redirectPort="8443" />

Back to the drawing board :(

You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/gUt7jedl-Sk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.

To post to this group, send email to lu...@googlegroups.com.

John Berquist

unread,
May 23, 2016, 9:30:21 AM5/23/16
to Lucee
I have used constructs such as others are suggesting as well so I am not sure this will help. But I have used

location @rewrites {
        rewrite
^(.*)$ /index.cfm$1 last;
}

in the past, so you might try that as it is slightly different. Also, I now skip the rewrite location and do the following:

location / {
        try_files $uri $uri
/ /index.cfm$request_uri;
}

so maybe you could try that as well.

Hope you figure it out.

John

Andy Jarrett

unread,
May 23, 2016, 10:25:08 AM5/23/16
to Lucee
Hey Guys

So, this was my lucee-proxy.conf that was setup when I used Pete's installer and TBH i've tried to stay away from touching it

#include standard proxy headers
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#populate the cgi.https variable with on or off based on map condition which must be specified in a http {} block
proxy_set_header https $cgi_https;

#add headers for mod_cfml to do its work
proxy_set_header X-Tomcat-DocRoot $document_root;
proxy_set_header X-ModCFML-SharedKey vfV1yfu7SXpiLozh77tQq6JEU1lUyOFZCRy8KnxnQoGGoS9o23aV5Mu;
if ($lucee_context = false) {
        set $lucee_context $document_root;
}
proxy_set_header X-Webserver-Context $lucee_context;

set $pathinfo "";
# if the extension .cfm or .cfc is found, followed by a slash and optional extra
if ($uri ~ "^(.+?\.cf[mc])(/.*)") {
    # remember the filepath without path_info
    set $script $1;
    set $pathinfo $2;
    # rewrite the url to match the filepath wthout path_info
    rewrite ^.+$ $script break;
}
# set the custom path_info header
proxy_set_header XAJP-PATH-INFO $pathinfo;

That was until I realised I've burnt the whole day on this so i swapped it out with this, which is a bit more straight forward :) (thanks Jon)

set $path_info $request_uri;
try_files $uri /index.cfm$args;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header XAJP-PATH-INFO $path_info;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;


I also simplified my rewrite to this:

server {
  listen 80;
  server_name example.com;
  root /var/www/example.com/www/;
  set $lucee_context "example.com";

  location / {
    try_files $uri $uri/ @rewrites;
  }

  location @rewrites {
    rewrite ^ /index.cfm last;
  }

  include lucee.conf;
}


And now everything seems to be working fine. 

Pete Freitag

unread,
May 23, 2016, 11:37:28 AM5/23/16
to lu...@googlegroups.com
Hi Andy,

I think the problem you were having was due to the use of location directives, nginx will only match one location per block and since it was matching the location @rewrites it was not matching location ~* (\.cfm|\.cfc)$ which then includes lucee-proxy.conf.


You probably could have fixed by adding a include lucee-proxy.conf in the location block.

BTW your updated conf omitted some headers which you should include if you are using mod_cfml (eg you have multiple web roots), if you do not need mod_cfml, then you probably want to just remove it from your server.xml: https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/etc/tomcat7/server.xml#L150-L157 you could also remove the jar file.

--
Pete Freitag
https://foundeo.com/ - ColdFusion Consulting & Products
http://hackmycf.com - CFML Server Security Scanner


--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

Andy Jarrett

unread,
May 23, 2016, 11:46:17 AM5/23/16
to lu...@googlegroups.com
Thanks Pete. 

That'll explain my next issue I've been tackling. 

TBH I've hacked at the configs so much today I'm gonna fire up a fresh VM tomorrow and go again. I'll use your points and start from there. 

Really I want to get this kind of thing in docker but I need a few more hours in the day first :)
 


-- 
Andy Jarrett
Sent with Airmail
You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/gUt7jedl-Sk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.

To post to this group, send email to lu...@googlegroups.com.

