Don't forget to uncomment the lines in .htaccess or nginx config (as described in the linked documentation page) if you follow Umutcan instructions. Otherwise you will be exposing private files.
girefko Also setting up the forum to a Public folder seems like risky for security (all files can be publicly available)
The reason we ship a public folder by default is exactly to make everything inside become public, while everything one level higher (including the source code, cache files and logs) is safe even without any Apache rewrite rule. If the hosting allows customizing the website root path, this is the recommended solution. It's never visible in the URL when setup that way, only the webserver will use that folder as the starting point for all requests.
I don't recommend using transparent/proxy rewrites like datlechin suggests, because if the rewrite module somehow stops working or if the file is accidentally deleted, now not only are the private files exposed but the visitors and search engines will either be unable to browse the website or start indexing some wrong canonical URLs. Also if any community extension adds a page whose path starts with /public, odd things will happen.
