http://coldfusion.com logo
#box-products
Title
# box-products
t

Tyler Clendenin

04/13/2022, 5:42 PM
i am upgrading my commandbox docker image and after the update i am getting "access is protected" errors. I can access the server admin but not the web, the only place I am setting a password for the admin is in the cfconfig.json file wiht an
adminPassword
key. is there another setting I need to set? (lucee engine btw)
b

bdw429s

04/13/2022, 6:00 PM
Can you show a screenshot of what you're seeing?
Also, look at the container logs from when the server is starting and show is the cfconfig section.
t

Tyler Clendenin

04/13/2022, 8:02 PM
message has been deleted
message has been deleted
b

bdw429s

04/13/2022, 8:04 PM
Seems like it's getting set
Can you show us what you're seeing which isn't working?
t

Tyler Clendenin

04/13/2022, 8:04 PM
yeah, but when the container starts I can log into the server admin but not the web
message has been deleted
b

bdw429s

04/13/2022, 8:05 PM
You put in the password?
t

Tyler Clendenin

04/13/2022, 8:05 PM
yes
that is the page after i enter it and it shows the error
b

bdw429s

04/13/2022, 8:05 PM
Are you on the latest CFConfig?
t

Tyler Clendenin

04/13/2022, 8:07 PM
I am not sure what you mean by that, I am using the latest jdk11 tagged image from dockerhub
b

bdw429s

04/13/2022, 8:08 PM
CFConfig is a standalone library that has a release cycle outside of the docker images
When the docker images are built, they include whatever the latest version of CFConfig was out at the time
So there's a good chance there has been a CFConfig release since the docker images were last built
In order to see what version of CFConfig is installed in the container, you can SSH in and run
Copy code
box list --system
And you can update it with something like
Copy code
RUN box install commandbox-cfconfig --force
in your docker file
t

Tyler Clendenin

04/13/2022, 8:10 PM
says commandbox-cfconfig 1.6.11
ok, adding that
b

bdw429s

04/13/2022, 8:11 PM
You can see what the latest version is on ForgeBox
Or run
Copy code
box forgebox show commandbox-cfconfig
t

Tyler Clendenin

04/13/2022, 8:16 PM
same error
looks like i need to dive deep into cfconfig, last known working version was 1.3.1 for me
b

bdw429s

04/13/2022, 8:19 PM
Ok, so at least we know you're on the latest version
If it doesn't work, I'm not sure why. I don't really ever use the web context so I rarely test that
t

Tyler Clendenin

04/13/2022, 8:22 PM
I use the web for tenant datasource management
could there be some security setting form commandbox that would strip access to the web vs the server admin?
b

bdw429s

04/13/2022, 8:24 PM
no
t

Tyler Clendenin

04/13/2022, 8:25 PM
the prior version of comandbox was 5.3.1+00392
b

bdw429s

04/13/2022, 8:26 PM
I wouldn't really expect CommandBox itself to have anything to do with that. CFConfig is responsible for setting the password.
I just tested this locally and it seems to work fine
I have a global env called
cfconfig_adminPassword
and I see this when I start up a Lucee server
Copy code
| √ | Loading CFConfig into server
   |   |-------------------------------------------
   |   | Found box environment variable [cfconfig_adminPassword]
   |   | Importing into [luceeserver]...
   |   | [adminPassword] set.
   |   | No Web context admin password found. Setting your admin password to the same as your Server context password.
   |   | [adminPassword] set.
And I can log into both the server and the web context admin with the same password.
t

Tyler Clendenin

04/13/2022, 8:31 PM
i'll try that, I am doing it via an env var inside the value of the adminPassword key of the cfconfig.json file
nope, still no worky
trying various verisons of lucee
b

bdw429s

04/13/2022, 8:35 PM
My guess is you have something else setting it
But without seeing what JSON files you have going on, I'm not sure
I'm already a bit confused about the two different console screenshots you sent
I'm not sure which one is the real one
t

Tyler Clendenin

04/13/2022, 8:36 PM
the black bg was from the docker build command, the white was from the startup of the container
b

bdw429s

04/13/2022, 8:38 PM
So if your JSON files that were present when the container started up also had a password in them, they would override what the
cfconfig_adminPassword
env var set when building the container
You'll need to review your JSON files and see what's in them
t

