diff --git a/config/default/.htaccess b/config/default/.htaccess
new file mode 100644
index 0000000..c323d54
--- /dev/null
+++ b/config/default/.htaccess
@@ -0,0 +1,27 @@
+# Deny all requests from Apache 2.4+.
+<IfModule mod_authz_core.c>
+  Require all denied
+</IfModule>
+
+# Deny all requests from Apache 2.0-2.2.
+<IfModule !mod_authz_core.c>
+  Deny from all
+</IfModule>
+
+# Turn off all options we don't need.
+Options -Indexes -ExecCGI -Includes -MultiViews
+
+# Set the catch-all handler to prevent scripts from being executed.
+SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+<Files *>
+  # Override the handler again if we're run later in the evaluation list.
+  SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
+</Files>
+
+# If we know how to do it safely, disable the PHP engine entirely.
+<IfModule mod_php5.c>
+  php_flag engine off
+</IfModule>
+<IfModule mod_php7.c>
+  php_flag engine off
+</IfModule>
\ No newline at end of file
diff --git a/web/sites/default/settings.php b/web/sites/default/settings.php
new file mode 100644
index 0000000..cbba35e
--- /dev/null
+++ b/web/sites/default/settings.php
@@ -0,0 +1,15 @@
+<?php
+
+$databases['default']['default'] = [
+  'driver' => $_SERVER['DATABASE_DRIVER'],
+  'host' => $_SERVER['DATABASE_HOST'],
+  'database' => $_SERVER['DATABASE_NAME'],
+  'username' => $_SERVER['DATABASE_USER'],
+  'password' => $_SERVER['DATABASE_PASSWORD'],
+  'port' => $_SERVER['DATABASE_PORT'],
+  'prefix' => '',
+  'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql',
+  'collation' => 'utf8mb4_general_ci',
+];
+
+$settings["config_sync_directory"] = '../config/default';