I have the same issue, to solve the problem use nginx as a proxy to block access to the admin console. Here is my config I use in docker:
default.config file below
server {
listen 80 default_server;
server_name _;
index index.cfm index.html index.htm;
root /var/www;
server_name_in_redirect off;
# Rewrite rules and other criterias can go here
# Remember to avoid using if() where possible (http://wiki.nginx.org/IfIsEvil)
# location / {
# try_files $uri $uri/ @rewrites;
# }
# Can put some of your own rewrite rules in here
# for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last;
# location @rewrites {
# rewrite ^/(.*)? /index.cfm/$1 last;
# }
#block/ignore requests for Application.cfc/cfm
location ~* Application.cf[mc]$ {
return 404;
}
#block/ignore requests for /lucee-server
location ~* /lucee-server {
return 404;
}
#block/ignore CFIDE requests
location ~* /CFIDE {
return 404;
}
location ~* /lucee/ {
# allow 10.0.0.1; # Add your IP address here
deny all; # block access
}
location ~* \.(cfm|cfc|cfr)$ {
proxy_pass http://127.0.0.1:8888;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
}
My Docker file
FROM lucee/lucee:5.3-nginx
# FROM llucee/lucee:5.3.5.87-SNAPSHOT-nginx
# NGINX configs
COPY web/config/nginx/ /etc/nginx/
# Patch Server
# COPY patches/ /opt/lucee/server/lucee-server/patches/
# Lucee configs
# COPY config/lucee/ /opt/lucee/web/
# Code
# remove hg it has a security vulnerability
run apt-get update -y
run apt-get remove --auto-remove mercurial -y
run apt-get purge mercurial -y
run apt-get install awscli -y
run sed -i 's/<cfLuceeConfiguration.*>/<cfLuceeConfiguration hspw="xxx" salt="4xxx" version="5.2">/g' /opt/lucee/server/lucee-server/context/lucee-server.xml
run sed -i 's/<cfLuceeConfiguration.*>/<cfLuceeConfiguration hspw="xxx" salt="xxx" version="5.2">/g' /opt/lucee/web/lucee-web.xml.cfm
run ls -la
ADD web/www /var/www
run ls -la /var/www
Notice how I update the web and server xml files. This is how I set the portal password. I have to ssh tunnel in on port 8888 if I want to access the console. My advice is to automate the config. This is 2020 the gui is not your friend! LOL So when your app spins up it should create the Database entries (DSNs), setup session storage (with database), config mail server (AWS SES) and output the logging to a centralize logger (cloud watch). This is how modern apps work. This should be the standard or similar.
I will publish/share all my configs when I get the complete solution to work on fargate. I hope this helps.
– Bill