The hosting folder is /html (anything in this folder is live to the Internet)
The / root folder is not live, but can be used
The above assumes you have not changed the structure of the root for the siteworx account
So in your example, your hosting folder to use for website is /html
You could then setup a folder /uploads from / root, which is not accessable to Internet users browsing your website, whilst allowing for your upload code to place/store files in /upload folder
Whmcs and a lot of other websites use the above, but the folders are called differently
Where exactly should i place the Uploads folder? The current path where my application is hosted is:
/chroot/home/xyzuser/domain.com/html/
Where should i place the Upload folder?
Note: The manual on my software says in the Upload folder section: “We recommend moving Upload folder to a non-public location outside/above your web root to prevent web based access.”
You would use your location 1, as this is accessable by FTP client
Your location 2, whilst works as you expect, is not accessable by FTP and therefore restrictive to your siteworx account. It is not advisable to change permissions to allow your siteworx account access to this folder
Regarding location 1, on my InterWorx installation it’s accessible using the default FTP account created for the SiteWorx user. I have put there the Uploads folder using FileZilla FTP client.
But that is not important now, because i think im doing it wrong because i did not understand properly the manual.
I have contacted the software developer asking them about both the Locations 1 and 2 and where should i put the Upload folder and their response was exactly as i quote bellow:
We recommend putting the uploads directory above any publicly accessible directories. If you must put it within your doc root, you should block access to all files within it using a mod_rewrite or other rule specific to your web server.
So as you can see from their response i making this the wrong way. I must put the Upload folder Above any publicity directory. So can you help me understand this?
What should i do and where should i pout the Upload folder?
Hi Nqservices
What’s in a name!
If it helps you understand easier, the following are all the same folder, but called differently
docroot
doc root
document root
html
hosting root
host root
hostroot
public
public_html
web root
webroot
The above are all the same folder, the folder which you store your website files so the public can view your website.
your option 1 location (using root folder / ) is correct and is outside of pubic access.
Your siteworx client can see the root folder (/, /html, /iworx-backup and /uploads) using FTP client or filemanager once logged into their siteworx account
I hope it helps
Many thanks
John
I now need to install a different software that also requires to be installed “Behind Document Root” to be more secure.
The application is a project manager named Activecollab (but is not the latest version. Instead is an older v3 version).
Anyway, im reading the documentation but is one part that i still did not understand and maybe you can help me. You can read the section that says: “Install activeCollab Behind the Document Root” at:
Hi Nqservices
many thanks, and you would FTP into your domain, at root level create the 2 required folders (/uploads and /thumbnails), upload your website, and run the install.
Then you add to the config/config.php to the following:
define(‘PUBLIC_HTML_AS_DOCUMENT_ROOT’, true);
save and you shuold be good.
Please note - as I do not use this software, and have not fully read the manual, only the provided section of the manual, there maybe other areas which require further changes.
So, using your example of mydomain.com, it would be:
FTP to mydomain.com
goto / folder (root folder, where you see /html and /iworx-backup)
create 2 folders called /uploads and /thumbnails, so should now show:
/html
/iworx-backup
/uploads
/thumbnails
upload your website to the /html folder
Run your website installer
Confirm website runs as expected. if so
edit your config.php (from folder /html/config) and add the above line shown, define(‘PUBLIC_HTML_AS_DOCUMENT_ROOT’, true) and then save
test website again to confirm all works as expected
If you then want to use https access, you need to edit your config.php, and change the following:
define(‘ROOT_URL’, ‘http://example.com/public_html’)
to
define(‘ROOT_URL’, ‘https://example.com/public_html’)
I hope that helps
Many thanks
John