Skip to main content
To handle dynamic requests to your PHP app, you might want to use a front controller. The following example shows how for such an app you might start defining your web server.

Define a document root

Start by defining your document root (where all your publicly visible pages are).
.upsun/config.yaml
applications:
  myapp:
    source:
      root: "/"
    web:
      locations:
        '/':
          root: 'public'

Define a front controller

Define where all requests that don’t match a file in the document root are sent.
.upsun/config.yaml
applications:
  myapp:
    source:
      root: "/"
    web:
      locations:
        '/':
          root: 'public'
          passthru: '/index.php'
          index:
            - index.php
In this case, /index.php acts as a front controller and handles dynamic requests. Because it handles dynamic requests, you want to ensure that scripts are enabled and responses aren’t cached.
.upsun/config.yaml
applications:
  myapp:
    source:
      root: "/"
    web:
      locations:
        '/':
          ...
          scripts: true
          # No caching for static files.
          # (Dynamic pages use whatever cache headers are generated by the program.)
          expires: -1

Define rules

You might want to define specific rules for the location. For example, you might want to allow all kinds of files except mp4 files.
.upsun/config.yaml
applications:
  myapp:
    source:
      root: "/"
    web:
      locations:
        '/':
          ...
          # Allow all file types generally
          allow: true
          rules:
            # Disallow .mp4 files specifically.
            \.mp4$:
              allow: false

Set different rules for specific locations

You might want to set specific rules for specific locations. For example, you might have files in your /public/images directory that are served at /images. You could define a specific cache time for them and limit them to only static image files.
.upsun/config.yaml
applications:
  myapp:
    source:
      root: "/"
    web:
      locations:
        '/':
            ...
        # Set a 5 min expiration time for static files in this location.
        # Missing files are sent to front controller
        # through the '/' location above.
        '/images':
          expires: 300
          passthru: true
          # Do not execute PHP scripts from this location and do not
          # deliver their source code (for enhanced security).
          scripts: false
          allow: false
          rules:
            # Only allow static image files in this location
            '\.(jpe?g|png|gif|svgz?|ico|bmp)$':
              allow: true

Complete example

.upsun/config.yaml
applications:
  myapp:
    source:
      root: "/"
    web:
      locations:
        '/':
          root: 'public'
          passthru: '/index.php'
          index:
            - index.php
          scripts: true
          # No caching for static files.
          # (Dynamic pages use whatever cache headers are generated by the program.)
          expires: -1
          # Allow all file types generally
          allow: true
          rules:
            # Disallow .mp4 files specifically.
            \.mp4$:
              allow: false
        # Set a 5 min expiration time for static files in this location.
        # Missing files are sent to front controller
        # through the '/' location above.
        '/images':
          expires: 300
          passthru: true
          # Do not execute PHP scripts from this location and do not
          # deliver their source code (for enhanced security).
          scripts: false
          allow: false
          rules:
            # Only allow static image files in this location
            '\.(jpe?g|png|gif|svgz?|ico|bmp)$':
              allow: true
Last modified on March 10, 2026