This is documentation for Kohana v2.3.x. For v3.x documentation, see http://kohanaframework.org/guide .
|Todo||Content Review and additions|
Here are a few items you should keep in mind before deploying your Kohana application to a production environment.
Kohana comes with various demos and example controllers to help users when getting started. Here are a few that should be removed:
application/controllers/welcome.php(if it is not used)
modules/auth/controllers/auth.php(if enabled in $config['modules'])
Kohana provides various default configuration files in the
system/config directory. Since Kohana utilizes a cascading file system, you have the option to either utilize the default configuration file versions or override these files with your own custom versions by creating a copy in the
$config['site_domain']from your development setting to the production domain.
$config['display_errors'] = FALSE;to disable error messages from being displayed. You can still check error messages in your log file. Check your settings in
config/log.phpto be sure.
$config['threshold'] = 1;. This sets your log threshold to a suitable level for production. Higher threshold levels will log less critical notices and information, but can slow down your application.
config['internal_cache']to the number of seconds you want to cache file paths and config entries. This eliminates the need to search for file and module paths, significantly speeding up your application – especially when using multiple modules.
index.php (in the root directory of your site):
TRUE(so that any controllers with
const ALLOW_PRODUCTION = FALSE;defined will be inaccessible).
You should always try to create custom versions of the following files:
system/config/routes.php- set your
$config['_default']to your default controller
system/config/encryption.php- change the default
modules/auth/config/auth.php- change the default salt offsets in
$config['salt_pattern'](if you use the Auth module)
system/config/cookie.php- set your
system/config/session.php- set or verify
You should also consider creating custom versions of the following files:
system/config/database.php- configure your custom database connections (if required)
Although this is an optional step and not required by Kohana, it is considered a good security practice to place as few files as possible in your public web server document root directory. Since most web hosts give you access to at least one level above the web server document root, this should not be a problem.
Moving your core Kohana directories also gives you the ability to utilize one central Kohana codebase on your server that can be shared by multiple websites. You could also create a set of common modules used across all of your web sites.
To accomplish this in Kohana, do the following:
modulesdirectories at least one level above your document root directory (typically
$kohana_application = '../application';
$kohana_modules = '../modules';
$kohana_system = '../system';
Note: This example assumes one-level above
public_html, however, you can use relative or absolute directories when specifying directory locations.
Your final directory structure will look similar to this:
yourdomain_root_directory +- application +- system +- modules +- public_html (web server document root) | - index.php | - .htaccess