Level 122
install with ONLY the public folder published
Everything else should be above your document root so that it is out of reach
1 like
Sep 27, 2020
12
Level 1
Deployed laravel to web-hosting, now ALL my files are accessible in the root directory.
Hello,
I deployed a small project on my shared webhosting and moved the files from public folder to the / root... Now all my files in the root / are accessible.
for example, I can access composer.json, composer.lock, artisan, package.json, etc... And see all the code inside.
How can I fix this thanks.
Level 75
A guide that works for shared hosting is http://novate.co.uk/deploy-laravel-5-on-shared-hosting-from-heart-internet/
Note it's not for digital ocean and services like that, they have their own tutorials.
I suspect you can see your .env also, which is a major security issue.
Level 27
@akc4 I think you are pointing your http://www.example.com to the laravel folder.
You need to point it to the public folder. Once you point to public, there is no need to move any files etc.
laravel <- currently pointing here
├── app
├── public <- point here
├── vendor
...
└── storage
1 like
Level 75
@laracoft actually better if main laravel is completely out of public_html like:
But just my opinion. But this folder structure has always worked for me.
In above, laravel54up is completely outside of any webroot.
Level 1
@laracoft thank you that was EXACTLY my problem, all fixed now. I also moved back the files into laravel public folder. Thanks everyone
Level 75
@akc4 main laravel should not be inside webroot, should be above. But if it works...
1 like
Level 27
@jlrdw I agree with being completely out of public_html, but did not want to add to further confusion.
Anyway, I also change public_html to throw off those script kiddies who hardcode these locations :)
Level 1
@jlrdw is it a major security issue? Because the .htaccess file blocks access to the files/folders
Level 75
I've see both ways, but see if you can read your .env, try:
what_ever_your_site.com/.env
Level 1
@jlrdw I get this :
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
Level 27
@akc4 .htaccess is not reliable because the administrator can misconfigure the server to disable .htaccess and create exposure, but changing the root folder by mistake is less likely.
If your .env is one folder level higher than public (which is Laravel's default), it is considered safe.
Level 1
@laracoft you are right, it is good practice to separate them. I will do it from now on. Who would say no to more security. :P
Please or to participate in this conversation.