Flarum pointing /public folder to root

[Flammable]

I have a shared hosting with DirectAdmin.
I have installed Flarum with softacolous, but the folder is ./flarum/public.
I'd want to have the forum in /flarum not /flarum/public.
As the official docs says for security reasons it is recommended to leave the forum in /public but using an alias to navigate into it in the root.

How to do it? In DirectAdmin I do not find that section.

After seeing a few of /public related posts I'm wondering if people get why we're doing this in the first place (no offense, we might genuinely need a better explanation in the docs)


Multiple people seem to have installed Flarum "the old way" and actually kept /public in the url, which completely defeats the purpose.


The thing to remember is that you don't want storage, vendor, flarum, config.php, composer.json and composer.lock be served publicly. ever. That's because they are sensitive files. config.php and storage because they contain sensitive data, vendor and flarum because they can expose untrusted code that anyone will be able to run and composer.* because they contain advanced information on your setup.


Now there are two choices. Either you don't place these folders under the webroot (where everything will be served by the web server), or you place them there but you make extra sure to tell the web server to never return them.


Which itself leads to 3 placement options in my opinion:

Dedicated folder, own webroot (recommended)​

That's kind of the new standard, in particular for modern web applications like Laravel. You install Flarum in a folder wherever you want, but not under the webroot.


For example place Flarum in /home/ubuntu/flarum.


Then in the web server config, add a virtualhost (for own hostname) or alias (for subfolder), pointing the webroot to /home/ubuntu/flarum/public.


This means all files in /home/ubuntu/flarum but out of /public will never be served by the web server, keeping you safe.

 

[Richard G]

I have a shared hosting with DirectAdmin.

In that case you're not on the correct forum. This forum is only for DA license holders, so admins.
Hosting customers should ask support with their host.

To help you a little bit.... a good starting point is reading the documentation of flarum installation:

Installation | Flarum Documentation

Feel free to give Flarum a spin on one of our demonstration forums. Or set up your own forum in seconds at Free Flarum, a free community service not affiliated with the Flarum team.

docs.flarum.org

Especially this part:

However, if you wish to host Flarum in a subdirectory (like yoursite.com/forum), or if your host doesn't give you control over your webroot (you're stuck with something like public_html or htdocs), you can set up Flarum without the public directory.

If you intend to install Flarum using one of the archives, you can simply use the no-public-dir (Public Path = No) archives and skip the rest of this section.

And for any other questions I would suggest to use the flarum support forum and/or your host.

 

[Ohm J]

using subdomain, you can change the public directory like you want, other methods "no" unless you have the power access as "admin".

end. no more replies here.