Docker images for ColdFusion

Adobe provides official Docker images for ColdFusion, allowing easy deployment and management of ColdFusion applications in a containerized environment. These images are optimized for performance, security, and scalability.

In this article,

Pre-requisites

Before using ColdFusion Docker images, ensure your system meets these requirements: 

Install Docker

1. Install Docker on your system. Refer to the Docker Installation Guide for instructions.
2. Ensure that Docker Desktop is running.

ColdFusion license

• ColdFusion (2025 release)
• ColdFusion (2023 release)
• ColdFusion (2021 release)

System requirements

• ColdFusion Enterprise
• ColdFusion Standard

Set up ColdFusion Docker images

Pull the ColdFusion Docker image. Launch a terminal and run:

docker pull adobecoldfusion/coldfusion:latest

Pull a specific version:

docker pull adobecoldfusion/coldfusion:2025

Run ColdFusion in a container

Launch a container using the following command:

docker run -d -p 8500:8500 --name cf-container adobecoldfusion/coldfusion -e acceptEULA=yes

• -d: Runs the container in the background.
• -p 8500:8500: Assigns ColdFusion’s default port to the host machine.
• --name cf-container: Assigns a name to the container.
• -e acceptEULA=YES: Accepts the EULA for the container to run.

Configure ColdFusion Using Environment Variables

ColdFusion Docker images support configuration via environment variables. For example:

docker run -d -p 8500:8500 -e acceptEULA=YES -e password=YourSecurePassword -e enableSecureProfile=true --name cf-container adobecoldfusion/coldfusion

To get a list of available environment variables, run:

docker run --rm -it adobecoldfusion/coldfusion:latest help

Required Environment Variables:

• acceptEULA=YES 

Optional Environment Variables:

• password - ColdFusion administrator password (default: admin) 
• enableSecureProfile - Enables/disables the secure profile (true/false, default: false)
• configureExternalSessions - Enables/disables external session storage (true/false, default: false) 
• externalSessionsHost - Redis host for external sessions (default: localhost)
• externalSessionsPort - Redis port for external sessions (default: 6379) 
• externalSessionsPassword - Password for Redis external sessions (default: empty)
• configureExternalAddons - Enables/disables external add-ons (true/false, default: false) 
• addonsHost - Host for add-on container services (default: localhost)
• addonsPort - Port for add-on container services (default: 8997) 
• addonsUsername - Username for Solr authentication (default: admin)
• addonsPassword - Password for Solr authentication (default: admin) 
• addonsPDFServiceName - Name of the PDFg service manager (default: addonsContainer)
• addonsPDFSSL - Enables/disables SSL for the PDFg service (true/false, default: false) 
• setupScript - Path to a ColdFusion (CFM) script executed on startup (must be in /app)
• setupScriptDelete - Deletes the setup script after execution (true/false, default: false) 
• language - ColdFusion language (ja/en, default: en)
• licenseFilePath - Path to ColdFusion license file (must be in /data) 
• licenseEdition - Defines ColdFusion license edition (1 for Enterprise, 2 for Standard)
• installModules - Comma-separated list of modules to install via CF Package Manager (all to install all) 
• importCFSettings - Path to a JSON file with ColdFusion settings (must be in /app)
• importCFSettingsPassphrase - Passphrase for encrypted CF settings 
• importModules - Path to a text file containing packages to be imported (must be in /app)
• deploymentType - ColdFusion deployment type (1 for Production, 2 for Development, 3 for Staging, 4 for Testing, 5 for Disaster Recovery) 
• profile - ColdFusion profile (1 for Production + Secure, 2 for Production, 3 for Development)
• allowedAdminIPList - List of IP addresses allowed to access the ColdFusion Administrator 
• cfsecretPath - Directory for storing secrets (default: /run/secrets)
• cfconfigPath - Directory for storing configurations (default: /configname) 
• CCSNodes - List of client nodes for the CCS server (e.g., localhost:8500 key1 (true/false))
• startCCS - Starts CCS server (true/false, default: false)

Environment Variable Updates in ColdFusion (2025 release)

New Variables:

• licenseFilePath
• licenseEdition
• cfsecretPath
• cfconfigPath
• CCSNodes
• startCCS

Changes in Variable Usage:

• deploymentType now accepts numerical values (1-5) instead of string-based values.
• profile now uses numerical values (1-3) instead of text-based labels.
• allowedAdminIPList can now be set for any ColdFusion profile, whereas in CF 2023 and earlier, it was only applicable to the Production + Secure profile.

