Question

I see some projects using the Magento 2 root folder as webroot and other projects using the pub folder as the web root, independently of using Apache or NGINX, both worked.

Which webroot folder should I use in a new Magento 2 installation and why?

Was it helpful?

Solution

You should you the pub folder as webroot, it improves security. The rest of the Magento file system is vulnerable because it is accessible from a browser. Setting the webroot to the pub/ directory prevents site visitors from accessing sensitive areas of the Magento file system from a browser.

For example:

/var/www/html/magento2/pub

Remember to edit your env.php to have this following node:

'directories' => [
    'document_root_is_pub' => true
]

Reference: Magento 2 DevDocs - Modify docroot to improve security

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top