Looking good.

I don't know how serious they are

Good news. I also didn't know how easy it was to add those headers.

Yep, the CommandBox server rules (which are basically just undertow's predicate language) are super easy once you get them figured out

Dang, that's amazing and so easy.

That's the most secure way 😉

@risto Here is what I realized about moving from your current (and my old environment) to the commandbox way. There were only 4 things that IIS was doing for me: url rewrites, virtual folders, error pages and file post size limits. Here is where you'd set it up in commandbox: url rewrites --> server.json > web.rules virtual folders --> server.json > web.aliases error pages --> server.json > web.errorPages post size --> .cfconfig.json > postSizeLimit (only needed in cf since undertow doesn't set a limit) Then, from the perspective of the CF admin settings, well commandbox-cfconfig a cli tool makes easy to export your settings from your current cf server to a .cfconfig.json file. I found out that there were only a few custom settings, besides the mail config, and datasources. Here is my CF Admin settings tip. Use the box command

cfconfig diff

to compare your current settings to that of a new fresh install server. 1. Install commandbox on your production server. Not needed is your server is available via unc path. 2.

commandbox> cfconfig export from=\\my-unc-path\c\Coldfusion2018\cfusion\cfapi to=C:\temp\cfapi-cfconfig.json

3. save cfapi-cfconfig.json to your local machine 4. then on your local machine, create a new folder called "fresh-install" 5.

commandbox> cd fresh-install

then

commandbox> server start cfengine=<same as your production>

6.

commandbox> cfconfig export to=freshinstall-cfconfig.json

7. Now you can compare the two json files. 8.

commandbox> cfconfig diff cfapi-cfconfig.json freshinstall-cfconfig.json --valuesDiffer --toOnly --fromOnly

That's it. The output of the diff command will you show three things. 1/ settings/properties that differ from your production server and the fresh install. 2/ settings that only exist in the production server. 3/ settings that only exist in the fresh install. In my case there were only 5 custom settings in my server. But it gave me a good understanding of what my applications required.

@Daniel Mejia Super helpful. I saved your post so I have it handy when I try it out. Hopefully in a couple weeks. Thanks.

ask any questions in this channel. oh trust me, commandbox.ortusbooks.com has had all the answers I need - although sometimes I don't always find what I think I need immediately.