Hey there,
just a quick question, and I guess you can help me out easily:
What parts of a Kirby installation need to be in the “public” (root) directory of the webserver? Kirby docs mention that you should put some stuff below root, and also Composer’s vendor shouldn’t be publicly available, so what’s the most hardened setup for Kirby v3?
Thank you all for making the new version such a great tool!
daybuggin’
Check out the getkirby.com website repo itself. The /www folder is the web root that contains the public facing files, basically only the assets, the index.php (and the media folder, that doesn’t exist in the repo). The public folder setup is defined in the index.php
If you compare that to the version in the guide, you will notice that the guide example has an additional storage folder, where the /accounts, /session and cache folders are located.
Both are just examples, nothing you have to follow.
Note that such a setup only makes sense if you are not on shared hosting, because on shared hosting, you cannot usually put anything above the document root.
you can find a more advanced public folder setup here. this one puts all data that might change in the storage folder (good for automized zero-downtime deployments). since that requires a symlink for kirbys media folder i would not recommend it for beginners but it provides another example how versatile kirbys roots can be configured.