CommandBox 5.2.0 added a new feature called Server Profiles which allow you to dial in a bevy of development or production lockdown rules in a single setting. Each profile can be tweaked with individual settings to customize them.
I wanted to highlight a recent project I help a client out with, where we used CFConfig to help automate the process of applying government STIGs to ColdFusion servers. A STIG, or Security Technical Implementation Guide, is meant to standardize the process of setting up and auditing secure servers. If you manage servers in a government or corporate setting, you may be familiar with this. If not, you should still be automating your locks downs anyway, so keep reading.
In this tutorial, Brad Wood shows how to use FusionReactor features such as the request Profiler to identify several bottlenecks of slow code in a ColdFusion app.
More and more people are using CommandBox or our Ortus Docker containers (powered by CommandBox) for production deployments. Commandbox uses JBoss Undertow which is very lightweight and fast, and capable of service traffic just as fast as IIS or Apache. A lot of people ask me about running CommandBox in production and I always say it's find so long as you follow the same basic lockdown procedures you'd take on any web server. If you have IIS or Apache sitting in front of CommandBox, most of this configuration can happen there, but for people who want drop-dead simply prod servers, here's some quick tips on locking down your CommandBox server.
In this follow up screencast, we dive deeper into the advanced features CommandBox 4.5 gives you to manage the Java installations used by your CFML servers.
Screencast #1 (CommandBox 4.5 Server OpenJDK Version)
CommandBox 4.5 release note:
In this screencast we show you how to use CommandBox 4.5 to manage the versions of Java your servers use via the AdoptOpenJDK API.
CommandBox 4.5 release notes:
Docs for managing Java versions via CommandBox: