This is the repository for official Dockerfiles for Commandbox images
The Docker files in this repository can be used to create your own custom Docker container for running ColdFusion CFML applications on CommandBox. Leveraging CommandBox allows you to configure your entire ColdFusion CFML engine environment from a single server.json
file in the root of your project.
Note: For references to the specific versions of CommandBox used within image versions, please see the Changelog.
:latest
(Dockerfile) - Latest stable version:3.9.2
- Tagged version of the image - not to be confused with the version of CommandBox within the image:snapshot
- Development/BE version:[tag]-snapshot
- Development/BE version of a tagged variations (e.g. -:adobe2021-snapshot
):jdk8
- Base image using OpenJDK8:jre11
- Base image using OpenJDK11 JRE:jdk11
- Base image using OpenJDK11 full JDK:jre17
- Base image using OpenJDK17 JRE:jdk17
- Base image using OpenJDK17 full JDK:alpine
(Dockerfile) - Alpine Linux version of the image - slight decrease in overall size and optimizations for containerized runtimes:ubi9
(Dockerfile) - RHEL Universal Base Image version of the image:[engine][version]
- Containers with warmed-up engines - saves having to download the server WAR during container start::lucee5
(Dockerfile),:lucee-light
(Dockerfile),:lucee5-light
(Dockerfile),:adobe2018
(Dockerfile),:adobe2021
(Dockerfile),:adobe2023
(Dockerfile):[engine][version]-alpine
- Alpine linux versions of the image with warmed-up engines::lucee5-alpine
(Dockerfile),:lucee-light-alpine
(Dockerfile),:lucee5-light-alpine
(Dockerfile),:adobe2018-alpine
(Dockerfile),:adobe2021-alpine
(Dockerfile):[engine][version]-ubi9
- RHEL ubi9 versions of the image with warmed-up engines::lucee5-ubi9
(Dockerfile),:lucee-light-ubi9
(Dockerfile),:lucee5-light-ubi9
(Dockerfile),:adobe2018-ubi9
(Dockerfile),:adobe2021-ubi9
(Dockerfile)
Note: The :latest
tag currently uses OpenJDK11, as do all other pre-built engine images. If you required JDK 8 or JDK 17 support in your app or engine, use the :jdk8
or :jdk17
tags, respectively.
CommandBox allows you to configure your entire CFML engine environment at runtime using file or environment-based conventions. For more information on how to leverage CommandBox in developing and deploying your applications, see the official documentation.
In addition the CommandBox modules of dotenv
and cfconfig
are included in these pre-built images, which allow you to leverage additional runtime environmental and server configuration options.
Current CFML engines supported are:
- Lucee: 5+
- Adobe ColdFusion 2018+
You may also specify a custom WAR for deployment, using the server.json
configuration.
This section assumes you are using the Official Docker Image
By default, the directory /app
in the container is mapped as the Commandbox home. To deploy a new application, first pull the image:
docker pull ortussolutions/commandbox
Then, from the root of your project, start with
docker run -p 8080:8080 -p 8443:8443 -v "/path/to/your/app:/app" ortussolutions/commandbox
By default the process ports of the container are 8080
(insecure) and 8443
(secure - if enabled in your server.json
) so, once the container comes online, you may access your application via browser using the applicable port (which we explicitly exposed for external access in the run
command above). You may also specify different port arguments in your run
command to assign what is to be used in the container and exposed. This prevents conflicts with other instances in the Docker machine using those ports:
docker run -p 80:80 -p 443:443 -e "PORT=80" -e "SSL_PORT=443" -v "/path/to/your/app:/app" ortussolutions/commandbox
All Debian-based images currently support linux/amd64
, linux/arm64
and linux/arm/v7
architecture. Alpine builds are currently only supported on linux/amd64
The CommandBox Docker image supports the use of environmental variables for the configuration of your servers. Specifically, the image includes the cfconfig
CommandBox module, which allows you to provide custom settings for your engine, including the admin password.
$PORT
- The port which your server should start on. The default is8080
.$SSL_PORT
- If applicable, the ssl port used by your server The default is8443
.
