Skip to main content

Document Root Configuration

Critical Security Requirement: Your web server’s document root MUST point to the /public folder.
The public folder is the only directory that should be accessible via the web. This prevents direct access to:
  • Application code in /application
  • Configuration files
  • .git repository
  • System files and temp directories
Correct structure: 
/var/www/html/myproject/
├── application/          # NOT accessible via web
├── public/              # Document root points HERE
│   ├── index.php
│   ├── css/
│   └── js/
├── .git/                # NOT accessible via web
└── .htaccess            # Fallback redirect

Apache Configuration

Step 1: Enable mod_rewrite

mod_rewrite is essential for clean URLs in MINI. 
sudo a2enmod rewrite
sudo service apache2 restart
Detailed guide: Enable mod_rewrite on Ubuntu 14.04 LTS

Step 2: Configure Virtual Host

Create or edit your virtual host configuration: 
<VirtualHost *:80>
    ServerName myproject.local
    DocumentRoot "/var/www/html/myproject/public"
    
    <Directory "/var/www/html/myproject/public">
        AllowOverride All
        Require all granted
        Options -Indexes
    </Directory>
    
    ErrorLog ${APACHE_LOG_DIR}/myproject-error.log
    CustomLog ${APACHE_LOG_DIR}/myproject-access.log combined
</VirtualHost>
  • ServerName: Your local domain (add to /etc/hosts or C:\Windows\System32\drivers\etc\hosts)
  • DocumentRoot: Points to the /public folder
  • AllowOverride All: Allows .htaccess to work
  • Options -Indexes: Prevents directory listing
  • Require all granted (2.4) or Allow from all (2.2): Grants access
Save to:
  • Ubuntu/Debian: /etc/apache2/sites-available/myproject.conf
  • CentOS/RHEL: /etc/httpd/conf.d/myproject.conf
  • XAMPP: xampp/apache/conf/extra/httpd-vhosts.conf
Enable the site (Ubuntu/Debian): 
sudo a2ensite myproject
sudo service apache2 reload

Step 3: .htaccess Configuration

MINI includes a pre-configured .htaccess file in /public/.htaccess:
public/.htaccess
# Necessary to prevent problems when using a controller named "index"
Options -MultiViews

# Activates URL rewriting
RewriteEngine On

# Prevent directory listing
Options -Indexes

# Rewrite rules
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
This file is already included with MINI. You don’t need to create it manually.

Fallback .htaccess

The root .htaccess provides fallback if the document root isn’t set to /public:
.htaccess (root)
RewriteEngine on
RewriteRule ^(.*) public/$1 [L]
This is a fallback only. Always configure your document root properly for production.

nginx Configuration

nginx is fully supported with the following configuration:
/etc/nginx/sites-available/myproject
server {
    server_name default_server _;   # Listen to any servername
    listen      [::]:80;
    listen      80;

    root /var/www/html/myproject/public;

    location / {
        index index.php;
        try_files /$uri /$uri/ /index.php?url=$uri;
    }

    location ~ \.(php)$ {
        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}
  • Adjust fastcgi_pass for your PHP-FPM socket location:
    • PHP 5.x: unix:/var/run/php5-fpm.sock
    • PHP 7.0: unix:/var/run/php/php7.0-fpm.sock
    • PHP 7.4: unix:/var/run/php/php7.4-fpm.sock
    • PHP 8.0: unix:/var/run/php/php8.0-fpm.sock
    • Or TCP: 127.0.0.1:9000
  • root must point to the /public folder
  • For detailed discussion, see GitHub issue #55
Enable the site: 
sudo ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled/
sudo nginx -t  # Test configuration
sudo service nginx reload

File Permissions

Set proper permissions for security: 
# Navigate to project directory
cd /var/www/html/myproject

# Set directory permissions
sudo find . -type d -exec chmod 755 {} \;

# Set file permissions
sudo find . -type f -exec chmod 644 {} \;

# Restrict config file access
sudo chmod 600 application/config/config.php

# Set ownership (adjust user/group as needed)
sudo chown -R www-data:www-data .
Replace www-data with your web server user:
  • Ubuntu/Debian: www-data
  • CentOS/RHEL: apache
  • Mac: _www

Installation Tutorials

Detailed step-by-step installation guides:

Ubuntu 14.04 LTS

Auto-install script for Ubuntu 14.04

Ubuntu 12.04 LTS

LAMP stack setup on Ubuntu 12.04

Ubuntu 14.04 mod_rewrite

Enable mod_rewrite on Ubuntu 14.04

Ubuntu 12.04 mod_rewrite

Enable mod_rewrite on Ubuntu 12.04

XAMPP Windows

Enable mod_rewrite in XAMPP

MAMP Mac

Configure .htaccess on MAMP

EasyPHP

EasyPHP and .htaccess setup

AMPPS

AMPPS rewrite configuration

Vagrant Setup (Automated)

For a fully automated development environment:

Prerequisites

Setup Steps

  1. Add Ubuntu box (if not already added): 
    vagrant box add ubuntu/focal64
  2. Copy Vagrant files: 
    mkdir myproject
cd myproject
# Copy Vagrantfile and bootstrap.sh from _vagrant/ folder
  3. Start Vagrant: 
    vagrant up
  4. Access the application: Open http://192.168.33.44 in your browser
  • Ubuntu 20.04 LTS
  • Apache 2.4
  • PHP 7.4
  • MySQL
  • PHPMyAdmin
  • Git
  • Enables mod_rewrite
  • Clones MINI from GitHub
  • Creates database and imports demo data
  • Configures everything automatically
Default credentials:
  • MySQL root password: 12345678
  • PHPMyAdmin password: 12345678
  • Project location: /var/www/html/myproject
Vagrant commands: 
vagrant up      # Start the VM
vagrant halt    # Stop the VM
vagrant reload  # Restart the VM
vagrant ssh     # SSH into the VM
vagrant destroy # Delete the VM

Subdirectory Installation

MINI works perfectly in subdirectories without additional configuration.
If you install MINI in a subdirectory (e.g., example.com/myapp/):
  1. Upload files to your subdirectory
  2. Ensure .htaccess is present in /public
  3. The application auto-detects the subfolder path
No code changes needed! The URL detection in application/config/config.php8 handles this automatically: 
define('URL_SUB_FOLDER', str_replace(URL_PUBLIC_FOLDER, '', dirname($_SERVER['SCRIPT_NAME'])));

Security Best Practices

Always follow these security guidelines in production:
  1. Document root/public folder only
  2. File permissions → Restrictive (644 for files, 755 for directories)
  3. Config files → Not web-accessible (600 permissions)
  4. Database credentials → Use strong passwords
  5. Error reporting → Disable in production (config.php3)
  6. Directory listing → Disabled (Options -Indexes)
  7. Git folder → Not in document root
  8. .htaccess → Properly configured

Testing Your Setup

1

Check mod_rewrite

# Apache
apache2ctl -M | grep rewrite

# Should output: rewrite_module (shared)
2

Test URL routing

Access these URLs:
  • http://yoursite.com/ → Should show homepage
  • http://yoursite.com/home/exampleOne → Should show example page
  • http://yoursite.com/songs → Should show songs list
3

Verify security

Try accessing:
  • http://yoursite.com/application/ → Should return 403/404
  • http://yoursite.com/.git/ → Should return 403/404

Next Steps

Database Setup

Configure database and import demo data

Troubleshooting

Fix common server issues

Build docs developers (and LLMs) love

Get started for freeTalk to us