Blog

Brad Wood

August 05, 2021

Spread the word


Share your thoughts

Hot on the heels of our previous announcement of big new CFConfig features, we've got another release to let you know about!  

New Features

Here’s an overview of the new features.  This release should all be completely backwards compatible, but we’ve added a bunch of new behaviors so please report any issues you may have.  This release was all about relieving the pain of Lucee developers dealing with the duality of their server and web context.  Some config has to go in the server admin and some config has to go in the web admin.  CFConfig previously would only automatically import config into the server context which left you with a manual task to get your web config imported.  

High level features of this release are:

  • New env vars which are looked for to specify the cfconfig JSON file location
  • New keys in the server.json to control the JSON files
  • New file conventions on disk which are looked for
  • New variations of the cfconfig_settingName env vars

New server.json sytnax

{
  "cfconfig" : {
     // Replacement for top level cfconfigfile key
     "file" : "path/to/file.json",
     // Same as "file" but for consistency
     "server" : "path/to/file.json",
     // Will load into lucee/railo web context
     "web" : "path/to/file.json",
     // Replacement for top level CFConfigPauseTasks key
     "pauseTasks" : true
  },
  // Backwards compat fallback
  "CFConfigFile" : "path/to/file.json"
  "CFConfigPauseTasks": true
}

We still support the two top level keys for backwards compat, but going forward, all CFConfig settings will go inside of the cfconfig object.  

Note, you would never need to use all the properties above at the same time. For an Adobe server, or a Lucee server in which you only care about importing settings into the server context, you can just use cfconfig.file . For a Lucee server in which you want to import settings into the server AND web context, you can use cfconfig.server and cfconfig.web.

Env Var syntax

The following environment variables can now be used to set the same JSON files as above.

# Default
cfconfigfile=path/to/file.json

# Force Lucee web context  (On adobe, just loaded normally)
cfconfigweb=path/to/file.json

# Force Lucee server context - same as default  (On adobe, just loaded normally)
cfconfigserver=path/to/file.json

The following environment variables can now be used to set individual settings into a server:

# Default
cfconfig_settingName=myValue

# Force Lucee web context  (On adobe, just loaded normally)
cfconfig_web_settingName=myValue

# Force Lucee server context - same as default  (On adobe, just loaded normally)
cfconfig_server_settingName=myValue

File Conventions

The following files will be looked for by convention inside your web root if none of the options above have provided a JSON file path to import.

# Default
webroot/.cfconfig.json

# Force Lucee web context  (On adobe, just loaded normally)
webroot/.cfconfig-web.json

# Force Lucee server context - same as default  (On adobe, just loaded normally)
webroot/.cfconfig-server.json

In the event there are two or more JSON files being imported into the same context, the first file will be an overwrite as usual, but all subsequent files will import in the new “append” mode so they are additive.  

Lucee Password Handling

We’ve improved the logic to ensure Lucee server context passwords also get written to the web context and vice versa.  The logic has been greatly improved to “remember” any passwords set no matter where they came from (JSON files, env vars) and will apply them to password-less contexts only if those contexts don’t have a password set.  

Production Secure-By-Default Passwords

We’ve added a feature which will force a random password when none is set.  This will ONLY happen if the server profile is “production” and ( there is no password of any kind set or if the engine is Adobe and the password is the plaintext default of “commandbox” which is insecure).  If you are currently deploying to production with the default password of “commandbox”, that will no longer work :)  The random password will be output in the verbose server logs.  

ExportOnStop Web/Server Context Aware

If you have the exportOnStop setting enabled in CFConfig, Lucee’s server and web contexts will export into the matching JSON files, if they exist.   If there is more than one JSON file declared for a given context, the first will be used.

Conclusion

So for a basic use case of a Lucee server where you want server and web config at the same time, you can just put the following files in your web root

  • .cfconfig-web.json
  • .cfconfig-server.json

And for an Adobe server or a Lucee server where you only care about importing confugration into the server context, you can just stick with the following like before:

  • .cfconfig.json


All importing and exporting will default to the proper contexts.  All verbose server start logging has been improved to tell you which context the config files are being imported into as well so it’s clear what’s happening.  There is also debug logging which will tell you which JSON files were discovered and how (env var, file convention, server.json key, etc)

Add Your Comment

Recent Entries

Ortus Solutions Soars Back to CFCamp Munich as Platinum Sponsor and Keynote Presenter!

Ortus Solutions Soars Back to CFCamp Munich as Platinum Sponsor and Keynote Presenter!

We're thrilled to announce that Ortus Solutions is returning to CFCamp Munich for another year! We're incredibly proud to be a continuing sponsor of this fantastic event and can't wait to connect with the ColdFusion community once again.

Taking Center Stage with the Day 1 Keynote

Get ready for some deep dives into the world of BoxLang! Ortus Solutions will be kicking off CFCamp with a dynamic keynote address on day 1. This is your chance to gain valua...

Cristobal Escobar
Cristobal Escobar
May 28, 2024
Into the Box 2025 - Blind Tickets are Out!

Into the Box 2025 - Blind Tickets are Out!

Ortus Solutions is thrilled to announce the release of blind tickets for Into the Box 2025, the premier event for web developers. This year's conference promises to be a game-changer, especially with the unveiling of our groundbreaking new product, BoxLang. **Our team is working hard to get all modern CFML developers amazing tools and software features to improve their productivity. **

Maria Jose Herrera
Maria Jose Herrera
May 27, 2024
Into the Box - Keynote Recap Day 1

Into the Box - Keynote Recap Day 1

Day 1 of Into the Box kicked off with an electrifying keynote session that set the tone for an incredible conference. The excitement was palpable as developers, tech enthusiasts, and industry leaders gathered to explore the latest innovations and trends in web development.

Maria Jose Herrera
Maria Jose Herrera
May 24, 2024