In Laravel 8 the .env file is well protected out of the public folder. Additionally, I've added a rule in nginx to protect hidden files
location ~ /\. {
deny all;
}
However, I've seen several requests to the server looking for the .env file in the public folder, even though is not there.
In a normal PHP app I would create a .ini config file with a secret name out of the public folder. Is there a way to rename the .env file to something else?
I know that renaming the .env will not solve the problem of the requests, but at least I'll rest assure that the file they are looking for, does not even exist.
.env file name is define in Illuminate\Foundation\Application.
modify bootstrap/app.php file to change default file name.
replace
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
with
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
$app->loadEnvironmentFrom('.NEW_ENV_FILE_NAME');
change NEW_ENV_FILE_NAME to whatever filename you want
Related
I have this structure in my public folder:
/images
/player_icons
Ajax.png
Barcelona.png
...
I need to let the admin user rename a file simply by entering a new name, rather than uploading a new file.
I have tried the old school PHP way:
rename('/images/player_icons/Ajax.png', '/images/player_icons/test.png');
This produces the error:
File not found at path: images/player_icons/Ajax.png
I have also tried using the Storage facade, although from the looks of it, this can't work in the public folder:
Storage::move('/images/player_icons/Ajax.png', '/images/player_icons/test.png');
I don't understand why the rename() option doesn't work. If I visit example.com/images/player_icons/Ajax.png in the browser, the image is there.
How do I make this happen?
you may need to give the public_path helper function a try
The public_path function returns the fully qualified path to the
public directory. You may also use the public_path function to
generate a fully qualified path to a given file within the public
directory
However, renaming things on the public directory directly means that you HAVE to give this directory a write permissions or change the ownership for this directory to be owned by the server user ( which is almost will be www-data )
this is kind of a risky thing.
The better approach is to ( symlink ) the storage path ( which is writable by default ) and let the user upload and rename files there
more about this will be found here : File system docs
Use this
rename(public_path('/images/player_icons/Ajax.png'), public_path('/images/player_icons/test.png'));
I have a .json file that I want to define on .env.
How do I do that ?
my json file is on (laravel root folder)/json_google/api_key.json .
I tried GOOGLE_SERVICE_ACCOUNT_JSON_LOCATION=/json_google/api_key.json but doesn't work ..
Laravel has many helper functions to resolve the path. Such as base_path() in your case. You'll find all helpers here: vendor/laravel/framework/src/Illuminate/Foundation/helpers.php
base_path(env('GOOGLE_SERVICE_ACCOUNT_JSON_LOCATION');
However, I'd set the full path instead of a relative path. Otherwise your application has to know what it should be relative to (laravel root, or app path, ...) and take this into account, which kind of defeats the purpose of putting the file location outside your code base, as it makes it harder to move it to some place else.
As the .env file is per deployment, there is no problem with setting the full path.
You should use .env variable using constants file.
.env file
GOOGLE_SERVICE_ACCOUNT_JSON_LOCATION=/json_google/api_key.json
Now in config/constatns.php set
return [
'STORAGE_GOOGLE_SERVICE_ACCOUNT_JSON_LOCATION' => env("GOOGLE_SERVICE_ACCOUNT_JSON_LOCATION", ""),
];
Fetch json file path
Config::get('constants.STORAGE_GOOGLE_SERVICE_ACCOUNT_JSON_LOCATION')
1.
Uploaded my files to 000webhost. I placed all files from the public folder to public_html then I created a folder named laravel and there I uploaded all other files. This is the structure of my directory:
laravel
app
bootstrap
config
....
public_html
index.html
.....
2.
In my index.php file, I already changed some things to these
require DIR.'/../laravel/bootstrap/autoload.php';
$app = require_once DIR.'/../laravel/bootstrap/app.php';
3.
I also changed the .env file and the database.php in the laravel/config folder
Problem:
I am now able to access the home page of my site, but when I click my links to the other pages error 404 shows up.
How do I fix this?
And how do I access the routes in my api.php ?
Thanks!
Your includes seem fine.
Be sure you also uploaded the .htaccess file located in /public (in your /public_html). The file name starts with a dot so it's commonly hidden.
The purpose of this file is to indicate Apache how to map URLs to real files (in this case, everything should point to index.php)
Try changing the index.php file. Change it as the following:
require __DIR__.'/laravel/bootstrap/autoload.php';
$app = require_once __DIR__.'/laravel/bootstrap/app.php';
This should solve the problem.
The reason why I'm doing that is Laravel has the document root in a subdirectory is so that you don't have to expose your code to the public.
The folder structure in my localhost is
Test
Test/laravel/
Test/public_html/
where laravel contains all the folder of root without the public folder and public_html contains the public files.
And I have changed in below lines in public_html/index.php:
require __DIR__.'./../laravel/bootstrap/autoload.php';
$app = require_once __DIR__.'./../laravel/bootstrap/app.php';
I have followed the solution for solving the problem but couldn't solve it as I'm using 5.2. If anyone has done this before please provide a valid solution.
Thanks in advance.
Laravel already comes with the public directory (which would be easily renamed public_html). However, looking at your code, an issue lies at **./**../laravel/bootstrap/autoload.php'
This would end up with a directory like Test./ instead of Test/. Remove the period before the first slash.
require __DIR__.'/../laravel/bootstrap/autoload.php';
$app = require_once __DIR__.'/../laravel/bootstrap/app.php';
So I just published a build of laravel to my production server. But the .env file was readable when I uploaded it. So I uploaded it to root of my site next to the public_html/ directory.
My question is: How to tell laravel where the .env file is located? It worked when I had it in the public_html/ folder but how do I tell it to look in the root folder?
Set env path in bootstrap/app.php:
$app->useEnvironmentPath($env_path);
for example, directory layout for my project:
webapp
-laravel
-public
-.env
Custom path to env file
$app->useEnvironmentPath(
dirname(__DIR__, 2)
);
As you can read in the official documentation, the .env file must be in the root directory of your Laravel app. There's no way to change the file location (and I think there's no point too).
Moreover, the root folder SHOULDN'T be a public folder, as .env shouldn't be exposed to a public access, otherwise the main security aim of it would be completely lost.
What you need to upload to public_html is contents of public directory in Laravel installation including any JavaScript files, CSS files or images that should be accessible to client, everything else should be placed out of public directory.
This way you can access .env file from other location, but it is not good for security.
your-project/bootstrap/app.php
$app = new Illuminate\Foundation\Application(
realpath(DIR.'/../')
);
$app->useEnvironmentPath(base_path('foldername/'));
add this code in .htaccess file for security
<Files .env>
order allow,deny
Deny from all
</Files>
I ended up setting a symlink from public to public_html and everything worked as expected
Add code in bootstrap/app.php
$app = new Gecche\Multidomain\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__),
dirname(__DIR__) . DIRECTORY_SEPARATOR . 'envfolder'
);