nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
My ports output:
$ netstat -ntlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8920/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd
tcp6 0 0 :::22 :::* LISTEN 904/sshd
178.62.29.247 mydomain.co.za www.mydomain.co.za
#block the lucee-context except for certain ip
location ~* /lucee/ {
# Add my domain
allow 178.62.29.247;
deny all;
include lucee-proxy.conf;
}
Sites directory structure
sites-available/
/default
/mydomain.co.za.conf
Changes to mydomain.co.za.conf
server {
listen 80 default_server;
root /web/mydomain.co.za/wwwroot/;
server_name mydomain.co.za www.mydomain.co.za;
# Mod_cfml (Lucee) specific: add a unique ID for this server block.
# For more info, see http://www.modcfml.org/index.cfm/install/web-server-components/nginx-all-os/
set $lucee_context "mydomain.co.za";
include lucee.conf;
}
I think the problem is either an empty directory root mapping and I do not know lucee well enough to know why or how the folder structure works yet. Or it is a permissions and ownership issue.
Any help here will be greatly appreciated, I have spent many hours on this and the solution is probably simple, I hope!!!
NGINX runs under the user account “nginx” so, based on the permissions you’re setting in the script below you may need to add the “nginx” user to the group “www-data” (that’s the group you’re setting ownership of the web root to) to ensure permissions for non-proxy access from NGINX:
usermod -a -G www-data nginx
Looking at Pete’s lucee.conf file in the repo you linked below, though the /lucee path is IP restricted. Does your IP match that IP (he has 10.0.0.10 as the IP in his file)?
https://github.com/foundeo/ubuntu-nginx-lucee/blob/master/etc/nginx/lucee.conf
--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/73cc4c03-79cc-472c-9257-319d2f8a87d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/etPan.5696bbd2.1727254a.4c0%40jonclausen-mbp.local.
-tulpen
and these are the ports I get.Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:49356 0.0.0.0:* LISTEN 106 10305 509/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 10195 500/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 40548 26442/nginx -g daem
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11597 584/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 109 39807 26231/mysqld
tcp6 0 0 :::111 :::* LISTEN 0 10198 500/rpcbind
tcp6 0 0 :::55890 :::* LISTEN 106 10311 509/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 0 11606 584/sshd
udp 0 0 0.0.0.0:675 0.0.0.0:* 0 10194 500/rpcbind
udp 0 0 127.0.0.1:685 0.0.0.0:* 0 10297 509/rpc.statd
udp 0 0 0.0.0.0:39474 0.0.0.0:* 106 10302 509/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 10191 500/rpcbind
udp6 0 0 :::675 :::* 0 10197 500/rpcbind
udp6 0 0 :::35391 :::* 106 10308 509/rpc.statd
udp6 0 0 :::111 :::* 0 10196 500/rpcbind
root 26458 631 0 17:02 pts/0 00:00:00 grep java
#block the lucee-context except for certain ip
location ~* /lucee/ {
allow 10.0.0.10;
deny all;
include lucee-proxy.conf;
}
And I added nginx as a user and then added to the group www-data and restarted nginx. No change in 403 error.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/231c614b-f3c4-4264-b4d7-23541903b5af%40googlegroups.com.
● tomcat7.service - LSB: Start Tomcat.
Loaded: loaded (/etc/init.d/tomcat7)
Active: active (exited) since Wed 2016-01-13 16:51:20 EST; 1h 3min ago
Jan 13 16:51:20 mydomain.co.za tomcat7[23703]: Starting Tomcat servlet engine: tomcat7start-stop-daemon: unable to stat /opt/lucee/jvm/current/bin/java (No such ...directory)
Jan 13 16:51:20 mydomain.co.za tomcat7[23703]: (already running).
Hint: Some lines were ellipsized, use -l to show in full.
#block the lucee-context except for certain ip
location ~* /lucee/ {
allow 123.56.789.111;
deny all;
include lucee-proxy.conf;
}
Checking my /var/log/nginx/error.log shows:
2016/01/13 18:07:37 [error] 26790#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 123.56.789.111, server: mydomain.co.za, request: "GE$
2016/01/13 18:10:11 [error] 26805#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 123.56.789.111, server: mydomain.co.za, request: "GE$
location /CFIDE {
order deny,allow;
deny from all;
allow from MYIPADDRESS;
}
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/0a870562-567e-446d-a924-1edd42ae2cf1%40googlegroups.com.
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:34140 0.0.0.0:* LISTEN 462/rpc.statd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 939/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 451/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1200/nginx -g daemo
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1108/sshd
tcp6 0 0 :::111 :::* LISTEN 451/rpcbind
tcp6 0 0 :::8080 :::* LISTEN 1243/java
tcp6 0 0 :::22 :::* LISTEN 1108/sshd
tcp6 0 0 :::37976 :::* LISTEN 462/rpc.statd
I ran $ service tomcat7 status and got success message.
I ran $ service nginx restart and got success message
I believe that Tomcat is up and working, however I am now getting a 504 gateway timeout. I am going to re-install lucee and see if this helps.
You mentioned you always installed Lucee using the installers. Not having much experience with Lucee setup is there another method that you may recommend?
Jordan Michaels helps to maintain several excellent Lucee installers bundled with Tomcat, which can be found in the Lucee downloads section:
http://lucee.org/downloads.html
9 times out of 10, those will do everything you need to do. Here’s what I would suggest to make it easier with what you currently have in place:
Install Apache, and then elect to install the connectors during the Lucee installation script. Then uninstall Apache. You just need it so the installer can set up mod_cfml shared keys - otherwise it won’t add the keys to the mod_cfml valve configuration.
The NGINX proxy configuration to Lucee you already have in place should work with the installers, by simply changing the key to the new mod_cfml key, though I haven’t verified this - as of yet. With the installer, Tomcat is located in /opt/lucee/tomcat and you can grab the shared key from the mod_cfml valve configuration in /opt/lucee/tomcat/conf/server.xml to match up in /etc/nginx/lucee-proxy.conf
If you still have trouble getting mod_cfml up and running you can also just do a direct HTTP proxy to port 8888 from NGINX and configure your web context manually, which works fine too if you don’t mind setting up a new web context context configuration for each app. This is how NGINX/Lucee servers were set up before recent mod_cfml updates, which made it fully compatible with NGINX.
In your nginx.conf add the upstream inside the the http{} config (and use some of the excellent security config blocks that are in your existing install) without :
#upstream configuration - may be used to configure additional servers and options for load balancing
upstream lucee {
server 127.0.0.1:8888;
}
Then add the following inside your server config:
#Proxy all CFML to Lucee
location ~ \.(cfm|cfml|cfc)(.*)$ {
proxy_pass $scheme://lucee;
proxy_cache_bypass $no_cache;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## CGI.REMOTE_ADDR
proxy_set_header X-Forwarded-Proto $scheme; ## CGI.SERVER_PORT_SECURE
proxy_set_header X-Real-IP $remote_addr;
#everything below is optional and is for tuning:
expires epoch;
client_max_body_size 32m;
client_body_buffer_size 800k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
#let NGINX handle static files
location ~* ^.+\.(jpe?g|jpg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|avi|mp3|ttf|woff)$
{
root /web;
expires 30d;
}
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8dca3859-4c6f-4860-bf44-8c5d241eb1e1%40googlegroups.com.