So I just published a build of laravel to my production server. But the .env file was readable when I uploaded it. So I uploaded it to root of my site next to the public_html/ directory.
My question is: How to tell laravel where the .env file is located? It worked when I had it in the public_html/ folder but how do I tell it to look in the root folder?
Set env path in bootstrap/app.php:
$app->useEnvironmentPath($env_path);
for example, directory layout for my project:
webapp
-laravel
-public
-.env
Custom path to env file
$app->useEnvironmentPath(
dirname(__DIR__, 2)
);
As you can read in the official documentation, the .env file must be in the root directory of your Laravel app. There's no way to change the file location (and I think there's no point too).
Moreover, the root folder SHOULDN'T be a public folder, as .env shouldn't be exposed to a public access, otherwise the main security aim of it would be completely lost.
What you need to upload to public_html is contents of public directory in Laravel installation including any JavaScript files, CSS files or images that should be accessible to client, everything else should be placed out of public directory.
This way you can access .env file from other location, but it is not good for security.
your-project/bootstrap/app.php
$app = new Illuminate\Foundation\Application(
realpath(DIR.'/../')
);
$app->useEnvironmentPath(base_path('foldername/'));
add this code in .htaccess file for security
<Files .env>
order allow,deny
Deny from all
</Files>
I ended up setting a symlink from public to public_html and everything worked as expected
Add code in bootstrap/app.php
$app = new Gecche\Multidomain\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__),
dirname(__DIR__) . DIRECTORY_SEPARATOR . 'envfolder'
);
Related
In Laravel 8 the .env file is well protected out of the public folder. Additionally, I've added a rule in nginx to protect hidden files
location ~ /\. {
deny all;
}
However, I've seen several requests to the server looking for the .env file in the public folder, even though is not there.
In a normal PHP app I would create a .ini config file with a secret name out of the public folder. Is there a way to rename the .env file to something else?
I know that renaming the .env will not solve the problem of the requests, but at least I'll rest assure that the file they are looking for, does not even exist.
.env file name is define in Illuminate\Foundation\Application.
modify bootstrap/app.php file to change default file name.
replace
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
with
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
$app->loadEnvironmentFrom('.NEW_ENV_FILE_NAME');
change NEW_ENV_FILE_NAME to whatever filename you want
I have laravel installed on my server and I want to add a folder called 'projects' in laravel's root folder and access the projects folder from URL.
What should I do to solve this issue? I want to upload some PHP code demos and allow people to view them.
I have tried playing with the .htaccess but nothing seems to work for me.
public_path(); // Path of public/
base_path(); // Path of application root
app_path(); // Path of app/
1.
Uploaded my files to 000webhost. I placed all files from the public folder to public_html then I created a folder named laravel and there I uploaded all other files. This is the structure of my directory:
laravel
app
bootstrap
config
....
public_html
index.html
.....
2.
In my index.php file, I already changed some things to these
require DIR.'/../laravel/bootstrap/autoload.php';
$app = require_once DIR.'/../laravel/bootstrap/app.php';
3.
I also changed the .env file and the database.php in the laravel/config folder
Problem:
I am now able to access the home page of my site, but when I click my links to the other pages error 404 shows up.
How do I fix this?
And how do I access the routes in my api.php ?
Thanks!
Your includes seem fine.
Be sure you also uploaded the .htaccess file located in /public (in your /public_html). The file name starts with a dot so it's commonly hidden.
The purpose of this file is to indicate Apache how to map URLs to real files (in this case, everything should point to index.php)
Try changing the index.php file. Change it as the following:
require __DIR__.'/laravel/bootstrap/autoload.php';
$app = require_once __DIR__.'/laravel/bootstrap/app.php';
This should solve the problem.
I am hosting my Laravel project on shared hosting where I don't have access to modify the apache config to look for the index file in /public.
I've also tried adding DirectoryIndex index.html to my .htaccess file at the place where the hosting is looking for the index.php file.
This does not work.
That being said, I think I can solve the problem if I simply move the index.php file out of /public (where Laravel has it by default) to the root where the hosting is looking for it.
That being said, what do I need to modify in this index.php file to allow the Laravel app to work?
My structure is:
public_html/ <-- where my files are served from and where index.php should be
my-project/
public/
index.php <-- where Laravel expects index.php to be to bootstrap the app
Okay here we go:
Let's say this is your folder structure:
MyUser/
public_html/
public/
What you want to do is:
Step 1. create a folder on the same level as public_html named laravel (or something to your liking):
MyUser/
laravel/
public_html/
public/
Step 2. upload ALL your laravel code to the laravel folder. Your code is now inaccessible through a web browser.
Step 3. Next, you copy all data from MyUser/Laravel/public to MyUser/public_html. Now we're getting somewhere. Warning: Don't forget to copy the .htaccess file too
Step 4. open MyUser/public_html/index.php in your favorite editor and change
$app = require __DIR__.'/../bootstrap/app.php';
to:
$app = require __DIR__.'/../laravel/bootstrap/app.php';
and change:
require __DIR__.'/../bootstrap/autoload.php'
to:
require __DIR__.'/../laravel/bootstrap/autoload.php'
Step 5. Now, since your storage directory is outside of your public_html, it'll most likely not be accessible, so CHMOD that to 777, and you're done!
A small tip:
See if you can create a symlink from MyUser/laravel/public to MyUser/public_html. That'll let you skip step 3 and 4.
Hope this helped.
I'm working on small project, and will host it on normal Godaddy host plan, the problem is: all file system will be accessible through internet.
so, how can I prevent access to any folder or file except /public
CONTRIBUTING.md
app/
artisan
bootstrap/
composer.json
composer.lock
phpunit.xml
public/
server.php
vendor/
thanks,
Why not split the project up? Upload the contents of public to your document root and the rest somewhere else (like your home directory). Then just modify the two paths in the public/index.php file to point to the right locations, eg
$path = __DIR__ . '/../my-app';
require $path . '/bootstrap/autoload.php';
$app = require_once $path . '/bootstrap/start.php';
If you point your apache site document root to /public, there is no way people can access any other file in your application outside your public. Even if they try to do things like:
http://yoursite.com/../
EDIT:
This is not something you should rely on a framework to do, securing directories on your site is the web server job, so you need to find a solution on your server: virtual host, document root, web root, domain directory or even .htaccess configuration.
In some shared hosting companies you can do that easily, some have cPanel or Plesk, but other, like Hostgator, will give you just enough configuration so you can change your directory root to /public. Looks like GoDaddy doesn't help much if you don't have a cPanel account, but, still, there are tricks to help you doing it the way you should be doing: http://support.godaddy.com/help/article/4067/setting-up-a-non-web-accessible-root-folder. Probably there are others around.