search

foundeo / ubuntu-nginx-lucee

Script for standing up a Lucee server using nginx and Tomcat on Ubuntu
Apache License 2.0
86 stars 47 forks source link

Server Config for SSL? #37

Closed chrisrodkey closed 3 years ago

chrisrodkey commented 5 years ago

I'm attempting to add HTTPS/SSL to my freshly-installed server. My default.conf is reading:

server {
  listen 80 default_server;
  server_name example_com;
  root /web/default/wwwroot/;
  index index.html;
  include lucee.conf;
}

server {                 
  listen 443;
  server_name example_com;
  ssl on;
  ssl_certificate /etc/ssl/certs/cert_chain.crt;
  ssl_certificate_key /etc/ssl/private/example_com.key;

  location / {
  root /web/default/wwwroot/;
  index index.html;
  }

  include lucee.conf;

}

The mod_cfml documentation for Nginx says I must add a $lucee_context parameter when I have "multiple server blocks with the same 'root' value."

However, it also says:

Make sure you give the $lucee_context variable a unique value. It cannot have the same value in multiple server blocks. Otherwise, multiple sites will share the same Lucee context!

This is the thing: I want the multiple sites to share the context. I want the port 80 and the port 443 to both redirect to the exact same folder. When I tried to use the same value for $lucee_context in the .conf file, mod_cfml started to poop out new web contexts whenever I'd restart the server, which were very messed up.

Is there a clear and concise way to setup the .conf file so that the same webroot can host both the SSL and HTTP requests? Without causing a scene?

kmansel commented 4 years ago

Did you ever get this solved? This is how you do it in NGINX: 

server {
   listen 80 default;
   listen 443 ssl;
   server_name example.com;  
   ssl_certificate /bundled.crt;
   ssl_certificate_key /server.key;

   ........
}

https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/#a-single-http-https-server

pfreitag commented 4 years ago

Hi @chrisrodkey - sorry I missed seeing this until now. What I usually do is setup the http port 80 to redirect to https, so that server doesn't need the web root even set, it can just be as simple as: 

server {
    listen 80;
    server_name www.example.com example.com; 
    return 301 https://example.com$request_uri;
}

But to also answer your question, if you share the same web root between two server blocks and want to share the same lucee server context, then you can set the same value for each $lucee_context - not sure why it caused an issue, but it should work.