Secure directory structure

daybugging · January 23, 2019, 9:25am

Hey there,
just a quick question, and I guess you can help me out easily:

What parts of a Kirby installation need to be in the “public” (root) directory of the webserver? Kirby docs mention that you should put some stuff below root, and also Composer’s vendor shouldn’t be publicly available, so what’s the most hardened setup for Kirby v3?

Thank you all for making the new version such a great tool!
daybuggin’

texnixe · January 23, 2019, 9:34am

Check out the getkirby.com website repo itself. The /www folder is the web root that contains the public facing files, basically only the assets, the index.php (and the media folder, that doesn’t exist in the repo). The public folder setup is defined in the index.php

daybugging · January 23, 2019, 9:36am

Thanks, that’s helpful!

As always

luca · March 10, 2020, 10:48pm

What’s the differenc between the setup for getkirby.com in the /www folder and the explananation of a public folder setup in Kirby’s Guide?

texnixe · March 10, 2020, 10:52pm

This is the index.php from the getkirby.com website:

<?php

include '../kirby/bootstrap.php';

$kirby = new Kirby([
    'roots' => [
        'index'   => __DIR__,
        'content' => __DIR__ . '/../content',
        'site'    => __DIR__ . '/../site',
    ],
]);

echo $kirby->render();

If you compare that to the version in the guide, you will notice that the guide example has an additional storage folder, where the /accounts, /session and cache folders are located.

Both are just examples, nothing you have to follow.

luca · March 10, 2020, 10:56pm

Thanks for the lightning fast reply. I’m still new to this and want the setup to be as secure, as possible. So I can just use any of both examples…

texnixe · March 10, 2020, 10:58pm

Note that such a setup only makes sense if you are not on shared hosting, because on shared hosting, you cannot usually put anything above the document root.

bnomei · March 11, 2020, 8:27am

you can find a more advanced public folder setup here. this one puts all data that might change in the storage folder (good for automized zero-downtime deployments). since that requires a symlink for kirbys media folder i would not recommend it for beginners but it provides another example how versatile kirbys roots can be configured.

luca · March 12, 2020, 10:31pm

Thank you, I will check that out, when I am ready to deploy my site. This is such a cool community!

Topic		Replies	Views
Secure folder setup and router script Questions 🤔 security	9	843	August 27, 2021
Kirby setup on hosting without public or public_html directory Questions 🤔	1	312	January 12, 2022
Public folder set up, missing kirby in path? Solved ✅	6	386	September 28, 2021
Recommended project structure Kirby 3	1	214	July 24, 2023
Documentation: Public folder setup Questions 🤔	4	2074	January 15, 2022

Secure directory structure

Related Topics