Discontinued Variable:

• serial is no longer supported in CF 2025. It remains available for CF 2023 and earlier for license activation.

Supported Commands with ColdFusion Containers

• help
• start
• info
• cli <.cfm>

ColdFusion Container Management

Starting a Container

docker start cf-container

Stopping a Container

docker stop cf-container

Removing a Container

docker rm -f cf-container

Utilizing Docker Compose

Docker Compose enables the definition and execution of multiple services (such as a web application or a database) via a single configuration file (docker-compose.yml). Instead of manually executing multiple docker run commands, you can streamline the process by defining everything in a YAML file and initiating it with:

docker-compose up -d

Integrating ColdFusion with a MySQL Database

In this example, we extend the ColdFusion base image to include a MySQL driver and configure a MySQL datasource using ColdFusion’s Admin API.

Dockerfile

FROM coldfusion:latest 
COPY mysql-connector-java-commercial-8.0.11-bin.jar /opt/coldfusion/cfusion/lib 

Note: Ensure that mysql-connector-java-commercial-8.0.11-bin.jar is available in the current working directory.

ColdFusion Admin API Script

Create a file named setupColdFusion.cfm in the webroot to configure the MySQL datasource:

Configuring Docker Compose

To build and launch the container, create a docker-compose.yml file in a directory separate from the one containing Dockerfile and setupColdFusion.cfm. Ensure that the directory holding these files is named app.

docker-compose.yml

ColdFusion.env

Create a .env file (coldfusion.env) with the following content:

acceptEULA=YES
setupScript= setupColdFusion.cfm
password=ColdFusion123

Executing Docker Compose

Launch all services using:

docker-compose up -d 

The docker-compose.yml file defines a multi-container setup using Docker Compose. It specifies three main services—ColdFusion, Redis, and Addons—and configures their dependencies, networking, and deployment settings.

The setupColdFusion.cfm script executes automatically upon container startup, ensuring that the MySQL datasource is properly configured. Access the ColdFusion Administrator to verify the setup.

Docker Secrets

Docker secrets allow secure management of sensitive data in a Swarm environment. These secrets are encrypted both in transit and at rest and can only be accessed by services explicitly granted permission—only while their tasks are running.

Using Secrets in ColdFusion

In ColdFusion, you can securely pass sensitive credentials such as:

• ColdFusion Administrator Password
• CF Add-ons Password
• CF External Session Storage Password (Redis Password)

These credentials can be stored as Docker secrets. The secret names must match the corresponding environment variable names:

• password → ColdFusion Admin Password
• addonsPassword → CF Add-ons Password
• externalSessionsPassword → Redis Password

Example: Changing ColdFusion Admin Password

To change the ColdFusion Administrator console password inside a container, create a Docker secret named password. When the container starts, it automatically picks up this secret and updates the Administrator password accordingly.

Secret Storage Location

By default, secrets are available inside containers at:

/run/secrets/<secret_name>

If you need to store them in a custom location, specify the path using the cfsecretPath environment variable.

How to Create a Docker Secret

Create a Secret from a String

printf "myCFcomplexPassword" | docker secret create password - 

Create a Secret from a File

docker secret create password ./secret.txt 

Contents of secret.txt

myCFcomplexPassword 

Sample docker-compose.yml configuration

Sample variables.env File

acceptEULA=YES 
password=ColdFusion123 
cfsecretPath=/opt/secrets/

Secret Precedence in ColdFusion

If the same password is defined both as an environment variable and as a Docker secret, the secret takes precedence. In the example above, the CF Admin Console password will be myCFcomplexPassword, as it is retrieved from /opt/secrets/password, defined via cfsecretPath.

Managing Docker Configs for ColdFusion

Overview

Docker configs store non-sensitive configuration data in a Docker Swarm environment. They function similarly to secrets but are not encrypted at rest.

Storing ColdFusion Configuration in Docker Configs

ColdFusion supports storing the following environment variables in Docker configs:

• enableSecureProfile 
• configureExternalSessions 
• externalSessionsHost 
• externalSessionsPort 
• externalSessionsPassword 
• configureExternalAddons 
• addonsHost 
• addonsPort 
• addonsUsername 
• addonsPassword 
• addonsPDFServiceName 
• addonsPDFSSL 
• setupScript 
• setupScriptDelete 
• language 
• installModules 
• importCFSettings 
• importCFSettingsPassphrase 
• deploymentType 
• profile 
• allowedAdminIPList 

You can create a config with the same name as the configuration key (e.g., enableSecureProfile) or store multiple configurations in a single config file named cfconfig. 