In order to use the multi-site features of CommandBox v6 and above, if your multi-site setup is domain-aware, you will need to set the environment variable BOX_SERVER_WEB_useProxyForwardedIP=true
. Note, though, that doing so will open your container up to threat vectors by providing visitors with the ability to circumvent:
- Internal-only host matching
- IP restrictions on admin blocking
as well as potentially allowing the spoofing of client certs and/or SSL redirects/validation. Because of this, if you choose to enable this setting, you should take care to ensure that your containers are only publicly accessible via the load balancer and exposed container ports on the Docker host are not publicly available. Once this setting is enabled, however, headers such as X-Forwarded-Host
sent by the upstream load balancer will be honored when service multi-site traffic.
As of Commandbox v5.3.0
, all CommandBox servers have HTTP/2 enabled by default. For browser support of this protocol, you will need to enable SSL and provide a certificate.
The following environment variables may be provided to modify your runtime server configuration. Please note that environment variables are case sensitive and, while some lower/upper case aliases are accounted for, you should use consistent casing in order for these variables to take effect.
BOX_SERVER_APP_SERVERHOMEDIRECTORY
- When provided, a custom path to your server home directory will be assigned. By default, this path is set as${LIB_DIR}/serverHome
, which resolves to/usr/local/lib/serverHome
in most builds. The Alpine-based builds will default to/usr/lib/serverHome
. ( Note: You may also provide this variable in your app's customizedserver.json
file )APP_DIR
- Application directory (web root). By default, this is/app
. If you are deploying an application with mappings outside of the root, you would want to provide this environment variable to point to the webroot ( e.g./app/wwwroot
)USER
- When provided the server process will run under the provided user account nameUSER_ID
- Numeric. When provided in conjunction with aUSER
environment variable, the UID of the user will be assigned this number. This can be useful for ensuring permissions of mounted volumes and filescfconfig_[engine setting]
- Any environment variable provided which includes thecfconfig_
prefix will be determined to be acfconfig
setting and the value after the prefix is presumed to be the setting name.BOX_SERVER_CFCONFIGFILE
- Acfconfig
-compatible JSON file may be provided with this environment variable. The file will be loaded and applied to your server. If anadminPassword
key exists, it will be applied as the Server and Web context passwords for Lucee engines. You may instead add a.cfconfig.json
file to the root of theAPP_DIR
and it will be picked up automatically.BOX_SERVER_APP_CFENGINE
- Using theserver.json
syntax, allows you to specify the CFML engine for your container ( e.g.lucee@5
). Defaults to the CommandBox default ( currently[email protected]
)BOX_SERVER_RUNWAR_CONSOLE_APPENDERLAYOUT
- When setting this toJSONTemplateLayout
, the log output of the container will be inndjson
. For more information on this setting, please see the CommandBox documentation on customizing log layoutsFINALIZE_STARTUP
- When provided a final startup script will be generated, which will be considered authoritative the next time the container/image starts. The caveat to this, however, is that the finalized startup script will bypass the evaluation checks for all of the other environment variables in this list as those values will be explicitly exported in the startup file.BOX_SERVER_PROFILE
- When set, this will be applied as the runtime CommandBox server profile. By default, CommandBox will set this value to theproduction
mode, since the container server binds to all interfaces on0.0.0.0
. If you wish a lower level of security, you will need to provide this variable or set it in yourserver.json
file.BOX_SERVER_WEB_REWRITES_ENABLE
- A boolean value, specifying whether URL rewrites will be enabled/disabled on the server. Setting this environment variable will overwrite any settings within the app'sserver.json
file.CFPM_INSTALL
andCFPM_UNINSTALL
- Supported for Adobe Coldfusion 2021 engines. When provided as a delimited list of Coldfusion Package Manager packages, these will be installed ( or uninstalled, respectively ), prior to the server start. A warmed-up server is required to use these variables.BOX_INSTALL
/box_install
- When set to true, thebox install
command will be run before the server is started to ensure any dependencies configured in yourbox.json
file are installed
$HEALTHCHECK_URI
- Specifies the URI endpoint for container health checks. By default, this defaults tohttp://127.0.0.1:${PORT}/
at 20 second intervals, a timeout of 30 seconds, with 15 retries before the container is marked as failed. _Note: Since the interval, timeout, and retry settings cannot be set dynamically, if you need to adjust these, you will need to build from a Dockerfile which provides a newHEALTHCHECK
command
The following variables are still supported, however they are deprecated and support will be removed in the next major release version of the image:
SERVER_HOME_DIRECTORY
- UseBOX_SERVER_APP_SERVERHOMEDIRECTORY
insteadCFCONFIG
andcfconfigfile
- UseBOX_SERVER_CFCONFIGFILE
insteadCFENGINE
- UseBOX_SERVER_APP_CFENGINE
insteadHEADLESS=true
- UseBOX_SERVER_PROFILE=production
insteadSERVER_PROFILE
- UseBOX_SERVER_PROFILE
insteadURL_REWRITES
/url_rewrites
- UseBOX_SERVER_WEB_REWRITES_ENABLE
instead
Docker secrets can use two storage mechanisms:
- Secret values stored as files on the host (non-swarm mode).
