Secure folder setup and router script

Hi there.

I am trying to setup Kirby v3 above the web root but I cannot get it to run in my local dev env (php -s with router script flag).

Here is how the folder structure looks like:

/www # → The web root
   — .htaccess
   — index.php

Inside my index.php I have the following:

# index.php

include '../kirby/bootstrap.php';
$kirby = new Kirby([
   'roots' => [
      'index'   => __DIR__,
      'content' => __DIR__ . '/../content',
      'site'    => __DIR__ . '/../site',
echo $kirby->render();

When I start it with cd /www && php -S localhost:8000 ../kirby/router.php I get errors in Kirby/router.php (assuming because the $root var doesn’t point to the correct __DIR__). If I omit the router script the server starts up but then no media is found.
Any thoughts on this?
Also: Can the /media folder also be placed outside the webroot?

please read the “public folder setup” in the docs. apart from naming the public folder www i think it should solve your problem.

a note aside: using relative paths with /../ might need a wrapping realpath(). but i do not think thats the problem here. just follow the public folder setup.

you might need to change the router php but someone else needs to comment on that because i never use that one. mamp/xampp/valet/homestead are mostly free and provide a more well rounded solution especially when debugging with xdebug.

oh and welcome to the forum. :confetti_ball:

1 Like

since i use the public folder myself exclusively i created a modified version of the plainkit which you can use as reference or clone. but its intended to be used with composer so i am not sure it fits your needs today.

1 Like

Thanks @bnomei for your help. I was off the last days ust catching up with stuff. I will try out what you mentioned.

This is one of the reasons I want to rewrite the Kirby roots tbh :slight_smile:


Is your plainkit supposed to work tih php -S ?

Addednum: Just tested it with the router script, it doesn’t work :confused:

To answer this question: No, the /media folder needs to be publicly accessible.

We do not recommend or support use of the built-in server. For custom setups, I recommend you use a different development environment.

For using PHP’s CLI router, the only workable approach I’ve found is to create a custom “router” file to replace Kirby’s default (kirby/router.php). When doing this, copy Kirby’s router.php file and change this line

$root = dirname(__DIR__);

to this

$root = __DIR__;

It’s a good idea to name the custom router file something like devRouter.php (to make it clear that it’s only for use locally, for development purposes). Place it in the root of your public/ww folder.

It’s also likely a good idea to leave a big comment in the file to explain that it’s modified from Kirby’s router.php file.

I really like this setup, thanks, what do you recommend for permissions?

I’m thinking about

sudo chown -R $USER:www-data storage
sudo chmod -R 0775 storage

or do you consider this too exhaustive?

running nginx on ubuntu 20