By default, configs are available in the container under /<config_name>. You can specify a different path using the cfconfigPath environment variable.

Creating a Docker Config

Create a config from a command:

printf "scheduler" | docker config create installModules -

Create a config from a file:

docker config create cfconfig ./cfconfig.txt

Example cfconfig.txt file:

Example docker-compose.yml configuration

Running ColdFusion with Docker Swarm

docker swarm init 
docker stack deploy -c compose1.yml UsingCFConfig

Storing ColdFusion Config in JSON Format

The cfconfig file can store key-value pairs for each configuration setting or be formatted as a JSON file.

Sample config.json file:

Example docker-compose.yml Using JSON config:

Example variables.env file:

acceptEULA=YES 
cfconfigPath=/opt/config

Commands to start the container:

docker swarm init 
docker stack deploy -c docker-compose.yml cfconfig.json

Configuration Precedence: Environment Variables vs. Docker Configs

When a configuration is defined in both an environment variable and a Docker config, Docker gives precedence to the config.

Example scenario:

printf "cfmongodb" | docker config create installModules - 
docker config create cfconfig ./cfconfig.txt

Example cfconfig.txt file:

acceptEULA=YES 
installModules=scheduler

Example variables.env file:

installModules=debugger

Precedence Rules:

1. installModules is defined in:
   1. A separate Docker config (installModules)
   2. A multi-setting config (cfconfig)
   3. An environment variable (installModules in variables.env)
2. Docker prioritizes configs over environment variables.
3. The installModules config takes precedence, so cfmongodb is installed.
4. If installModules were not defined as a separate config, the system would read from cfconfig.
5. If neither config were defined, the environment variable would be used.

Central Configuration Server

You can start the CCS server and add nodes automatically during container startup using the ColdFusion Docker image. Configure the setup with the following environment variables:

CCSNodes

The CCSNodes variable contains a list of client nodes that will connect to the CCS server.

Each node should be formatted as:

hostname:port secretkey (true/false)

• hostname: The client's hostname or IP address.
• port: The port number used for communication.
• secretkey: A unique key for authentication, found in <cf_instancehome>/lib/ccs/ccs.properties.
• true/false: Indicates whether SSL is enabled (true for enabled, false for disabled). By default it is false.

Example:

hostname1:8500 mySecretKey1 true;hostname2:8501 mySecretKey2;hostname3:8502 mySecretKey3 false

Separate multiple client nodes with a semicolon (;).

If SSL is enabled for a node, set the last parameter to true; otherwise, leave it empty or set it to false.

startCCS

Set to true or false (default) to enable or disable CCS during startup.

Running the ColdFusion Container with CCS

Use the following docker run command:

docker run -dt -e acceptEULA=YES -p 8501:8500 -p 7071:7071 \ 
 -e startCCS=true -e CCSNodes="cfhost1:8500 key1;cfhost2:8443 key2 true;cfhost3:8502 key3" adobecoldfusion/coldfusion:latest

Using Docker Config for CCS

You can also configure CCS via a Docker config file. Example:

config.json

docker-compose.yml

variables.env

acceptEULA=YES 
cfconfigPath=/opt/config

Deploying CCS with Docker Swarm

Once everything is set up, initialize Docker Swarm and deploy the stack:

docker swarm init 
docker stack deploy -c docker-compose.yml ccsserver

ColdFusion Add-ons and Performance Monitoring Toolset

ColdFusion Add-ons

ColdFusion add-ons provide additional services like Solr (search) and PDFG (PDF Generation). These add-ons can run as separate Docker containers alongside your ColdFusion server using Docker Compose for better orchestration.

Pulling the ColdFusion Add-ons Image

ColdFusion add-ons images are available on Amazon ECR and Docker Hub.

