I have access to bluehost unlimited hosting, with many domains on it, including my own.
I have SSH access.
I have deployed a laravel web app by putting the app, bootstrap and vendor folders in a folder outside the main public_html directory, and laravel's public folder contents in my domain folder, adjusted the include routes, and it's working fine.
1) Now, I would like to have all laravel related files in my domain folder but don't know how to make it secure, i.e. pointing the domain to a laravel's public folder inside my domain folder, instead of root of my domain folder, thus preventing public access to app, bootstrap and vendor folders.
I'm not sure if I explained it clearly, this is what I'm trying to achieve:
public_html/
some_domain_folder/
my_domain_folder/
app/
bootstrap/
public/
vendor/
and for my domain to point to my_domain_folder/public so the rest of laravel's files are inaccessible to public.
How can I do that?
2) If I succeed in doing 1) would I be able to execute php artisan commands via SSH?
Thanks,
Petar
Point your domain to the domain folder as normal. Then you can use a .htaccess file inside of my_domain_folder to re-write requests to /public
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
You should be able to run php artisan commands via SSH that bluehost gives you just fine, .htaccess only affects people accessing your site via their browser, not via the command line.
Related
I have hosted my site on aws through ftp,
now when i access this
url : http://X.XXX.XXX.X/projectfoldername/
i can access the page after i use
http://X.XXX.XXX.X/projectfoldername/public
but i want to remove public changed htaccess file also but when i upload it on cpanel it is working.
.htaccess file :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(.*)$ /public/$1 [L,QSA]
</IfModule>
Any help is highly appreciated
Nearly all Linux OS's have a .conf file that you can use to tell it which folder is the public folder. This needs to be updated for Laravel to work.
From here (https://bobcares.com/blog/cpanel-change-root-directory/), for cPanel:
4. Updating cPanel files
cPanel/WHM does not have an option to change the document root of the main domain via any interface. By default it is the public_html folder in the user home directory.
In certain rare scenarios, we have customers who want their document root to be changed to another folder than public_html.
This has to be done from the backend by updating the cPanel user account file at /var/cpanel/userdata/username/domainname .
The following parameters are updated with the desired directories.
documentroot: /home/steinknu/public_html
scriptalias:
-
path: /home/steinknu/public_html/cgi-bin/
For sites with SSL installed, the configuration file for SSL is also updated accordingly.
This file is available at the location /var/cpanel/userdata/username/domain_SSL .
After making the changes, the user data cache is updated and Apache configuration file is rebuilt to reflect the changes in the corresponding files.
The Apache and PHP-FPM services are restarted and we verify the relevant configuration files to ensure that they are all updated properly.
I recently installed a Laravel app on an OVH shared hosting (pro so I have ssh access). This is my installation structure :
user
app
public
www
Site access is under 'www' so I created a symbolic link there:
ln -s /home/user/app/public /home/user/www/index.html
The symlink is working and pointing to the laravel public folder when I check in Filezilla.
However when trying to access the site I am getting a 403 Forbidden You don't have permission to access this resource.
What am I doing wrong here ?
your symbolic link is problem... you are pointing to index.html instead of index.php
try this:
ln -s /home/user/app/public /home/user/www/index.php
and Create and put this .htaccess file in your laravel installation(root) folder.
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
I couldn’t get this to work, it is not a laravel related problem by the way, I assume ovh doesn’t allow symlinks to a protected folder on shared servers. A shame really but I ended up installing laravel in the www folder and preventing access to root with an .htaccess
You can define a multisite with app/public as root folder. Also, I wouldn't have a link to a file like index.html, but either to a folder like ../app/public, e.g. to ensure __DIR__ works correctly in php. (By the way, Laravel does not have an index.html).
I had a similar issue on an OVH shared server: 403 forbidden, You don’t have permission to access this resource when accessing files in Laravel's public storage.
Tweaking .htaccess to allow from all or filesystem access control permissions to 777 rwxrwxrwx had no effect.
