Auto Start Laravel

Wait, what? You host your Laravel application on a webserver and still serve it via php artisan serve?

@tlteoh You should properly look towards using a proxy like Nginx or Apache instead.

The php artisan serve command are for local only and ain't that much used since Homestead was released.

If you're uncomfortable setting up a server with a proxy etc. you can look towards Laravel Forge, which is a paid service for managing servers. It does most (if not all) of the setup for you right out of the box.

If you' want to play around with setting it up by yourself, then you should properly read this article: https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-12-04

If you're uncomfortable setting up a server with a proxy etc. you can look towards Laravel Forge, which is a paid service for managing servers. It does most (if not all) of the setup for you right out of the box.

Forge does some of the setup out the box. I don't believe it handles any security for you.

Another option (which I'm using) is ServerPilot, which sets up an efficient and secure server environment and keeps it updated with security patches. ServerPilot is free for the core features.

@Mike Hopley what security?

@Mike Hopley what security?

Well, if you are using an unmanaged VPS (e.g. Digital Ocean), then you need to configure several things before your server is reasonably secure. You then need to keep on top of the latest threats and apply patches to your OS / webserver / whatever.

For example, out the box you have no firewall. You can learn how to set it up yourself, or you can let ServerPilot do it.

When some exploit comes out (like Heartbleed, shellshock, ghost, poodle), you need to patch the server quickly. You could scour various mailing lists and never go on holiday, or you could employ a sysadmin, or you could let ServerPilot do it.

Without doing these things, your fancy-pants Digital Ocean VPS droplet is less secure than a basic shared hosting account.

Whether you use a Digital Ocean droplet or an Amazon EC2 instance, unless you're paying for a managed service, you'll need to do those things yourself.

Setting up a firewall is trivial (particularly wih Ubuntu and ufw) and security updates are enabled by default with Forge servers. If you want to keep other packages up to date (PHP et al) you'll have to do that yourself.

@tlteoh don't run the php artisan serve command in production. You should be setting up a virtual host in your web server (Apache or nginx) and configuring the document root to point to your Laravel app's public folder.

Laravel isn't an app that needs to be "run" as such. Let us know if you need more help in configuring your web server.

Whether you use a Digital Ocean droplet or an Amazon EC2 instance, unless you're paying for a managed service, you'll need to do those things yourself.

...unless you use a service like ServerPilot to do it for you.

security updates are enabled by default with Forge servers.

Presumably this means security updates to the operating system. I didn't see that when evaluating Forge, as the Forge site seems to mention nothing about security.

If you want to keep other packages up to date (PHP et al) you'll have to do that yourself.

I'd rather not do it myself. I'm lazy and like having donkey work done for me.

ServerPilot looks great... downside, it appears to need a fresh droplet. I was hoping it would just connect to my current instance, especially since it's Ubuntu 14.04 anyways.

Well I guess it's because it expects default configs to be able to 'sed' custom values.

ServerPilot looks great... downside, it appears to need a fresh droplet. I was hoping it would just connect to my current instance, especially since it's Ubuntu 14.04 anyways.

Yeah, I guess this is just a limitation of how the installer / updater works.

Along a similar line, there are several places in the docs where they say, "If you change this core config file, you won't receive updates", and encourage to add your own config files instead.