Laravel lock some folders on host - laravel

Guys I have created my first Laravel Project and I uploaded it to the server successfully and everything works perfect.
But I can write in the url www.mydomain.com/resources/views and show all my views!
Also user can open my .env file and view my database connection info!
I want only the user to navigate only to my routes not to any folder he guess.

Basic Instruction to Deploy Laravel to shared hosting7
You should point your document root to app/public/
run composer install in the project root directory
set writable permissions to bootstrap cache chmod 777 bootstrap/cache
set writable permissions to storage chmod 777 storage -R
There are many things that can go wrong while deploying application. So, it would be easier for us to help you, if you also provide us step by step process that you followed while deploying the laravel application.

For securing your routes and .env file you need to get into your hosting root directory, create .htaccess file and copy the below code and paste it in there
# Disable index view
Options -Indexes
<FilesMatch "\.env$">
Deny from all
</FilesMatch>
I hope this will solve your problem.

Related

500 issue with Laravel

I have seen this answer in many posts but they have not helped me at all. I followed the regular steps to create the laravel project like this:
I cloned from my repository.
I ran composer update.
I added 777 permissions to storage and bootstrap folders.
I have a .env file.
I verfied the .htacces and it's ok.
It is working in locahost, but when I try to replicate it in Hostinger it does not work, it displays the 500 server error. So I wonder what is the problem?
I checked the logs by the way and they were empty. I put the laravel project debugger to true too.
the website url is xellin.com
The debug:
The logs folder:
Thanks.
I think this is a good opportunity to point out how PHP / Laravel / Underlying Server interacts one to each other.
First:
The HTTP server inspects Document Root and .htaccess to get instructions.
If the file is .php (like Laravel), then it CALLS to the php handler.
The php handler could be a FPM version or a Fast CGI version.
-> If an error ocurrs parsing the .htaccess or with the initial interaction between Http Server and PHP... Laravel never runs for real. All ends in a PHP error log
To find out what's wrong, you need to inspect what PHP / Http Server said about the error in their respective logs.
In short words: at this point is not a Laravel error, but a server/php one.
Second:
If Apache/PHP runs well, then PHP executes the Laravel Applicacion Lifecycle... if Laravel encounters a problem, then you will see the usual output error of Laravel Error Handler.
I think this is a must to know to work with web apps in general, because many times developers miss to catch if the problem was with Laravel, or with PHP / Server itself.
As a side note, that's why it is important to know how to choose propper hosting service for Laravel.
Thanks for reading.
You can try to clear cache
Like as
php artisan optimize
Or
You can manually delete cache files which is located in bootstrap folder and inside bootstrap folder you can see cache folder inside cache folder delete all files except git ignore file your issue fix
If you show again this error on live serve then tou can update your composer and then run
php artisan optimize
at first, if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...so please be careful because IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. please read the full explanation from here
the second here is the detailed steps I used to deploy my projects to the server:
run npm run production then update your github repo.
clone the project from GITHUB to server - clone to an outside folder (not public_html folder)
run cd <cloned folder name>
run composer install
run npm install
copy and configure .env file to cloned folder( be sure name is .env not env).
copy all content of cloned_project_folder_name/public to public_html folder
in index.php inside public_html folder edit as below
$app = require_once __DIR__.'/../cloned_project_folder_name/bootstrap/app.php';
require __DIR__.'/../cloned_project_folder_name/vendor/autoload.php';
set your .htaccess properly.
change permission to 755 to index.php and all file in public_html folder
run composer install --optimize-autoloader --no-dev
run php artisan config:cache
run php artisan route:cache
I think I state it all, hope that will help

Forbidden You don't have permission to access {codeigniter} on this server

I am trying to run CodeIgniter for the first time. I have a running apache2 server on my machine. I downloaded CodeIgniter and copy extracted folder it into /var/www/html folder. Also, I set baseUrl config in CodeIgniter
$config['base_url'] = 'http://localhost/codeIgniter';
But I am getting
Forbidden
You don't have permission to access /codeIgniter/ on this server.
I tried setting .htaccess file but couldn't fix the issue. what is the solution for this issue?
This is a pretty vague question but here are some trouble shooting things.
In the HTML folder do: chown -R www-data:www-data nameOfProject.
Also did you set up everything in your apache/sites-available and sites-enabled. Also set up your host file
If this doesn't work just google setting up a ci project.
The reason you had to chown it was to allow appache to access it

