Skip to main content

The Drupal settings file done right

I’m a big fan of brevity. This is why I take a few minutes at the start of every project to clean up the settings.php file, make it simpler, and sprinkle in a few things to make local development and on-boarding easier.

First off, we remove the unneeded bits in the file. All of the comments and commented out code are removed. What we are left with is a short file. But wait! What about all the helpful information in the comments? Well, that is exactly why the default.settings.php file exists.

The second thing we do is add support for local developer settings. Over the years I think I’ve tried all the methods out there, and never liked any until we came across this one. Every local developer creates a file called secret.settings.php that isn’t tracked in version control.

docroot/sites/default/secret.settings.php

Then in our settings.php file we add this block at the end:

/**
 * Secret settings file for local development only.
 *
 * This file should NEVER be committed to version control and should never exist
 * on a non-local development machine.
 */
if (file_exists('./' . conf_path() . '/secret.settings.php')) {
  require './' . conf_path() . '/secret.settings.php';
}

The idea is that we only include secret settings if it exists, as it never will on your hosting platform. We also keep this file out of version control as the settings in this file are unique for every developer.

But what about on-boarding? To allow developers to get up to speed quickly we keep a file called example.secret.settings.php in version control that serves as a starter for the secret.settings.php file.

Here is a typical example.secret.settings.php folder for a Drupal site using Vagrant (more on that soon!):

<?php
 
/**
 * Example secret settings PHP file for making MAG run on your local install.
 *
 * This is configured to connect from your local to a Vagrant box running on
 * your local when running from Drush.
 */
 
$databases['default']['default'] = array(
  'driver' => 'mysql',
  'database' => 'dbname',
  'username' => 'root',
  'password' => '',
  'host' => '127.0.0.1',
  'prefix' => '',
  'collation' => 'utf8_general_ci',
);
 
// This allows us to use Drush without a Drush alias.
if (php_sapi_name() == 'cli') {
  $databases['default']['default']['port'] = '3307';
 
  $conf['memcache_servers'] = array(
    '127.0.0.1:11212' => 'default',
  );
}
 
// For local development we need to make the local solr server is the default.
$conf['apachesolr_default_environment'] = 'solr';
 
// Force showing PHP errors.
error_reporting(E_ALL);
ini_set('display_errors', '1');
 
$conf['file_temporary_path'] = '/tmp';
 
$conf['securepages_basepath'] = 'http://127.0.0.1:8080';
$conf['securepages_basepath_ssl'] = 'https://127.0.0.1:8443';
 
// If we didn't set this than base_url would be used for the cookie domain and
// that is different on http v https when both use different non-standard port
// numbers.
$cookie_domain = 'localhost';

Lastly, here is what a typical Drupal settings.php file looks like for one of our projects (I removed the database credentials which would appear here):

<?php
 
/**
 * Core Drupal settings.
 */
$update_free_access = FALSE;
$drupal_hash_salt = 'some nice hash from here: http://www.passwordtool.hu/';
 
/**
 * Needed PHP setting tweaks.
 */
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
ini_set('session.gc_maxlifetime', 200000);
ini_set('session.cookie_lifetime', 2000000);
 
/**
 * Fast 404 configuration.
 */
$conf['404_fast_paths_exclude'] = '/\/(?:styles)\//';
$conf['404_fast_paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i';
$conf['404_fast_html'] = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "@path" was not found on this server.</p></body></html>';
 
/**
 * Enabled mixed-mode SSL.
 *
 * This enables a user to use the same session over HTTP and HTTPS. Normally
 * this is really bad, but in conjuction with the Secure Pages module we ensure
 * that SSL is forced for any admin area of Drupal.
 *
 * @see https://www.drupal.org/https-information
 */
$conf['https'] = TRUE;
 
/**
 * Secret settings file for local development only.
 *
 * This file should NEVER be committed to version control and should never exist
 * on a non-local development machine.
 */
if (file_exists('./' . conf_path() . '/secret.settings.php')) {
  require './' . conf_path() . '/secret.settings.php';
}

Coming soon: My next post will cover how we tune the Drupal settings file for the Acquia Enterprise Cloud.

Profile picture for user justin

Justin
Emond

@justinpemond
CEO & Founder

Justin Emond is an engineer, project manager, published author, and the co-founder of Third and Grove. Justin has worked on both sides of the technology world, both in internal technology departments and as a consultant delivering services to those on the inside. Justin is the author of Pro Web Project Management (Apress, 2011), a pragmatic guide to managing web projects. Prior to Third and Grove, Justin was a Senior Project Manager at Urban Insight. In addition to Third and Grove, Justin created Droptor, a web application that helps teams manage sites powered by the Drupal content management system. Justin has a degree in Psychology from the University of Southern California.

Articles by Justin


What can we do for your project?

Start the Conversation