I tried to key my site's domain into the google search engine and was shocked to realize that the application folders that shouldn't be public have been indexed. Folders and files are like composer.json, a vendor directory, storage directory, resources directory among others.
How I set up:
The application is in the public_html directory, the index.php is the entry point and is in the root directory(public_html)
The other Laravel application directories remain as they are(the default Laravel 7 directory structure)
The application is in the public_html directory, the index.php is the entry point and is in the root directory(public_html) The other Laravel application directories remain as they are(the default Laravel 7 directory structure)
In a default Laravel installation, there is no index.php in the project directory, only a server.php. If you did any change here, please revert them since it would cause a major security issue.
The only Laravel directory that should be publicly accessible is public.
You are using Apache, it means that the DocumentRoot should be set to /path/to/your/project/public (where public is the Laravel public directory).
This way, every files and directories (app, resources...) above this one will not be accessible.
you should move all your project files to root then copy your files from public to public_html then point topublic_html in Laravel:
<?php
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
public function register()
{
$this->app->bind('path.public', function() {
return base_path().'/public_http';
});
}
Also you can see: How to change public folder to public_html in laravel 5
Related
I want to deploy the Laravel project to my shared hosting.
When I go to my site main domain (example.com) It displays all directory and files but (example.com/public) works fine.
What if I just create an index.php file in the project root directory with following code
<?php
header('Location: ./public');
?>
It just redirects me to example.com/public.
Just tell me if there will be an issue that may occur at any point?
I am new to Laravel.
I don't care to remove the public directory. I only care if someone goes to example.com then it just redirects example.com/public to work fine.
Update
Just keep it short and simple answer (Yes/No) then explain it.
Is there will be an issue that occurs with the above steps (actions)? (Yes/No)
did you point your vhost to to the public directory?
For Apache
DocumentRoot [Laravel root direcoty]/public
For Nginx
root [Laravel root direcoty]/public;
Laravel Deploment
I'd suggest the easy way, by create a symbolic link of public_html and link it to your laravel project's public directory. don't forget to set your project folder permission.
here's the example: https://blog.netgloo.com/2016/01/29/deploy-laravel-application-on-shared-hosting/
please guide me how to upload the Laravel project to my cPanel I am very much confused.
you should add all the folders of laravel inside of public_html folder, and you need to move index.php and .htaccess file to the public_html directory from public directory. Now make changes index.php like this.
require DIR.'/bootstrap/autoload.php';
$app = require_once DIR.'/bootstrap/start.php';
That may work for you.
If you check your laravel project, there is a public folder inside it.
By default, your domain is pointed at the root level or on public_html. On you cPanel Domain settings, make sure your domain is pointed your Laravel application public folder.
I'm new in Laravel 5.
I found this Laravel 5 - Remove public from URL on Stack Overflow to remove public folder from my Laravel 5 App. Only I have a question about the security.
When I am removing public from URL, then I have to change the basic folder structure of Laravel 5. Yes, it's working fine without the public from the URL.
But what's about the security of Laravel, because I am changing the default folder structure? Is it secure to use?
You should be pointing your Apache host root to the $LARAVEL_PATH/public directory instead of $LARAVEL_PATH.
The point of having sub directory for www host root instead of project root is that you're not leaking any of your project files through your web server.
Even though all the PHP files have the file suffix .php, malicious user can access your $LARAVEL_PATH/storagedirectory and its subdirectory contents, read your composer.json or package.json to find vulnerable dependencies or read .env file etc.
If you're running on shared hosting and you have mandatory public_html, try installing Laravel outside of that public_html directory and either removing public_html (if empty) and replace it with symlink to $LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory ofpublic_html, do the same but create symlink from$LARAVEL_PATH/publictopublic_html/$PROJECT_SUBDIR`.
That public directory is there for reason to make project a bit more secure. Solve the actual problem and don't try to break this simple but nice security addition. :)
you this link you provided is not about changing the actual file structure of the framework, this example uses mod_rewrite to rewrite the url of your application. In other words you are telling your server that you would like to point to that directory without the full path is visible to the end user.
Also take a look on the below answers of the link you've provided.
Rename the server.php in the your Laravel root folder to index.php and
copy the .htaccess file from /public directory to your Laravel root
folder. -- Thats it !! :)
I am new to Laravel and started learning v5 few months back. I have created a sample application and want to deploy it over production (Shared hosting).
The easiest way for me is to put all content including app, vendor, config, tests etc folders directly to public_html but I don't want to do this. I want to keep laravel specific things outside the public_html and put only content from public folder to this directory.
What are the options available to do this?
Also, can I share same laravel installation for multiple applications?
on public/index.php add after
$app = require_once __DIR__.'/../bootstrap/app.php';
this:
$app->bind('path.public', function() {
return __DIR__;
});
Now You can change public directory to public_html
Keep your code outside of the public_html and create a symbolic link from public_html to the public directory in your laravel directory.
Is there anyway possible to install a Laravel PHP application into the same directory?
What I mean is as I see it, you have to install the whole Laravel application 1 directory under the the main Public directory.
I know that you can change the Public directory to anything in the settings but the server my client has, they really need for everything to live in 1 directory.
Current Folder Structure....
app/
bootstrap/
vendor/
public/
artison
server.php
If this was all dropped into a Public directory on the server, then you would have to access the application/website at the domain www.domain.com/public/
I am hoping there is a way to put all these files/folders into a public or www htdocs type folder and still access the application at the root.
I know the main reason to keep the PHP files out of the Public accessible folder is for security but in my clients situation this is not possible the way there server is configured.
Surely there is a way to do this?
Try putting contents of public in same directory as other folders, and then edit your index.php previously in public to look something like this
require __DIR__./bootstrap/autoload.php';
$app = require_once __DIR__.'/bootstrap/start.php';
I haven't tried this. Just came to my mind right now
Anyway, I'm doing this by keeping app, boootstrap, vendor in / of my hosting, and contents of public are in my public_html. It works fine, and I guess it could be a security plus.