Install Laravel on dedicated server's subfolder

So I am having an issue with pushing a Laravel app to production on a dedicated server's subfolder.
Server is run on Apache.
Url I want to push my app would be subdomain.domain.com/project
The structure of my dedicated server is
.cpanel
...
-laravel
-app
-vendor
-...
-public_ftp
-public_html
-folder
-contents of laravels public directory
-ssl
I know that in order not to expose my hidden files I am required to install it in a root directory, but this is not an option because I will be having multiple projects running under subdomain.domain.com/project-1, subdomain.domain.com/project-2 and etc... and all will have a separate laravel installation.
I need a hand in order to achieve that, can anyone give me some advice?
Managed to do it myself, the problem was when i was creating a symlink, so instead i just moved contents of my public directory to public_html/project-1/ and changed index.php path to /../../laravel/
The thing was that I have done it originally but I didnt expect that permissions for storage need to be manually set, that solved my issue and laravel works.
ALWAYS CHECK ERROR LOGS :)
You can place your separate folders in your subdomain with no problem.
The important thing is that you need to point the browser to public/ folder under your laravel projects.
You can create a .htaccess file with the command below in root folder of each project and perform a redirect.
Place the following command in your .htaccess file:
RedirectMatch ^/$ /public/

Index page is not coming / showing in laravel framework

I am using Ubuntu 14.04LTS. Here is what i have done till now:
I have installed composer using curl,
move this composer.phar file to usr/local/bin directory
Created project laravel in my root folder i.e. var/www/html
Change the permission of app/storage folder.
Created the file name as laravel.conf like 000-default.conf in etc/apache2/site-avaliable directory.
edit that laravel.conf file from terminal and save that file.
disable 000-default.conf file and enable laravel.conf file.
restarted the apache2 service.
Here is my problem: now i am trying to run it from my localhost but it does not show index.php page of my project laravel.
Any help to sort this, will be highly appreciated.
Laravel builds its own output based on your controllers, generally utilizing view files (blades) as templates. Unless you specifically tell it to in your controller, it will not return a static or dynamic index.php page. If this is your first Laravel project, I recommend reading up on how routing works at http://laravel.com/docs/5.0/routing .

public_html folder invisible

I have a website which I copied to this location. The public_html folder was also uploaded with the other folders but it is not showing up. Please guide me. Thanks.
As you are using DreamHost web hosting you wont have any control over ssh and chmod , chown commands. I think dreamhost wont use cPanel for shared hosting, they have their own control panel, so there is nothing you can do, Ask dreamHost support to reinitialize your public_html directory. Surely they will do that. I searched on dreamhost forum and found these link-
https://discussion.dreamhost.com/thread-13646-post-13647.html#pid13647
https://discussion.dreamhost.com/thread-128630.html
Currently in your case i saw that there is no issue related to public_html (technically "Document Root" ) directory coz as your http://www.inspuratesystems.com/second/ is pointing to correct directory , and your documentRoot is parent of that directory, So if your documentRoot was wrong then there were no chance to access that that url, currently your domain is opening a correct index.html file which indicates that your documentRoot is there.
Create a index.html or home.html file there manually (from their web based file manager) and see if it is working or not, if it works then there is some issue with your uploading.
Your hosting provider seems to be dreamhost.com
Please check out this thread, according to which public_html seems to be a special case on dreamhost:
https://discussion.dreamhost.com/thread-144453.html
and/or this:
Getting a 'Not Found' error on my website?
Hope it helps!
Make sure that the public_html folder has execute permissions
chmod a+x public_html
That will allow execute permissions for everybody.
Perhaps it's possible that server (apache?) hides folders named public_html? Also check that group others have read and execute permissions for that folder.
In folder /path/to/second/ run
chmod ugo+rx .
chmod -R ugo+rx public_html
to set folder visible.
cpanel may handle the "public_html" folder in a unique way. Try uploading to a folder like: /home/yourusername/public_html/second/files/ instead of /home/yourusername/public_html/second/public_html/
If you are wanting to create a new distinct website at inspuratesystems.com/second/ you don't need a second "public_html" folder. Just put them in the /home/yourusername/public_html/second directory.
If you are using a linux or OS X server, you may need to change the permissions on the folder.
Did you checked if the folder is hidden attribute?
If you execute ls -a in terminal, you will know about it's existence. If it is present then please try giving it read & execute permission (using chmod 555 command). Give write permission if you are planning to write something or take feedback from users (using chmod 777).
I tried some of this options above but unfortunately none worked. Instead I discovered that in CPanel you have a "Preferences" tab and in that tab you have a "User Manager" function. You can there edit the ftp user that you created before in CPanel. On the "User Manager" funcion you can find the "Home Directory" configuration. On that home directory you just choose the "public_html". When you configure the user in the ftp account on your ftp platform, it goes directly to the path you defined in CPanel.

Resources