docker secret
-managed key/value pairs (swarm mode).
Secret expansion can be accomplished by one of two mechanisms ( or both ):
To use secrets as variables in this image, a placeholder is specified (e.g., <<SECRET:test_docker_secret>>
) as the variable's value. At run-time, the environment variable's value is replaced with the secret.
Example with a secret using host file storage:
version: '3.1'
services:
sut:
environment:
- IMAGE_TESTING_IN_PROGRESS=true
#- ENV_SECRETS_DEBUG # uncomment to debug the placeholder replacements
# this is a placeholder that will be replaced at runtime with the secret value
- TEST_DOCKER_SECRET=<<SECRET:test_docker_secret>>
...
secrets:
test_docker_secret:
# this is the file containing the secret value
file: ./build/tests/secrets/test_docker_secret
When any environment variable is suffixed with _FILE
, the right-hand assignment will be loaded and expanded as the environment variable prior to the suffix. The most common use-case for this is in sourcing Docker secrets, however it may also be used to source runtime-mounted files as variables.
For example the variable REINIT_PASSWORD_FILE=/run/secrets/reinit_password
would source the contents of the right-hand file path in as the REINIT_PASSWORD
environment variable.
To create your own, customized Docker image, use our Dockerfile repository as a reference to begin your customizations. You can extend any of the base images and add your own additional functionality or modules. For example, to install the Ortus Couchbase extension for Lucee:
FROM ortussolutions/commandbox:lucee5
ARG REDIS_EMAIL
ARG REDIS_LICENSE_KEY
ARG REDIS_ACTIVATION_CODE
# Install the Ortus Redis cache extension from Forgebox
RUN box install 5C558CC6-1E67-4776-96A60F9726D580F1
# Scope in our args for extension activation
REDIS_EXTENSION_EMAIL=$REDIS_EMAIL
REDIS_EXTENSION_LICENSE_KEY=$REDIS_LICENSE_KEY
REDIS_EXTENSION_ACTIVATION_CODE=$REDIS_ACTIVATION_CODE
REDIS_EXTENSION_SERVER_TYPE=Production
# WARM UP THE SERVER WITH THE NEW EXTENSION
RUN ${BUILD_DIR}/util/warmup-server.sh
We recommend using the pre-tagged images as your base, rather than starting from scratch.
Because, with the exception of the CommandBox default engine of Lucee 5, the CFML server engines are downloaded and installed at container runtime. This can result in significant startup time increases ( even with Lucee 5 already downloaded in the base image, there is a time penalty for a "cold start" ). It is recommended that builds for production use employ an engine-specific variation for the build, which ensures the server is downloaded, in place, and warmed up on container start.
For a basic example, the following will suffice:
FROM ortussolutions/commandbox:lucee5
# Copy application files to root
COPY ./ ${APP_DIR}/
In many cases, you will have tier-specific builds, with custom configuration options. The following employs a build
directory, which includes additional configuration files for tier-based deployments:
FROM ortussolutions/commandbox:lucee5
ARG CI_ENVIRONMENT_NAME
# Copy application files to root
COPY ./ ${APP_DIR}/
# Copy tier-only files over
COPY ./build/env/${CI_ENVIRONMENT_NAME}/tier/ ${APP_DIR}/
# Install our box.json dependencies
RUN cd ${APP_DIR} && box install
# Warm up and validate our server
RUN ${APP_DIR}/build/env/setup-env.sh
# Remove our build directory from our deployable image
RUN rm -rf ${APP_DIR}/build
# Set our healthcheck to a non-framework route - in this case we only need to know that CFML pages are being served
ENV HEALTHCHECK_URI "http://127.0.0.1:${PORT}/config/Routes.cfm"
In the above case, the setup-env.sh
file might perform an additional server warmup and validation, where in the former case, the server was previously warmed up when the image was built.
