This is documentation for Kohana v2.3.x.
| Status | Draft |
|---|---|
| Todo | Content Review and additions |
Here are a few items you should keep in mind before deploying your Kohana application to a production environment.
Kohana comes with various demos and example controllers to help users when getting started. Here are a few that should be removed:
application/controllers/examples.phpapplication/controllers/welcome.php (if it is not used)modules/auth/controllers/auth.php (if enabled in $config['modules'])
Kohana provides various default configuration files in the system/config directory. Since Kohana utilizes a cascading file system, you have the option to either utilize the default configuration file versions or override these files with your own custom versions by creating a copy in the application/config directory.
Modify your application/config/config.php:
$config['site_domain'] from your development setting to the production domain.$config['display_errors'] = FALSE; to disable error messages from being displayed. You can still check error messages in your log file. Check your settings in config/log.php to be sure.$config['threshold'] = 1;. This sets your log threshold to a suitable level for production. Higher threshold levels will log less critical notices and information, but can slow down your application.config['internal_cache'] to the number of seconds you want to cache file paths and config entries. This eliminates the need to search for file and module paths, significantly speeding up your application – especially when using multiple modules.
Modify your index.php (in the root directory of your site):
IN_PRODUCTION value from FALSE to TRUE (so that any controllers with const ALLOW_PRODUCTION = FALSE; defined will be inaccessible).You should always try to create custom versions of the following files:
system/config/routes.php - set your $config['_default'] to your default controllersystem/config/encryption.php - change the default $config['key']modules/auth/config/auth.php - change the default salt offsets in $config['salt_pattern'] (if you use the Auth module)system/config/cookie.php - set your $config['domain']system/config/session.php - set or verify $config['driver'], $config['name'], $config['encryption'], $config['expiration']You should also consider creating custom versions of the following files:
system/config/database.php - configure your custom database connections (if required)If your host does not allow this structure, use an .htaccess file to protect the core directories.
Although this is an optional step and not required by Kohana, it is considered a good security practice to place as few files as possible in your public web server document root directory. Since most web hosts give you access to at least one level above the web server document root, this should not be a problem.
Moving your core Kohana directories also gives you the ability to utilize one central Kohana codebase on your server that can be shared by multiple websites. You could also create a set of common modules used across all of your web sites.
To accomplish this in Kohana, do the following:
system, application, and modules directories at least one level above your document root directory (typically public_html or www).index.php file: $kohana_application = '../application';$kohana_modules = '../modules';$kohana_system = '../system';
Note: This example assumes one-level above public_html, however, you can use relative or absolute directories when specifying directory locations.
Your final directory structure will look similar to this:
yourdomain_root_directory
+- application
+- system
+- modules
+- public_html (web server document root)
| - index.php
| - .htaccess
