I found the following part in Laravel's documentation.
"Laravel should always be served out of the root of the "web directory" configured for your web server. You should not attempt to serve a Laravel application out of a subdirectory of the "web directory". Attempting to do so could expose sensitive files present within your application."
Does it mean it should be always directly in root directory, not in subdirectories or the other way?
What if my server provider gives me root directory / and tells me to put my files into /www ?
Does it make it vulnerable then?
I disagree with the above answer of #Jean-Roch B. and agree with the comment of #Tpojka.
If the root of the "web directory" on your server is /var/www you should put Laravel in that folder
No. The root directory (DocumentRoot as defined by https://httpd.apache.org/docs/2.4/mod/core.html#documentroot) is aimed to allow the HTTP server to provide the client the files recursively under. Meaning that siblings and recursively parents directories can't be provided to the client.
What does it means? That if you put Laravel recursively under the root directory, you will have a security issue. For example, the config and environment files, your controllers, your migration files etc., would be provided to the client if this latter asks for them.
By saying the following:
Laravel should always be served out of the root of the "web directory" configured for your web server. You should not attempt to serve a Laravel application out of a subdirectory of the "web directory". Attempting to do so could expose sensitive files present within your application.
, Laravel docs are saying to NOT put the Laravel directory recursively under the document root. YOU ABSOLUTELY MUST PUT THE LARAVEL DIRECTORY RECURSIVELY ABOVE THE DOCUMENT ROOT.
The document root, with a Laravel site, must ONLY point to the directory app/public of the Laravel directory.
I will quote #Tpojka (see his comment to the OP's question), who is absolutely right:
Nothing outside public directory shouldn't be available to external access. Only public directory should be accessible by externals. Everything else is lot of work on securing application.
Also, quoting again #Jean-Roche B.:
Obviously it's not a good idea to put Laravel in /var/otherdirectory or /otherdirectory
, if like he was saying /var contains /var/www, I thin rather that Laravel could actually be put in /var, delete www, and make the root directory be the app/public directory (this is an example).
To end: the DocumentRoot can normally be configured in your Web Host configuration admin panel.
Laravel is not very clear on this.
But what I understand is:
If the root of the "web directory" on your server is /var/www you should put Laravel in that folder and not in /var/www/otherdirectory or /var/otherdirectory or /otherdirectory
Obviously it's not a good idea to put Laravel in /var/otherdirectory or /otherdirectory, but why they say only at the root of the "web directory" and not in /var/www/otherdirectory ? I think nobodies knows and Laravel can't explain it really.
The root directory on a linux server is /
The root of the "web directory"directory on a linux server can be whatever is in your web server configuration or whatever your provider gave you (if you can't manage the web server configuration), but most of the time it's in /var/www, /var/www/html or /var/www/domain.com
Also Laravel members seem to be saying that you can't use Laravel in a subdirectory website like https://example.com/website because (Laravel say) they don't support it and (Laravel say) it's not recommended, even if this website is served out of the root of the "web directory" which is /var/www in most cases.
(But why???)
See the discussion here: Discussion 34388
So I am assuming you are using a shared hosting server:
the way websites are hosted is using a web server (apache, nginx, ...etc) (if you are using godaddy or namecheap hosting they will have a webserver installed inside
) in these web servers you set a document root as in where should the server direct the requests.
Knowing this if your server says put the files in /www then its most likely that /www is the document root and its where you should put the files
Note: whatever server you use i would be 99.9% sure that you should not put the website files or the actual root of the server aka /
Related
I'm a newbie to Laravel projects but I need to have one accessible over the internet so I tried using DirectAdmin but whenever I go to my domain I get an index (pictures attached).
I renamed the Laravel 'public' folder to 'public_html', is that correct? Here is my file structure.
Here is what I get when I go to my assigned domain which isn't my website at all.
The webpage should look something like this
I also found a laravel app using Softaculous linked here (https://panel.freehosting.com:2222/CMD_PLUGINS/softaculous/index.raw?act=software&soft=419). Am I required to use this app?
At first, you need to learn about the laravel directory structure. You don't need to change the laravel public folder to public_html. I am not sure how the DirectAdmin server works. but if you see a laravel directory instead of serving an application it's might be a path-related issue in your server. your domain should serve your application public folder.
I just found a tutorial for the DirectAdmin server with laravel. that might help.
I have a shared hosting with bluehost.com... can I just put my project on that.. like upload public files to public_html and others to root directory and backup MySQL DB and upload it to my shared hosting then edit my .env file... will this actually work with Laravel?
I searched most online resources and it requires ssh access to deploy, but the way I explained should not require that right?
I mean this way you don't have to go throw terminal access right?
I used to do that with WordPress when I want to set everything locally then upload it and edit URLs from the dashboard and stuff...
Yes it would work.
But you have to ensure one thing that, in your cpanel your domain point to the /public folder of laravel project.
Normally cPanel points the http requests to public_html folder, but laravel start from its public folder. You can achieve this by two way.