Once your customized Dockerfile
has has been built, you can run the generated image directly, or publish it to a private registry
As of v3.0.0 of the image you can create multi-stage builds which include only a shell script to start the server, the RunWar servlet container, and the application/engine. This build is finalized, however, so the startup script will bypass all environmental and server evaluation in favor of the variables provided in the generated shell script. This means that you will need to provide all secrets and variables needed by your server and CFConfig files during the initial build phase, as the .env
and .cfconfig.json
files will not be in play during the server startup.
A finalized image reduces container startup times by up to 80% and reduces the final image size by up to 50%. Multi-stage builds are ideal for creating production images. The environment variable FINALIZE_STARTUP
, when provided, will only generate the startup script. The script written is considered authoritative and will be used on the next container start.
To leverage this with a multi-stage build:
FROM ortussolutions/commandbox:lucee5 as workbench
# Generate the startup script only
ENV FINALIZE_STARTUP true
RUN $BUILD_DIR/run.sh
# Eclipse Temurin Focal image is the smallest OpenJDK image on that the same kernel used in the base image.
# For most apps, this should work to run your applications
FROM eclipse-temurin:11-jre-jammy as app
# COPY our generated files
COPY --from=workbench /app /app
COPY --from=workbench /usr/local/lib/serverHome /usr/local/lib/serverHome
RUN mkdir -p /usr/local/lib/CommandBox/lib
COPY --from=workbench /usr/local/lib/CommandBox/lib/runwar-4.0.5.jar /usr/local/lib/CommandBox/lib/runwar-4.0.5.jar
COPY --from=workbench /usr/local/bin/startup-final.sh /usr/local/bin/run.sh
# Restore working directory environment
ENV APP_DIR /app
WORKDIR $APP_DIR
# Restore the healthcheck, since that doesn't transfer from the first stage
ENV HEALTHCHECK_URI "http://127.0.0.1:${PORT}/"
HEALTHCHECK --interval=20s --timeout=30s --retries=15 CMD curl --fail ${HEALTHCHECK_URI} || exit 1
CMD /usr/local/bin/run.sh
You may also create this finalized startup script in a single-stage build:
FROM ortussolutions/commandbox:lucee5
# Generate the finalized startup script and exit
RUN export FINALIZE_STARTUP=true;$BUILD_DIR/run.sh;unset FINALIZE_STARTUP
This created image will contain the authoritative script with its runtime benefits and caveats ( see above ). Unlike the multi-stage build above, however , secret expansion will take place prior to image start, with the caveat that any environment variables in existence when the finalized script was generated will overwrite the runtime-provided variables or secrets.
CommandBox is a standalone, native, modular CFML development and deployment tool for Windows, Mac, and Linux which provides a CLI for server orchestration, developer productivity, tool interaction, package management, application scaffolding, and some sweet ASCII art. It is open for extensibility for any ColdFusion (CFML) project and is written in CFML, allowing developers to easily write their own modules. It tightly integrates with the CFML open source hub ForgeBox, so developers can share modules world-wide.
Please submit issues to our repository: https://github.com/Ortus-Solutions/docker-commandbox/issues
Apache License, Version 2.0.
Because of His grace, this project exists. If you don't like this, then don't read it, it's not for you.
"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God. And not only so, but we glory in tribulations also: knowing that tribulation worketh patience; And patience, experience; and experience, hope: And hope maketh not ashamed; because the love of God is shed abroad in our hearts by the Holy Ghost which is given unto us. ." Romans 5:5
"I am the way, and the truth, and the life; no one comes to the Father, but by me (JESUS)" Jn 14:1-12 fv