[TYPO3-core] Moving files to a docs-subdir / .htaccess for "security" / nginx-configuration

[Stefan Neufeind]

Hi,

during the review of https://review.typo3.org/28058 I was asked to start
a discussion on the core-list. So here is the start :-)
I hope we find some decision. Maybe Ernesto/Olly could take care to have
a final say in this regard.

There was a proposal to include an example configuration for nginx, like
we ship our example _.htacess in the core currently. Since nginx is
quite widespread these days imho it would make sense to ship such an
example-config as well, before everybody needs to put together his/her
own ideas etc. If we ship the htaccess imho it would be good to ship
both files besides each other. But since nginx does not automatically
include a config-file for performance-reasons (like Apache often does
for .htaccess) that nginx would be more a documentation.

Ernesto came up with the suggestion to consider moving this and some
other files from the docroot to a docs-folder. That's what the above
mentioned review is about. Some files need to stay in the root - but
imho as few as possible.

In this context there was also discussion whether adding a .htaccess to
the docs-directory as some kind of "security" makes things really move
"secure". Well, we have that kind of security for other directories as
well. And although it's not really "nice" imho it might work out for
some default-setups of Apache. The argument was that hiding ChangeLog
(easily exposing a version-number) might make sense as to at least not
easily expose the TYPO3-version. Of course there are other ways to
determine the rough or maybe even exact version-number.


So how do you
* think about a docs-directory
* the .htaccess-"security"
* the nginx-configuration (to be provided with a separate review shortly
then)


Kind regards,
 Stefan