Bindings
Last updated
Was this helpful?
Last updated
Was this helpful?
You can configure the IP, Port, and hostnames for your servers in the bindings object, which is new in CommandBox 6.0. Whereas the defaults to binding to localhost, bindings will default to all IPs or 0.0.0.0 which is more consistent without mainstream web servers work.
The bindings object goes inside your web object in server.json and for servers, you can also specify bindings in each site as well.
There are 3 types of bindings, some of which have additional information that is specific to them
HTTP
SSL
HTTP/2 support
Server certs
Client certs
AJP
AJP secret
Each type of binding is represented by an object of that name inside the bindings object. Everything is optional, so only specify what you need
Every binding has
IP address (can be * or 0.0.0.0 which means All IPs)
Port
zero or more hostnames (An empty string or * will match all hostnames)
Note, hostnames are only really used for Multi-Site servers. If you only have a single site defined, all traffic will be served by that site regardless of the hostname of the incoming request.
The default key to use is called listen. You can specify JUST a port, which will default to all IPs and all hostnames:
We can also specify the IP address as an IP or a * or 0.0.0.0 before the port delimited by a colon:
As an alternative to the listen key, you can specify IP and port keys. This can be handy if you plan to override just part of a binding via env vars.
This syntax is mutually exclusive with the listen key.
Add in as many hostnames as you need as a comma-delimited list or an array
More than one HTTP binding would look like this, where the same object is used, but inside of an array.
AJP bindings work the same as the HTTP binding examples above, but can have the addition of a secret key. All AJP connections to this port will need to come bearing the required secret.
Technically, HTTP/2 can be enabled on either HTTP or SSL bindings, but most browsers will only negotiate HTTP/2 over SSL.
HTTP/2 is enabled by default. The legacy web.http2enable flag is still obeyed and will be applied to any bindings in that block unless otherwise overridden.
To configure a single SSL Server cert, you can specify the following keys inside the binding:
certFile - A PEM-encoded DER cert or a PFX file
keyFile - THe Private key (not used for PFX)
keyPass - The key pass or PFX pass. Blank if not used
To configure multiple SSL certs on the same binding, use a certs array of objects containing the same keys above for each cert you want to specify.
CommandBox will automatically use SNI (Server name Indication) to choose the correct cert to use when negotiating the SSL handshake based on the hostnames in each cert's
Subject Common Name (CN)
SAN (subject alternative names)
CommandBox will also handle SNI for wildcard certs as well.
If using Client Cert authentication, you can also specify client certs for each SSL binding in an object called clientCert. This object can have the following child keys:
mode
CACertFiles
CATrustStoreFile
CATrustStorePass
SSLRenegotiationEnable
For more information on how to configure and use client certs, check out our .