I have loads of laravel projects in Envoyer and every single one of them has been a nightmare to set up permission-wise.
The problem:
-
bootstrap/cache must be owned by the user www-data
- The non-root ssh user is used to deploy from Envoyer so the whole app is owned by
theUser
The solution to the above is to add in the deployment hook (run as root) to chown -R www-data bootstrap/cache. This makes the app work, however, now Envoyer cannot purge old releases as it can't delete the bootstrap directory since it is owned by www-data.
Adding theUser to the www-data group doesn't help as it is read-only for the group.
When I look at a forge project I notice Envoyer runs as the user forge. The app resides in the /home/forge/ directory. Firstly, how did they get it to work? Secondly, I have read that you should NEVER serve a website from within the home directory? Update: Just checking permissions on a forge project I see that bootstrap dir is set to 775. How does it do this without doing it in the deployment hook??
I have been searching now for years for a definitive guide on how to correctly setup a non-root user Envoyer deployment with no luck. Ideally we should be able to create multiple vhosts on a server, giving them their own directory at /var/www/{theVhostUser}/ then be able to connect Envoyer as that user without the need for root.
Can anyone else share their setups that have worked?
