Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Seeker1337's avatar

Laravel 6+ VPS hosting error 403 access forbidden

Hello there. I've recently uploaded my website to a Virtual Private Server. The OS I'm currently using is - Ubuntu 18.04 with Webmin/Virtualmin/LAMP.

My domain points to the VPS ( although I haven't included /public nowhere in the pointing or in the domain. Do I have to? This /public folder is really giving me a hard time.. )

So, I've uploaded my project in the root directory and the 'PUBLIC' folder to 'public_html' directory.

So, when I try to access my website now I get - Error 403 - Access forbidden

Here is what I've changed in my files before uploading to the VPS:

.env

APP_NAME=random
APP_ENV=production
APP_KEY= I haven't touched this. I'm using the same key as on my localhost.
APP_DEBUG=false
APP_URL=https://www.mydomain.com

LOG_CHANNEL=daily

config/app.php


'name' => env('APP_NAME', 'random'),
'env' => env('APP_ENV', 'production'),
'debug' => env('APP_DEBUG', false),
'url' => env('APP_URL', 'https://www.mydomain.com'),
'asset_url' => env('ASSET_URL', null),

public_html -> ( Here I put all my folders/files from 'PUBLIC' without the folder itself ) ->index.php


require __DIR__.'/../app/vendor/autoload.php';
$app = require_once __DIR__.'/../app/bootstrap/app.php';

EDIT: I haven't changed anything in .htaccess .

0 likes
10 replies
hakhsin's avatar

Hi @seeker1337, replace this with your .htaccess:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ / [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

You have to update the file index.php in the your public folder like this:

/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| our application. We just need to utilize it! We'll simply require it
| into the script here so that we don't have to worry about manual
| loading any of our classes later on. It feels great to relax.
|
*/

require __DIR__.'/../../your_app_dir/vendor/autoload.php';

/*
|--------------------------------------------------------------------------
| Turn On The Lights
|--------------------------------------------------------------------------
|
| We need to illuminate PHP development, so let us turn on the lights.
| This bootstraps the framework and gets it ready for use, then it
| will load up this application so that we can run it and send
| the responses back to the browser and delight our users.
|
*/

$app = require_once __DIR__.'/../../your_app_dir/bootstrap/app.php';
Seeker1337's avatar

I've edited the .htaccess and .index.php files but now I'm getting a 403 error - access forbidden. I think this has to do something with pointing the domain to the /public?

hakhsin's avatar

@seeker1337, Do you set your VPS on php 7.2? Do you clear your cash before uploaded your app on VPS? Do you update your .env file?

ایرانی هستی؟

Seeker1337's avatar

I've done everything as it should be but I still get this 403 error. My root folder is outside of 'public_html' and only the 'PUBLIC' is inside it. The VPS is using PhP version 7.2.24

hakhsin's avatar

Can you give me a image of the error?

Seeker1337's avatar

I don't know how to upload images here. The error is: You don't have permission to access this resource. There is a miss configuration somewhere but I don't know where. When I move the files out of 'PUBLIC' folder directly into 'public_html' I get error 500. When I keep the 'PUBLIC' folder itself in 'public_html' I get error 403..

Should I include /public in my APP_URL in .env. Also should my URL start with http or https ( I have SSL ).

takdw's avatar
takdw
6 years ago
Best Answer
Level 11

If you're using Apache, just put your Laravel project in the /var/www/html/your-app. Then edit your /etc/apache2/sites-available/000-default.conf and edit the DocumentRoot value to point to your Laravel public directory (/var/www/html/your-app/public). After doing this restart apache2 service by running sudo service apache2 restart.

EDIT: One thing you have to mess around with is to fix the file and directory permissions. To fix this I just give full ownership to the www-data user and add my user to the www-data group. You can do this easily with the following commands:

Give ownership to www-data:

sudo chown -R www-data:www-data /var/www/html/your-laravel-project

Add your user to the www-data group:

sudo usermod -a -G www-data <user-name>

Then set the right folder and file permissions using the commands below:

sudo find /var/www/html/your-laravel-project -type f -exec chmod 644 {} \; 
sudo find /var/www/html/your-laravel-project -type d -exec chmod 755 {} \;

I hope you find this helpful.

Seeker1337's avatar

Oh you almost saved my day. Thank you very much for the help but there is something else that has to be done: Now my website is displaying an 'Apache2 ubuntu Default page ' - If you can read this page, it means that the Apache HTTP server installed at this site is working properly. You should replace this file (located at /var/www/html/index.html) before continuing to operate your HTTP server.

With which file should I replace this one?

Also do I have to edit the ports or ServerAdmin in the 000-default.conf ? It looks like this now:

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/myapp/public

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
takdw's avatar

@seeker1337 Did you restart Apache after making this change?

EDIT: Port should remain the same.

Seeker1337's avatar

Yes, I did but now I'm getting other issues.. When I type the following command I get the following error:

sudo chown -R www-data:www-data /var/www/html/my-project
(Also tried with /public behind it )
sudo chown -R www-data:www-data /var/www/html/my-project/public


chown: cannot access '/var/www/html/my-project': No such file or directory
chown: cannot access '/var/www/html/my-project/public': No such file or directory

I don't know what Im doing wrong..

EDIT: Is my .htaccess file properly configd like that?

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ / [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Please or to participate in this conversation.