Standalone default folder structure
Some wise suggestions from @artfulrobot for clearer folder naming / out-of-the-box security:
- civicrm-standalone-X.Y.Z.zip - index.php - .htaccess - robots.txt ➌ - data/ - data/ext/.htaccess - data/public/.htaccess ➊ - data/.private/.htaccess ➋ - core/<ALL-THE-CODES>
use 'public' not 'upload'. It partners well with 'private', and 'upload' is such a daft relative-to-what? term (not everything you upload through a browser ought to be in a public dir). I think the whole 'persist' 'contribute' etc. is a right mess - or at least I don't understand the logic if there is logic, though last time I looked at it the logic was that at some point in history the first thing to allow uploads was civi contribute so ...
use a dot before private/. It's very common, and easy, to ban http access to all 'dot files'. So this gives an extra likely shield against the "oh, I didn't realise nginx ignored .htaccess files" users. Just feels safer, if we're focussing on making this easy.
In terms of sensible defaults, I feel we should have a robots.txt that does its best to ban crawlers, especially AI ones, on everything except specific paths (e.g. event pages). It's one thing to have someone tell you you've accidentally exposed data and someone saw it, it's another to find that your exposed data now lives in an LLM training set, ready to be given to anyone with a particular prompt.
Maybe to the nginx point, we could add nginx-civicrm-site.conf.sample
in the root?
I think the principles for the public / private upload folder names apply to the composer template and the tarball.