By pointing your server to straight to public folder
Copying the index.php to the public_html, in that case you have to edit index.php to run the laravel project properly. And I don't recommend this step. Step 1 is lot more easier.
What will be my .htaccess code? I want to host my laravel project in godaddy server, my project path will be in public_html/coder.com ? In coder.com, i have to keep all my project files and folders. Any idea please someone help me.
You have to keep backend files outside of the public_html folder. The content of the Laravel public folder should be placed inside coder.com folder. That is, you index.php, .htaccess and the rest should be placed inside coder.com folder.
Then, you need to edit index.php to point to the correct locations of vendor and bootstrap folder.
If, say for example, you placed the Laravel backend files in a folder named laravel at the same level as public_html, it should be /../../laravel/vendor/autoload.php and /../../laravel/bootstrap/app.php.
You do not need to edit the content of the default .htaccess file.
But, shared hosting almost always gives you unforeseen troubles. If you do not have shell access, you might need to ask for technical help from GoDaddy team to fix symlink issues if required.
Normally, there will be no issues with folder permissions, if there is you need to make sure that storage and bootstrap/cache is writable. Never ever give 777 permissions; 755 for folder/directories and 644 for files will be good. For this also, since it's shared hosting, you might want to seek technical assistance from GoDaddy.
I am using shared hosing for Codeigniter application for deployment.
How can i run staging url on live server?
1) domain.com (Working)
2) domain.com/staging/ (Not working, showing 404 error)
I created staging folder under public_html directory, now put All CI code in staging folder, and tried to run the application with URL domain.com/staging/ but it redirect on domain.com/404
I expect to run domain.com for users and domain.com/staging for development. (Staging URL i will use for development and after that i will place the same code for live URL.)
This is most easily done by using a subdomain for the staging version, i.e. staging.doman.com. The folder where you put the CI files isn't super important as the subdomain will be set to use the directory you choose.
You will either need to have complete control over the server or have a service provider that allows you to set up subdomains.
- Expanded Answer -
If you cannot set up a subdomain then your next best option is to use the advice in the documentation on Managing you Applications. It isn't required to use the file structure shown there. In your case try the following.
Create a folder on the same level as application named staging.
Into that folder copy all the folders and files normally found in /application.
Add all application folders and files required by your site. The files in these folders are those that make up the application you are staging.
Make a copy of index.php (the file at the root of the public folder, i.e. domain.com/index.php) and name it staging.php. Both index.php and staging.php will be in the same folder.
Edit staging.php and change the value of $application_folder to be the absolute path to the staging folder. For example:
$application_folder = '/path/to/domain.com/public_folder/staging';
The path above is an example. You must replace it with the actual path in your server. If you have no idea what the full and absolute path is you can use
$application_folder = dirname(__FILE__).'/staging';
Browse to the URL domain.com/staging.php and you should get your default controller's output. To test that you are actually seeing the staging version of the page temporarily change something in the view file so there can be no doubt.
You will go to other controllers by using the URL domain.com/staging.php/other_controller.
Change the value of $config['index_page'] in /staging/config/config.php to staging.php, e.g.
$config['index_page'] = 'staging.php';
Without the above change redirect() and many other "helper" functions will not work correctly.
(Optional?) You can probably edit the main .htaccess and add rewrite rules for staging.php the same way it is done for index.php. But I will leave that as an exercise for you. (Or for another SO question.)
A final word. It might be necessary to make other configuration changes to accommodate the revised file structure. I tested the answer here but did not go beyond the most basic task of browsing to controllers. Most likely config values for sessions, cookies, and many others will need to be adjusted for the staged version to work correctly. Check out the documentation on Handling Multiple Environments for guidance on making this less painful.
I've been successful in deploying Laravel 4 applications on shared hosts by simply editing the paths here at /bootstrap/paths.php.
However, Laravel 5 does not have that file. How does Laravel 5 manage paths? I have access to the root directory with public_html. I can upload all the files to root and public directories, but confused where to look for the paths to be maintained?
Laravel 5 is smart enough to detect all it's path. I was missing some of the files during upload. :)
What I did was upload all the files as it is structured and the content of public folder was uploaded into the www directory, that's it!
You can play with creating new Application() in bootstrap/app.php. Its constructor takes argument which tells where is rest of the application related to public/index.php
Currently app.php has
$app = new Illuminate\Foundation\Application(
realpath(__DIR__.'/../')
);
Change the /../ to something else if rest of the application folders for example in ../laravel/ compared to index.html
If you have cPanel in your shared hosting you can try these easier methods before trying to move the Laravel's public folder:
Often you also have an SSH access when you have cPanel on shared hostings, so you can replace the www folder (i.e. the website document root) with a symbolic link to [app]/public, then deploy your Laravel app inside the [app] folder.
If you are deploying on a subdomain, e.g. [app].example.com, usually with cPanel you can choose the document root, then you can simply set it to [app]/public.
I think the two methods above are both easier and safer than moving the public folder. I would keep this as the last option.
Take a look here for some more info: http://blog.netgloo.com/2016/01/29/deploy-laravel-application-on-shared-hosting/