Firewall / Offline installs

Hi Everyone,

I started this post a couple of weeks ago now, when Australia’s second biggest ISP has had a national outage that has impacted all of the services for the last 9 hours.

While attempting to start a docker container that uses the commandbox:lucee-light image - I am getting errors as a result of not being able to connect to the internet.

Eventually it was resolved and I no longer needed to post…
However, I am now trying to install CommandBox onto a server that is in an environment that has no outgoing access to the internet as a default position.

When I run box server start, I am getting errors about not being able to connect to xxxx
I am adding them into the firewall exception list as they “pop-up”
That is - I added in the IPs for:
and for adoptium to get the latest Java 11 JDK

And despite adding it into the rules - I am still getting the following error;
Connection failure

So I think I have two questions, please…
Is there a known list of IP I need to allow - to successfully install Commandbox / Lucee?
Is there a way to do a complete “offline” install / running of Commandbox?


Generally speaking, CommandBox doesn’t require internet to work, but there are features that won’t work without it such as:

  • box install of packages from any endpoint that uses internet such as
    • Automatic downloading of Java (on server start)
    • Automatic downloading of CF engine (on server start)
  • Adobe CFPM command, which you may be running director or indirectly via server scripts or Docker env vars.
  • Update check module on CLI start (doesn’t apply to Docker containers)

SImply put, you cannot use these features if you do not have internet. You would need to provide the JRE or CF engine yourself via some other means.

You really need to provide screenshots or the full console output. I have no idea what command and configuration specifically is being used or what is being downloaded from GitHub without the context of what you’re doing in the CLI.

Depends on what you mean by “install CommandBox / Lucee”. In theory nothing at all is needed to simply drop box.exe on a system and run

box server start

That will start the Lucee server who’s jar is already embedded in the CLI. I can’t speak to additional configuration you may have in place that you haven’t shared.

CommandBox itself should require no internet access simply to startup, with the only exception being the commandbox-update-check module which runs on CLI start (and I think is removed from our Docker containers) and that module has documentation on how to disable its checks if you don’t want them: FORGEBOX: CommandBox Update Check
It also obeys the offlineMode config setting.

The only other exception I’ve seen to this is that Lucee has a couple auto-download features of its own

  • auto download/install extensions based on the presence of a LUCEE_EXTENSIONS env var
  • auto download OSGI bundles - this should never happen from what I’m told, but if it does, report it to Lucee as a bug.

As usual - thanks Brad…

Let me rephrase it a little.
I have a new server.

I want to use commandbox to manage and run my Lucee instance.

Behind a firewall.

I can install CommandBox via yum, successfully.

I try and start a Lucee server.
The command line complains that a connection XXX url has timed out, trying to install Java.
So I add that URL to the allowed list in my firewall.
I try and add cfconfig to commandbox and I get a timeout for a url that is displayed on the command line, too.
I add it to the allowed list in my firewall.

I have now added all the urls that are reported to me at the command line.
However I am NOT able to successfully start a lucee server and the command line still complains about

Because I haven’t added a CDN url for github. which I found out about using wireshark.

So my question is;
Is there any documentation available that would have the steps required to do a successful install of commandBox / java / lucee / my fave commandbox modules?
I understand I will need to download them separately.
Perhaps I can put them into a S3 bucket that my firewall blocked EC2 instance that it has access to.

But what is it I need?
And where do I need to put it / how do I install it - once I have it?

As an example :

  • Download all the LEX files you need from (I am guessing about the actual URL at the time of writing)
  • Place them in the DEPLOY folder at /xxxx/xxx/lucee-server/deploy

How do I manually download cfconfig / (and any other CommandBox add-on)
Get it from : FORGEBOX: CFConfig Services
But where do I put it - so that it is available, usable within CommandBox CLI?

  • Is there like a “–local-install” option?

  • If there is a process - is it the same for all other CommandBox modules?

I obviously need a JRE or JDK…
I download and install it independently…
What do I need to configure, so that is available to CommandBox?
To Lucee (within CommandBox) - if it is anything other than correctly defining the JAVA_HOME?

I hope that makes sense of my previous email…
And as is always the case, thanks very much!