Andy Jarrett

unread,
May 23, 2016, 7:25:08 PM5/23/16
to Lucee, pe...@foundeo.com
Hi Pete

I'm still having no joy.

server {
  listen 80;
  server_name example.com;
  root /var/www/example.com/www/;
  set $lucee_context "example.com";

  location / {
    include lucee-proxy.conf;
    
    try_files $uri $uri/ @rewrite;
  }

  location @rewrite {
    rewrite ^ /index.cfm last;
  }

}



In the end this is my final server file for my domain which is working well though it would be great to get your thoughts :)

server {
  listen
80;
  server_name  example
.com;
  root
/var/www/example.com/www/;

  index index
.cfm;

 
set $lucee_context "example.com";


  location
/ {

   
# Rewrite rules and other criterias can go here
   
# Remember to avoid using if() where possible (http://wiki.nginx.org/IfIsEvil)
    try_files $uri $uri
/ @rewrites;
 
}


 
# This block will catch static file requests, such as images, css, js
 
# The ?: prefix is a 'non-capturing' mark, meaning we do not require
 
# the pattern to be captured into $1 which should help improve performance
  location
~* \.(?:ico|css|js|gif|jpe?g|png)$ {
   
# Some basic cache-control for static files to be sent to the browser
    expires max
;
    add_header
Pragma public;
    add_header
Cache-Control "public, must-revalidate, proxy-revalidate";

 
}
 
  location
@rewrites {
   
# Can put some of your own rewrite rules in here
   
# for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last;
    rewrite
^/(.*)? /index.cfm/$1 last;
 
}

 
 
# Main Lucee proxy handler
  location
~ \.(cfm|cfml|cfc|jsp|cfr)(.*)$ {
    proxy_pass http
://127.0.0.1:8080;
    proxy_read_timeout
100s;

    proxy_redirect off
;
    proxy_set_header
Host $host;
    proxy_set_header X
-Forwarded-Host $host;
    proxy_set_header X
-Forwarded-Server $host;
    proxy_set_header X
-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X
-Real-IP $remote_addr;

    proxy_set_header X
-Forwarded-Proto $scheme;
    proxy_set_header https $cgi_https
;
    proxy_set_header X
-Tomcat-DocRoot $document_root;
    proxy_set_header X
-ModCFML-SharedKey 8DoB0PzqdMn4zo0Y2bq7dzqynbqBVsK0piuNslpNU6982KaiCqVT8X;
    proxy_set_header X
-Webserver-Context $lucee_context;
    proxy_set_header XAJP
-PATH-INFO $pathinfo;
 
}
}

Pete Freitag

unread,
May 24, 2016, 10:19:04 AM5/24/16
to Andy Jarrett, Lucee
Hi Andy,

I would try it as follows, but it is just a guess, I haven't played around with the setup you are trying to accomplish.

server {
  listen 80;
  server_name example.com;
  root /var/www/example.com/www/;
  set $lucee_context "example.com";

  location / {
    try_files $uri $uri/ @rewrite;
    include lucee-proxy.conf;
  }

  location @rewrite {
    rewrite ^ /index.cfm last;
    include lucee-proxy.conf;
  }

}

Your alternative config looks good, the only thing I would mention is that you probably want to have a rule to block public access to /lucee (lucee admin, etc).

--
Pete Freitag
https://foundeo.com/ - ColdFusion Consulting & Products
http://hackmycf.com - CFML Server Security Scanner


Andy Jarrett

unread,
May 24, 2016, 10:22:06 AM5/24/16
to Lucee, ma...@andyjarrett.co.uk, pe...@foundeo.com
Afternoon Pete

Thanks for coming back. Currently this is my config, I ended up forking someone elses and adding some rules from your conf as well.


The above is doing ok but not had a real chance to test my app to see if there are any issues. I'll try your suggestion later. 
Reply all
Reply to author
Forward
0 new messages