Moving your app out of DOCROOT

Derek Jones edited this page Jul 5, 2012 · 6 revisions
Clone this wiki locally

Category:Help | Category:Help::TipsAndTricks

I know this is covered in the user_guide but I thought a brief, illustrated example would also help to show how the vast majority of your Code Igniter installation can be moved away from your web server's doc root (and therefore, enjoy a little extra security). For this, I'm going to assume a web server directory system path that looks something like this.

/home/joeuser/public_html

In a normal Code Igniter installation, everything would be placed in the htdocs directory, a la

/home/joeuser/public_html
                       |_ index.php
                       |_ system
                             |_application
                             |       |_config
                             |       |    |_config.php
                             |       |_controllers
                             |       |_ ... etc
                             |       |_ views
                             |_cache
                             |_codeigniter
                             |_database
                             ...
                             |_scaffolding

All well and good as long as every php file starts with the "if not defined BASEPATH" directive and your server doesn't get so overwrought with traffic that it starts serving unparsed php scripts as plain text.

A slightly more secure approach is to move the system folder out of the docroot completely. Doing so is really quite simple.

If you're on a windows server, you could just right click + cut, followed by right click + paste (in the relevant places, obviously).

If you're using an FTP client, try right clicking the system folder and see if you have a MOVE option in the context menu that pops up.

If you have shell access to a *nix like environment, then the following commands will do the job.

cd /home/joeuser/public_html
mv ./system ../

What we're aiming for is something like this:

/home/joeuser
           |_public_html
           |      |_ index.php
           |
           |_ system
                |_application
                |       |_config
                |       |    |_config.php
                |       |_controllers
                |       |_ ... etc
                |       |_ views
                |_cache
                |_codeigniter
                |_database
                ...
                |_scaffolding

Leaving just index.php in your web server's document root folder (and possibly .htaccess if you're using mod_rewrite)

Now to get the whole thing working again, simply edit your index.php file in your document root so that the system folder can be found in its new location.

In index.php, find:

$system_folder = "system";

And replace with:

$system_folder = "../system";

A two minute job to give you slightly better security for your web application.

References

For the user guide page for doing something similar, see here: http://codeigniter.com/user_guide/general/managing_apps.html

Further notes

Obviously, if you have any static files that need to be served from your web servers docroot (for example, images and stylesheets) then they need to stay inside the public_html folder too - the aim of this page is simply to make all of the system and application scripts directly inaccessible to the web server processes.