TYPO3 Application context: Development or Production

Screenshot showing the current application context in the "System Information" box

The current application context is displayed on the top-right in the "System Information" box

A TYPO3 instance is often used in different contexts that can adapt to your needs.

You can use the application context to differentiate between different environments / servers.

There are 3 major application context groups:

Development
To be used during development. Debugging is enabled by default.
Production
Debugging and deprecation logs are deactivated by default.
Testing
To be used in automated testing.

You can define arbitrary strings as a subcontext for example Development/Local or Production/Stage.

Setting the application context

If the application context is not set it is Production by default so that you don't have to do anything on the production server.

In DDEV you should set the application context to Development/Local to enable debugging and different site configurations for DDEV and your live server.

Create a file called docker-compose.context.yaml in your .ddev path with the following content:

[project root]/.ddev/docker-compose.context.yaml
version: '3.6'
services:
  web:
    environment:
      - TYPO3_CONTEXT=Development/Local
Copied!

Restart DDEV using

ddev restart
Copied!

Local development

When you installed TYPO3 with DDEV, DDEV automatically created a file called config/system/additional.php for you. This file includes server settings needed only during development, including:

  • A connection to the local database in DDEV
  • Configuration of Mailpit to enable debugging of emails
  • Image magic configuration so that images can be scaled and edited
  • Enabling enhanced error reporting

You should not deploy this file to your production server but create one just for the production server. See section Production environment

Production environment

It is not recommended to put credentials into a file that is kept under version control. However, many other settings should be kept under version control.

We recommend putting all configuration containing credentials into a special file that is not kept under version control and include it in your config/system/additional.php.

Create a file called config/system/credentials.php:

config/system/credentials.php
<?php

defined('TYPO3') or die();
$customChanges = [
    'BE' => [
        'installToolPassword' => 'some encrypted string',
    ],
    'DB' => [
        'Connections' => [
            'Default' => [
                'dbname' => 'my_db',
                'host' => 'localhost',
                'password' => '<secure password>',
                'user' => 'my_db_user',
            ],
        ],
    ],
    'SYS' => [
        'encryptionKey' => 'replace with generated encryption key',
    ],
];
Copied!

You can now include this file in your config/system/additional.php:

config/system/additional.php
<?php

defined('TYPO3') or die();

$customChanges = [
];

$GLOBALS['TYPO3_CONF_VARS'] = array_replace_recursive($GLOBALS['TYPO3_CONF_VARS'], (array)$customChanges);
$file = realpath(__DIR__) . '/credentials.php';
if (is_file($file)) {
    include_once($file);
    $GLOBALS['TYPO3_CONF_VARS'] = array_replace_recursive($GLOBALS['TYPO3_CONF_VARS'], (array)$customChanges);
}
Copied!

The following steps are needed for a secure production context:

  • Generate a unique encryption key and put it in $customChanges['SYS']['encryptionKey'] in your config/system/credentials.php.
  • Choose a new install tool password and put its hash into $customChanges['BE']['installToolPassword'].
  • Replace the database credentials in the $customChanges['DB']['Connections']['Default'] section with database credentials for your server.

Further settings important for security can be made directly in the config/system/additional.php:

config/system/additional.php
<?php

defined('TYPO3') or die();

$customChanges = [
    'BE' => [
        'debug' => '0',
    ],
    'FE' => [
        'debug' => '0',
    ],
    'SYS' => [
        'trustedHostsPattern' => 'SERVER_NAME', // keep this if it is working on your server
        'devIPmask' => '127.0.0.1,::1', // localhost oly
        'displayErrors' => 0, // Turn off error reporting
    ],
];

$GLOBALS['TYPO3_CONF_VARS'] = array_replace_recursive($GLOBALS['TYPO3_CONF_VARS'], (array)$customChanges);
$file = realpath(__DIR__) . '/credentials.php';
if (is_file($file)) {
    include_once($file);
    $GLOBALS['TYPO3_CONF_VARS'] = array_replace_recursive($GLOBALS['TYPO3_CONF_VARS'], (array)$customChanges);
}
Copied!

Please refer to the security guide in getting started to check which settings are currently recommended for a secure production environment:

Global TYPO3 configuration options

Suggested configurations might change in future security bulletins.

You can put any of the suggested changes into the $customChanges array of your config/system/additional.php.