For me, the solution was to replace the absolute link /home/accountname/www/***/storage/app/public created by php artisan storage:link by the relative link ../storage/app/public
I am using laragon server for php 7.2 laravel. I have tried a lot to remove public keyword from my url http://localhost/myLaravel/public/ by its normal method of copying .htaccess folder in my laravel project directory as well as by copying and renaming server file to index.php. But it didn't work.
whenever i write this url: http://localhost/myLaravel/
it give me following error:
Forbidden
You don't have permission to access /myLaravel/ on this server.
Any solution?
Laravel app is not meant to be accessible in a subdirectory by default. You can do one of the following:
point your domain to the myLaravel/public directory, if you want a dedicated domain or subdomain
move the public directory to the root of your Laravel app, as described here: How to make public folder as root in Laravel?
You can use this htaccess code in laravel root directory.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
I have developed a project with Vuejs as the front-end and Laravel as the back-end api.In localhost they run in different ports.How should I deploy them in production?
When you build your Vue app for production, all the relevant files are in the dist folder. It does not run on any port, but instead the files are served by a webserver (e.g. Apache or Nginx). For a laravel api you normally have the public folder in the laravel installation visible, while having the rest of the files not directly accessible from the web.
I am going to assume that you want to deploy the api and the frontend on the same domain. The easiest way of getting this to work is by having a specific prefix for your api. In the case below, I use the prefix /api for all api requests, since this is the default for api routes. Anything else is considered a request for the frontend.
You set up your folder structure like the following. The public_html folder is what is normally loaded when going to example.com and you can test this by adding a test.txt file with some content and going to example.com/test.txt. The backend folder contains your laravel installation. The frontend folder contains everything that the dist folder contained after running npm run build.
/var
+-- /www
+-- /vhosts
+-- /example.com
+-- public_html
+-- /backend
+-- /frontend
To get everything to work, we are going to remove the public_html folder and replace it with a symlink to backend/public.
cd /var/www/vhosts/example.com
rm -r public_html
ln -s ../backend/public public_html
When we check example.com, we now should see that we can make requests to the api using example.com/api/someroute. There are several ways we can make the frontend work with this, but for ease of deployment, lets create a symlink to the dist folder.
cd /var/www/vhosts/example.com/public_html
ln -s ../../frontend/dist app
If you are using hash mode for your Vue application and don't mind accessing the app through example.com/app, I believe this is all you would need to do. Otherwise you would need to modify the .htaccess file if you are using Apache, or change the rewrite configuration of whatever other webserver you are using. I imagine the .htaccess file would look something like this:
# We assume that the FollowSymLinks option is enabled in the main Apache configuration.
RewriteEngine On
# Rewrite anything that starts with `api` to the laravel index file
RewriteCond %{REQUEST_URI} ^/api
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Rewrite anything else to the frontend app
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /app/index.html [L]
I am running laravel on a subdomain i.e. subdomain.mysite.com
I have setup my structure like this:
username
-public_html
--subdomain
---public
Basically, when I created my subdomain the path I set was subname/public so the subdomain points to the public folder. I have uploaded laravel to subname so when someone goes to the subdomain url it looks at the public folder and it shows the laravel You have arrived page.
Now when I browse to mysite.com/subname it gives me a forbidden page and when I browse to mysite.com/subname/public it shows the laravel you have arrive logo.
Is it safe to set-up laravel on a subdomain this way or am I exposing the app / model / controller folders etc?
Is this just very bad and should i move the laravel core files above public_html?
I hope this makes sense
Thanks
With proper Apache configuration (or any other server you use) and .htaccess ( in case of Apache) you can restrict the access to your core directories irrespective of where your files are located.
I do not know about your server configuration and which folders you have access to, but in case you have access to other directories, you can set up laravel in somewhere else other than under public_html and set up public directory to be visible, just like you did when setting up it as a sub-domain.
If you want to setup as a sub-folder under mysite.com you can keep the Laravel installation somewhere else, and provide symbolic link under public_html like this
ln -s /path/to/laravel/public /username/public_html/subdomain
In such case you need to add following line to .htaccess file.
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /subdomain # Add this line
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Hope this helps.