I'm a programmer by trade, "server administrator" by company necessity.
We're looking at dumping the old painful "update site by FTP upload" style of deployment. Having the webserver check out the latest code base from version control into a folder and having a "current" symlink point to the latest checkout (allowing for easily stepping back to an older version by changing the symlink) seems to be the way we want to go.
But I have a question: what's a good practice for dealing with user-uploaded content? This stuff isn't in version control. I have a couple of ideas for dealing with this, but what is the smart, accepted practice?
If the uploaded content is all in one directory, I can see two ways.
The first method requires no real code changes, while the 2nd method seems a bit cleaner to me.
User-uploaded content should not be placed in version control, as you mentioned. However, they should still be backed up.
I recommend simply setting up a daily cron backup script that would rsync, tar, rdiff-backup, or whatever, and upload the data to another server. Of course, the approach you take would depend on the importance of your data; for truly critical information, you may want to set up instant replication (for databases especially: read up on database replication).
I only deal with images and avatars for user-content. As well as a load balanced web severs. I relegate all uploaded content to one web server, that is backed up daily. I then setup a rsync server on the content server. The web servers request the new files via rsync every minute on a cronjob. All the files are then replicated and backed up!
You should place it somewhere outside webserver root,
/var/upload/
for example. It has security considerations: webserver code must not be exposed to uploaded code, and it can happen, if you mix these two things and set wrong permissions. And you keep your content between upgrades.If users upload small files, the best way is to store them in database.
I suspect you may be over thinking this a bit. While the preferred option is to simply have the web content and the uploaded files isolated, you could also just exclude the upload directory (and sub-directories?) from the version control.