xamxam/docs/MIGRATION_COMPLETE.md

✅ Migration to public/ Directory Structure - COMPLETE

📊 Summary of Changes

Directory Structure Created

posterg-website/
├── config/                    # ✅ NEW - Configuration files
│   └── bootstrap.php         # Central path management
├── public/                    # ✅ NEW - DocumentRoot (web-accessible)
│   ├── admin/                # Moved from /admin/
│   ├── assets/               # Moved from /assets/
│   ├── index.php             # Moved from /index.php
│   ├── search.php            # Moved from /search.php
│   └── memoire.php           # Moved from /memoire.php
├── resources/                 # ✅ NEW - Application resources
│   └── views/                # Moved from /inc/
│       ├── header.php
│       └── footer.php
├── var/                       # ✅ NEW - Runtime files
│   ├── cache/
│   ├── logs/
│   └── tmp/
├── database/                  # ✅ KEPT - Now private
├── lib/                       # ✅ KEPT - Now private
├── vendor/                    # ✅ KEPT - Now private
└── tests/                     # ✅ KEPT - Now private

Files Modified

1. config/bootstrap.php (NEW)

• Central path configuration
• Defines APP_ROOT, PUBLIC_ROOT, DATABASE_PATH, etc.
• Helper functions: view(), getDatabase()
• Environment detection (dev vs production)
• Error handling configuration

2. public/*.php (3 files updated)

• index.php: Uses bootstrap, updated require paths
• search.php: Uses bootstrap, updated require paths
• memoire.php: Uses bootstrap, updated require paths
• All now use view() helper for header/footer

3. public/admin/*.php (7 files updated)

• add.php, edit.php, formulaire.php, import.php
• index.php, publish.php, thanks.php
• All updated to use ../../ paths for lib access
• Bootstrap added where needed

4. justfile (Updated)

• Dev server: php -S 127.0.0.1:8000 -t public/
• Deploy: Now deploys to /var/www/posterg/
• Database deploy: Updated paths to /var/www/posterg/
• Nginx deploy: Checks for correct DocumentRoot

5. nginx/posterg.conf (Updated)

• DocumentRoot: /var/www/html → /var/www/posterg/public
• Admin location: /formulaire/ → /admin/

6. .gitignore (Updated)

• Added var/ directory patterns
• Keeps .gitkeep files, ignores contents

Security Improvements

Before:

• ❌ All files in DocumentRoot (/var/www/html/)
• ❌ Database accessible at /storage/test.db
• ❌ Config files accessible
• ❌ Dev server exposed everything
• ❌ Relied on nginx deny rules

After:

• ✅ Only public/ in DocumentRoot
• ✅ Database physically outside web root
• ✅ Config files physically private
• ✅ Dev server matches production security
• ✅ Physical separation = secure by default

🧪 Testing

Local Development

# Start dev server
just serve

# Test in browser:
# - http://localhost:8000/ → Should work
# - http://localhost:8000/admin/ → Should work
# - http://localhost:8000/storage/test.db → Should 404 ✅
# - http://localhost:8000/config/ → Should 404 ✅
# - http://localhost:8000/../storage/test.db → Should 404 ✅

Security Verification

# These should all return 404:
curl http://localhost:8000/storage/test.db
curl http://localhost:8000/config/bootstrap.php
curl http://localhost:8000/vendor/autoload.php
curl http://localhost:8000/../storage/test.db
curl http://localhost:8000/lib/Database.php

Production Deployment

BEFORE deploying to production:

1. Update nginx config on server:

   # Edit /etc/nginx/sites-available/posterg
   # Change: root /var/www/html;
   # To:     root /var/www/posterg/public;
   

2. Create new directory on server:

   ssh posterg "sudo mkdir -p /var/www/posterg"
   

3. Deploy application:

   just deploy
   

4. Deploy nginx config:

   just deploy-nginx
   # Then on server:
   ssh posterg
   sudo bash /tmp/deploy-production.sh
   sudo systemctl reload nginx
   

5. Verify:

   just server-status
   curl -I https://posterg.erg.be/
   curl -I https://posterg.erg.be/admin/
   curl -I https://posterg.erg.be/storage/test.db  # Must 404!
   

📝 Path Reference

From public/*.php files:

<?php
require_once __DIR__ . '/../config/bootstrap.php';  // Bootstrap
require_once LIB_ROOT . '/Database.php';             // Library
$db = getDatabase();                                  // Database
view('header.php', ['pageTitle' => 'Title']);        // Template

From public/admin/*.php files:

<?php
require_once __DIR__ . '/../../config/bootstrap.php';  // Bootstrap
require_once LIB_ROOT . '/Database.php';               // Library

Available Constants (from bootstrap):

• APP_ROOT - /path/to/posterg-website
• PUBLIC_ROOT - /path/to/posterg-website/public
• CONFIG_ROOT - /path/to/posterg-website/config
• DATABASE_ROOT - /path/to/posterg-website/database
• DATABASE_PATH - /path/to/posterg-website/storage/test.db
• RESOURCES_ROOT - /path/to/posterg-website/resources
• LIB_ROOT - /path/to/posterg-website/lib
• VAR_ROOT - /path/to/posterg-website/var
• CACHE_ROOT - /path/to/posterg-website/var/cache
• LOGS_ROOT - /path/to/posterg-website/var/logs
• VIEWS_ROOT - /path/to/posterg-website/resources/views

🎯 Next Steps

1. ✅ Migration complete - verify locally
2. ⏭️ Test dev server: just serve
3. ⏭️ Test all pages work correctly
4. ⏭️ Update nginx config on production server
5. ⏭️ Deploy to production: just deploy
6. ⏭️ Deploy nginx config: just deploy-nginx
7. ⏭️ Verify production deployment

🔄 Rollback (if needed)

If something goes wrong, jj makes it easy:

# View history
jj log

# Go back to previous state
jj edit <previous-change-id>

# Or abandon current changes
jj abandon @

📚 Documentation

See also:

• DIRECTORY_STRUCTURE.md - Full structure reference
• DEPLOYMENT_MIGRATION.md - Detailed migration guide
• MIGRATION_CHECKLIST.md - Quick checklist

✨ Benefits Achieved

1. Security: Private files physically separated from public
2. Standards: Follows PHP-FIG and Standard PHP Package Skeleton
3. Development: Dev server matches production security
4. Maintainability: Clear separation of concerns
5. Portability: Path constants make relocation easy
6. Best Practices: Industry-standard directory structure