3 questions for a better understanding

[Starraider]

I have 3 questions for you and would be very grateful if you could answer them:

1): Do I understand correctly that for a new project, after the first deployment to the live server, you have to copy the database and media files "by hand" to the live server?
At least "dep media:push live" or "dep db:push live" seems not to be allowed for security reasons.

2): I would like to use the extension "helhum/typo3-secure-web" to increase the security of my TYPO3 installations. However, this extension moves some folders and creates symlinks instead. Do you have experience with this extension? Would your deployment scripts break, or is your extension compatible with the extension "helhum/typo3-secure-web"?

3): I would like to keep the deployer.php file free of all project specific information (like hostname, public_urls, etc.) so that I can put it in Git and reuse it in all projects. If I use the .env file for this purpose, it would mean that I would have to enter the information about the beta server and the live server in the local .env file, which would also not be ideal. Maybe the extension "helhum/typo3-config-handling" would be a solution for this problem. Unfortunately I have no experience with this yet.
How do you handle your configuration? Can you describe your "best practice" on this topic?

Thanks again for your great work!

[kszymukowicz]

hi

no problem - here are the answers:

ad1) For new projects I install it at once at customer server so I do not have a big pressure to use the dep media:push live or dep db:push live. I use those commands only sometimes when customer had yet no server and the project must start already on some other server (or locally). Later we mostly do not use this commands anymore because we only pull database from upper instances: live -> prelive, live -> beta, live->local.

ad2) Yes. I tested this extension but do not use it because IMO "standard" way of TYPO3 install is secure enough. I did not tested if sourcebroker/deployer-extended-typo3 works with helhum/typo3-secure-web.

ad3)
a) I do not believe its possible to have the same deploy.php file. It would be possible actually if you would use the same hosting all the time but reality is that you will need to make some changes depending on hoster.

b) My current approach for keeping instance dependent variables is to keep as much as possible in git except passwords only. The symfony/dotenv is quite good for having this. Look here https://github.com/sourcebroker/deployer-extended-wordpress#projects-folders-structure - this is for WordPress but can give you idea what am I talking about.

The helhum/typo3-config-handling is nice but too complex and interferes TYPO3 core. It also do not allow by default to keep instance dependent values in git and this is important for me. Its the same story as for helhum/typo3-secure-web. Having both is very nice but not critical for me and if those two packages will be not longer supported for TYPO3 11+ then you can have much more work to upgrade. But I would like them in core of course.