No, this is not the correct interpretation.
For security reasons you should always place your front-controller (index.php) into the public/ directory.
With sub-directory I don’t mean the public/ directory. In this context “sub-directory” means a subdirectory of the project. For example when you place your app not directly under the webservers RootDirectory.
Second. Why do you overwrite the response object here??? This makes no sense.
Choose one of the options, but not two at the same time.
$response = $handler->handle($request);
$responseFactory = new \Nyholm\Psr7\Factory\Psr17Factory();
$response = $responseFactory->createResponse(200);
If you read the documentation and my answers carefully you might find a solution. That’s all I can help you with.