From ECR:

docker pull public.ecr.aws/adobe/coldfusionaddons:latest 
docker pull public.ecr.aws/adobe/coldfusionaddons:latest-2025 
docker pull public.ecr.aws/adobe/coldfusionaddons2023:latest 

From Docker Hub:

docker pull adobecoldfusion/coldfusionaddons:latest-2025 
docker pull adobecoldfusion/coldfusionaddons:latest-2023 
docker pull adobecoldfusion/coldfusionaddons2023:latest

Supported Environment Variables

Required:

acceptEULA=YES

Optional:

solrUsername=<SOLR-USERNAME> 
solrPassword=<SOLR-PASSWORD>

Running ColdFusion Add-ons Containers

Basic usage:

docker run -dt -p 8993:8995 -e acceptEULA=YES public.ecr.aws/adobe/coldfusionaddons:latest start  

Specify Solr credentials:

docker run -dt -p 8994:8995 -e acceptEULA=YES -e solrUsername=admin -e solrPassword=admin adobecoldfusion/coldfusionaddons:latest

Performance Monitoring Toolset (PMT)

Before running PMT in a container, ensure system limits are set correctly:

ulimit -n 65536  
sysctl -w vm.max_map_count=262144

Pulling the PMT Image

PMT images are available on Amazon ECR and Docker Hub.

From ECR:

docker pull public.ecr.aws/adobe/pmt:latest 
docker pull public.ecr.aws/adobe/pmt:latest-2025 
docker pull public.ecr.aws/adobe/pmt2021:latest 

From Docker Hub:

docker pull adobecoldfusion/pmt:latest 
docker pull adobecoldfusion/pmt:latest-2023 
docker pull adobecoldfusion/pmt2021:latest 

Supported Environment variables:

Required:

acceptEULA=YES 
datastoreHost=<DATASTORE-HOSTNAME> 
datastorePort=<DATASTORE-PORT> 

Optional:

startPMT=true # Default: true 
startDatastore=true # Default: true 
dataStoreNodeName=<Cluster Node Name> 
dataStoreMaster=true # Default: true (Set false for additional nodes) 
dataStoreNodes=["host1:port1", "host2:port2"] 

Running PMT Containers

docker run -dt -p 9101:9101 -e acceptEULA=YES \ 
-e datastoreHost=<ElasticSearchHostName> \ 
-e datastorePort=<ElasticSearchPort> \ 
-e startDatastore=false \ 
adobecoldfusion/pmt:latest start 

Running ColdFusion and PMT with Docker Compose

Environment Files

pmt.env

acceptEULA=YES 
datastoreHost=pmt 
datastorePort=9200 
startDatastore=true

coldfusion.env

acceptEULA=YES 
password=ColdFusion123

docker-compose.yml

This setup ensures that both ColdFusion and PMT run together in a well-orchestrated Docker environment.

ColdFusion API Manager Docker Image

The Docker image for ColdFusion API Manager (APIM) is available on both Amazon ECR and Docker Hub. You can pull the latest images using the following commands:

Pulling the API Manager Image

Usage

Running API Manager from Amazon ECR:

docker container run -dt \ 
 -e apim_ acceptEULA=YES \ 
 -e apim_ datastoreHost=<Datastore Hostname> \ 
 -e apim_ datastorePort=<Datastore Port> \ 
 -e apim_ analyticsHost=<Analytics Server Hostname> \ 
 -e apim_ analyticsPort=<Analytics Server Port> \ 
 -e apim_ analyticsClusterPort=<Analytics Server Cluster Port> \ 
 -e apim_ analyticsClusterName=<ElasticSearch Cluster Name> \ 
 public.ecr.aws/adobe/apimanager:latest   

Running API Manager from Docker Hub:

docker run -dt -p 8500:8500 \ 
 -e apim_ acceptEULA=YES \ 
 -e apim_ datastoreHost=<Hostname> \ 
 -e apim_ datastorePort=6378 \ 
 -e apim_ analyticsHost=10.42.70.250 \ 
 -e apim_ analyticsPort=9201 \ 
 -e apim_ analyticsClusterPort=<Cluster Port> \ 
 -e apim_ analyticsClusterName=<ElasticSearch Cluster Name> \ 
 apimanager:latest   

Docker Compose Configuration

The following is a sample docker-compose.yml configuration:

Environment Files

apimanager.env

apim_ acceptEULA=YES   
apim_ serial=<enter serial number>   
apim_Password=APIManager123   
apim_ datastoreHost=datastore   
apim_ datastorePort=6379   
apim_ datastorePassword=MyRedisPassword   
apim_ analyticsHost=analytics   
apim_ analyticsPort=9200   
apim_ analyticsClusterPort=9300   
apim_ analyticsClusterName=apim-analytics

analytics.env

acceptEULA=YES
startAnalyticsService=true
analyticsClusterName=apim-analytics

datastore.env

acceptEULA=YES
startDatastoreService=true
datastorePassword=MyRedisPassword