Configuration
Symphony stores its runtime configuration in two files within the configuration directory. These files are generated automatically during the initial setup wizard and can be edited afterward to change behaviour.
The commands on this page vary by deployment method. Refer to your deployment documentation for environment-specific details.
Configuration Directory
The configuration directory location depends on the deployment method:
| Deployment | Path |
|---|---|
| Linux (systemd) | /var/lib/symphony/ |
| RPM (systemd) | /var/lib/symphony/ |
| Docker Compose | /config/ inside the symphony container |
| Kubernetes | /config/ on the PersistentVolumeClaim |
The directory contains symphony.config (JSON, application settings), nats.config (embedded messaging server), log files, account JWTs, and JetStream storage data. For a complete description of every field, see the Configuration Reference.
Editing Configuration
After the initial setup wizard completes, you can edit the configuration files and restart Symphony to apply changes.
Linux
# Edit symphony.config
sudo vi /var/lib/symphony/symphony.config
# Restart to apply changes
sudo systemctl restart symphony
Docker Compose
# Copy config out, edit, copy back
docker compose cp symphony:/config/symphony.config ./symphony.config
vi ./symphony.config
docker compose cp ./symphony.config symphony:/config/symphony.config
# Restart to apply changes
docker compose restart symphony
Kubernetes
# Copy config out, edit, copy back
kubectl cp <pod>:/config/symphony.config ./symphony.config
vi ./symphony.config
kubectl cp ./symphony.config <pod>:/config/symphony.config
# Restart to apply changes
kubectl rollout restart deployment/symphony
Enabling Debug Logging
To enable NATS debug logging, uncomment the relevant lines in nats.config:
debug: true
trace: true
Debug and trace logs are written to log/nats.log in the configuration directory. Disable debug logging after investigation as it generates significant output.
Backing Up Configuration
The configuration directory should be backed up regularly. It contains all the state needed to restore a Symphony deployment—including the cryptographic identity seeds that are the trust root for every user account, API key, and extension token.
The JetStream store under storage/ is not safe to copy with tar or cp while Symphony is running. Use cirata symphony backup (recommended), a CSI volume snapshot, or stop the server before copying /config.
# Recommended: cirata symphony backup produces a consistent archive
# against the running instance.
cirata symphony backup --output ./backup.tar
See Backup and Recovery for the full list of supported approaches, restore procedures, and verification steps. The identity seeds in symphony.config are particularly important—without them, existing user accounts, API tokens, and extension credentials cannot be validated.
See Also
- Configuration Reference—Complete field reference for
symphony.configandnats.config - OIDC Configuration—Configuring external OIDC providers
- TLS and Certificates—Certificate management for all communication paths
- Security Hardening—HTTP security headers, CSP, process isolation, and network exposure
- RBAC Configuration—Configuring role-based access control
- High Availability—Multi-instance clustering
- Backup and Recovery—Backup schedules, procedures, and offsite storage