This tutorial a continuation of my previous posts and assumes you already have both Nginx and Lucee installed on an AWS EC2 Linux instance. If not, you may want to read my tutorials below and then come back here afterwards.

Now that you've got both Nginx and Lucee installed on your server let's configure Nginx to serve static assets and proxy other requests to Lucee on port 8888.

SSH into the instance.

$ ssh ec2-user@ip.address.goes.here

Update the server for kicks.

$ sudo yum -y update

Before you proceed make sure you have ports 80 and 8888 open in the security group that your AWS instance is running in. At this point we have Nginx up and running on port 80...

Nginx

and we have Lucee running on 8888.

Lucee

Now we need to edit the Nginx configuration file and put things together.

$ cd /usr/local/nginx/conf

Rename the current configuration file and keep as a backup.

$ sudo mv nginx.conf nginx.conf.backup

Create a new blank Nginx configuration file using the Nano text editor (or your editor of choice).

$ sudo nano nginx.conf

The nginx.conf file has a huge number of configuration options. For this tutorial we're just going to use a bare-bones configuration that demonstrates how to get our job done. In your practical real-life situation you'll probably have to combine snippets from my sample config below with your own config.

Paste the text below into your Nano editor.

worker_processes  1;

events {
    worker_connections  2048;
}

http {

    include mime.types;

    server {

        listen       80;
        server_name  localhost;

        root   /opt/lucee/tomcat/webapps/ROOT;
        index  index.cfm;

        location ~ \.css$ {
            #expires 12h;
        }
        location ~ \.js$ {
            #expires 12h;
        }
        location ~* \.(?:ico|gif|jpe?g|png|pdf)$ {
           #expires 12h;
        }

        location / {
            proxy_pass http://localhost:8888/;
            proxy_set_header x-forwarded-host $host;
            proxy_set_header x-forwarded-server $host;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
            proxy_set_header x-real-ip $remote_addr;
            proxy_set_header x-forwarded-port $server_port;
        }
    }
}

Type ctrl+o to save (WriteOut) the nginx.conf file to disk. Then crtl+x to exit the nano editor.

Now restart Nginx and you should see the Lucee welcome page on port 80!

$ sudo service nginx restart

Lucee

There are a few things to note about the nginx.conf file. You'll notice the location {} directives for CSS, JS and Image/PDF files. These can be used to bypass Lucee and serve static assets through Nginx directly. Nginx is better and faster at serving static assets so it's not a bad idea to set things up this way. It also gives you the flexibility to set HTTP cache headers on images, etc. For example this directive ...

location ~* \.(?:ico|gif|jpe?g|png|pdf)$ {
    expires 4h;
}

Would result in a cache header that looks like this ...

Cache-Control: max-age=14400

In the configuration file above the lines with expires are commented out with # You can simply uncomment and modify the time value if desired.

Notice how we set Nginx's default root to Lucee's web root and set the default document to index.cfm.

root   /opt/lucee/tomcat/webapps/ROOT;
index  index.cfm;

My configuration file is proxying everything that isn't a common static file over to Lucee. In your real-world situation you might want to restrict this to CFML files (.cfm, .cfml, .cfc).

location / {
    proxy_pass http://localhost:8888/;
    proxy_set_header x-forwarded-host $host;
    proxy_set_header x-forwarded-server $host;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header x-real-ip $remote_addr;
    proxy_set_header x-forwarded-port $server_port;
}

I also included some proxy_set_header directives to pass along CGI info that can sometimes get lost and not set correctly in Lucee's CGI scope. Then you can use CFML code like below to read these values out in your templates. Which also comes in handy when working behind AWS ELBs (Elastic Load Balancers). For example:

if (StructKeyExists(GetHttpRequestData().headers, "x-forwarded-host")) {
    // Do something ...
}

After you've got everything configured as desired you might consider blocking access to port 8888 in your AWS security group while leaving port 80 open to the world.