For VPS and SERVERS

Always I installed the websites like this: /home/domain.com/public_html (In public_html; where the pages/scripts live)

But now with flarum, something new happens (for me). Their /public folder.

By intertia I installed composer/flarum here: /home/domain.com/public_html so, after install I get this path: /home/domain.com/public_html/public

The thing is that now if I want to access to the flarum-forum... I have to go to www.domain.com/public instead www.domain.com (as always I used to go)

My goal is access to forum through the domain.com (without public subfolder)

I have been reading different options in this forum so my question here is ¿which is the best method?
.
.
.

1. Moving all files from public_html/public to public_html and change few config-files
(Customizing paths indications here: https://flarum.org/docs/install.html#customizing-paths )

2. Install flarum outside public_html
For example on/home/domain.com/flarumand then rename the folder /public by /public_html, and finally, move it to /home/domain.com/public_html. Now just change paths values on index.php,flarum and config.php

so at the end you will get:

/home/domain.com/flarum(the files script)
/home/domain.com/public_html (the public folder/files forum access trough domain.com)

3. Change DocumentRoot path on Apache configuration (httpd.conf)
Maybe is fastest way. Don't touch nothing of flarum and simply change DocumentRoot in the httpd.conf (apache)

Replace DocumentRoot /home/domain.com/public_html for DocumentRoot /home/domain.com/public_html/public

or

Replace DocumentRoot /home/domain.com/public_html for DocumentRoot /home/domain.com/flarum/public

.
.
.

Which of these 3 options do you think is the correct/better way?

    Before you complete the install, I would move the contents of /public to /.
    Then edit flarum and index.php. Run the install.

    You could also just throw an .htaccess file in / that contains something like:

    RewriteEngine on
    RewriteBase /
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteCond %{HTTP_HOST} ^(www\.)?example\.
    RewriteRule ^(.*)$ /public/$1 [L]     \`

    This would allow Flarum to remain in \public

      3rd option is basically the same as 2nd option, as the files would be outside the webroot in either cases.

      If it is working then it is correct but I will go with the default which I think is #3.

      I installed everything in: /home/domain/public_html (But people say is not secure that way...)

      So I would like to configure Flarum in different way #2:
      /home/domain/flarum (flarum private files)
      /home/domain/public_html (flarum /public files)

      And then change the paths in these files:
      index.php
      config.php
      flarum

      Can I change the path routes now without problems or... should I reinstall flarum again (in new path) so composer does not get crazy?

        neogeo Can I change the path routes now without problems

        Yes. Flarum doesn't care where its files are, so long as the paths are correct and your webserver has the permissions it needs. There's no record in the database for URL or file pathing, just what's in those three files you listed.

          neogeo if only the content of the public folder is under the webroot, you don't need the sensitive resource rules.

          You could check that the following is accessible:

          <flarum url>/index.php
          <flarum url>/assets/<favicon, css, js>

          And that the following isn't (just an example. there are many more files in vendor and storage):

          <flarum url>/vendor/composer/installed.json
          <flarum url>/vendor/flarum/core/LICENSE
          <flarum url>/storage/logs/flarum.log
          <flarum url>/composer.json
          <flarum url>/composer.lock

          That's exactly what the lab does for one of its security check.
          Note: I think the log file is now versioned so the name might not be correct for beta 8. Anyway be careful accessing the log file, if it's not protected it might crash your browser if it's too big 😉 (the lab goes around that by using HEAD requests instead of GET)

          neogeo Can I change the path routes now without problems or... should I reinstall flarum again (in new path) so composer does not get crazy?

          Composer does not care where the public folder is. You can move the public and/or vendor folder around freely and it should continue working. Just note that the vendor folder contains symlinks so moving it via an FTP software or by downloading on Windows could break it.

          As long as you keep the composer.json and composer.lock files one level above vendor, you can easily reinstall all the dependencies/extensions you had with composer install if you were to damage/lose files in the vendor folder

          TheyCallMeTojo does this prevent access to composer/storage files ? It might work, but this does not look like the most secure solution to me. I think it's safer to clearly exclude those files/folders, either by moving them outside the webroot or by blacklisting them in the .htaccess. This will prevent any mistake in the future.

          Also there's what I wrote here for those who might not have seen it clarkwinkelmann