Tyler Clendenin

04/13/2022, 8:39 PM
i see, testing something
so since I am not actually setting the admin password in my dockerfile generation, i think it might be setting both the server and web passwords to a random password, then when I start the container with a password it changes the password for the server but since the web is already set it doesn't touch it
b

bdw429s

04/13/2022, 8:50 PM
That doesn't make any sense based on your output above
message has been deleted
☝️ Here you clearly have an explicit env var which is getting picked up and imported
So, whatever is in that env var is what's in the server and web contexs when the container is built
t

Tyler Clendenin

04/13/2022, 8:52 PM
and that variable is not set to anything
b

bdw429s

04/13/2022, 8:52 PM
What do you mean? Like it's am empty string?
t

Tyler Clendenin

04/13/2022, 8:52 PM
no, just not set
b

bdw429s

04/13/2022, 8:53 PM
I don't understand what you mean. Clearly it's set or it wouldn't be in the output above
t

Tyler Clendenin

04/13/2022, 8:53 PM
message has been deleted
that's my cfconfig.json file, the env var CFADMIN_PASSWORD does not exist during build time
b

bdw429s

04/13/2022, 8:54 PM
☝️ This has nothing to do with the
cfconfig_adminPassword
env var mentioned in the screenshot above
t

Tyler Clendenin

04/13/2022, 8:54 PM
but it does during run time
b

bdw429s

04/13/2022, 8:55 PM
Your web context pass is probably whatever you're setting it to at build time
t

Tyler Clendenin

04/13/2022, 8:55 PM
well, i changed my runtime container to use CFCONFIG_ADMINPASSWORD
b

bdw429s

04/13/2022, 8:55 PM
As your JSON file at runtime is only going ot affect the server context
t

Tyler Clendenin

04/13/2022, 8:55 PM
yep, and at build time it is blank
b

bdw429s

04/13/2022, 8:55 PM
The web context will be left alone if it already has a password in it
Still not clear what you mean by "it" in your last sentence
t

Tyler Clendenin

04/13/2022, 8:56 PM
it seems that sometime between my prior verison of comandbox and this one (cfconfig related i'm sure) it started leaving the web password be if it had been prior set (even if the current container has a new password)
b

bdw429s

04/13/2022, 8:56 PM
You've got so many env vars and JSON files I really can't help much
Yeah, I'm not sure what behavior you had before, but the current behavior, so far as I can tell, is correct and desired
The "hey, forgot to set your password" check isn't going to kick in if the web context already has a passowrd
Otherwise, it would be overwriting something you may not want touched
t

Tyler Clendenin

04/13/2022, 8:58 PM
as far as I can tell, there is no method to update the web's password via cfconfig if it has already been set in a previous step of the build
b

bdw429s

04/13/2022, 8:58 PM
that's not true at all
If you want to explicitly set a web context password, there are several ways to do it
t

Tyler Clendenin

04/13/2022, 8:59 PM
via the cfconfig.json file?
sorry, i was unclear prior
b

bdw429s

04/13/2022, 9:00 PM
Have you checked the docs. All the existing behavior is covered here
You can set a web context password via an ad-hoc env var like so
Copy code
cfconfig_web_adminPassword=myPass
Or you can put it in a file named by convention, this:
Copy code
.cfconfig-web.json
Or you can specify a web context JSON file in
cfconfig.web
in
server.json
Or you can specify a
box_server_cfconfig_web
env var that points to a web JSON files
There's 4 ways to do it!
But if you've already set some other admin password into the web context previously, and then at runtime, you ONLY specify a server context password, CFConfig isn't going to touch your existing web context password
At least not as of the latest version. if it did in the past, that was a bug 🙂
t

Tyler Clendenin

04/13/2022, 9:04 PM
ahha, i had seen that, but i was trying to add it as a key 'web_admin_password' in my cfconfig file. i didn't see that i needed a separate web config file, which makes sense
b

bdw429s

04/13/2022, 9:05 PM
The only time CFConfig will "copy over" a password from one context to another is if you haven't set one at all before
Yes, a given JSON file will only be imported into a single target server home.
t

Tyler Clendenin

04/13/2022, 9:06 PM
thank you very much
b

bdw429s

04/13/2022, 9:06 PM
Basically all config that is possible in the server context is also possible in the web context and vice versa
So it's not like password is the only thing in both places!
👍 1
5 Views