drop's picture

When setting up my backdrop site, what's be best-practice when it comes to choosing a location for my configuration directories?

And are there any pro-tips for managing my configuration in version control?

Accepted answer

That's a great question @drop,

By default Backdrop puts the directories that contain your configuraiton (JSON) files inside the "files" directory, located in the Backdrop root. This means that if your site lives at www.example.com, your files would live at www.example.com/files, and your config would live at some location like www.example.com/files/config_a3d3212056a45b0863327cd8fd4334ef.

Though this is a fairly safe location -- because its unlikely that someone could guess the long hash at the end of the config directory name -- there is a better way.

We recommend that for a best-practice set-up, you should move that config directory outside your web root, so that it is not at all accessible to prying eyes. This means that if your site was on your server at a location like var/www/html your config directory would be at a location like /var/www/config.

With any change to the location of your configuration directory, you'll need to update the settings.php file for your site, to match. For the example above, the settings file will end up looking something like this:

$config_directories['active'] = '../config/active';
$config_directories['staging'] = '../config/staging';

Comments

jenlampton's picture

That's a great question @drop,

By default Backdrop puts the directories that contain your configuraiton (JSON) files inside the "files" directory, located in the Backdrop root. This means that if your site lives at www.example.com, your files would live at www.example.com/files, and your config would live at some location like www.example.com/files/config_a3d3212056a45b0863327cd8fd4334ef.

Though this is a fairly safe location -- because its unlikely that someone could guess the long hash at the end of the config directory name -- there is a better way.

We recommend that for a best-practice set-up, you should move that config directory outside your web root, so that it is not at all accessible to prying eyes. This means that if your site was on your server at a location like var/www/html your config directory would be at a location like /var/www/config.

With any change to the location of your configuration directory, you'll need to update the settings.php file for your site, to match. For the example above, the settings file will end up looking something like this:

$config_directories['active'] = '../config/active';
$config_directories['staging'] = '../config/staging';

Perhaps worth noting that in config_a3d3212056a45b0863327cd8fd4334ef the a3d3212056a45b0863327cd8fd4334ef part is a unique hash per Backdrop app.  So the hash for your app will be different.