Deploy Laravel 5 using only FTP in a shared hosting

Question

I need to deploy a laravel 5 project to a client host.

The plan of my client is basic hosting: Linux + MySql without cpanel or similar (i.e. no admin panel).

I have access only via ftp and only to a folder named www.mycustomerweb.com. It means I can not create a directory at the same level of www.mycustomerweb.com folder. Only inside it (I think it is called shared hosting).

One year ago, I deployed a project made with Laravel 4 this way:

got rid of public folder moving its content to root folder and updating index.php and bootstrap.php
finished whole project in localhost (with Xampp)
uploaded all files to www.myclientweb.com via ftp.

My questions are:

Did I do everything all right with laravel 4 project? May I have fallen into security issues (I mean, is the site safe)?
How do I deploy a laravel 5 project to the same site? In Laravel 5 I can not get rid of public folder as I did with Laravel 4.

Right now, I have set up a fresh installation of Laravel 5 on localhost and then I have uploaded all files to www.myclientweb.com folder via ftp:

I can see wellcoming page of laravel at http://www.myclientweb.com/public.
I can not see anything at http://www.myclientweb.com/
And also I CAN SEE .env CONTENT AT http://www.myclientweb.com/.env ???????

Surely this is not the right way...

I've had a long searching through the web and Stackoverflow with no luck.

Really apprecite any help.

Thanks for reading.

I think you can put an .htaccess in your root project folder denying access to everything and redirecting it to the public folder. I have no idea how you would do it, but I think if you google you can find something done. — hfingler, Apr 02 '15 at 03:37
What I've done, contact hosting company tell them you want root at "www.mycustomerweb.com folder/public" and just copy everything as is to server... thats the easiest way. Good luck, solve this with hosting company... — Kyslik, Apr 02 '15 at 08:05
whatever you did for laravel 4, do the same for laravel 5. no difference. — itachi, Apr 02 '15 at 09:19
Thanks a lot @itachi. It worked! Just the simplest solution and, as usual, better try by myself first... You may transform your comment to a reply so I can set it as answer. Also, I'd like to add details: 1. move every file in public to parent folder. 2. update index.php. 3. add the following line to .htaccess: RewriteRule ^(server\.php|gulpfile\.js|\.env) - [F,L,NC] — Andrew F., Apr 02 '15 at 16:42

score 10 · Answer 1 · answered Nov 04 '15 at 07:16

10

I create a new folder named "protected"
Move all except "public" folder into "protected" folder
Move all inside "public" folder to root
Edit index.php in root folder(from public folder),

edit require __DIR__.'/../bootstrap/autoload.php'; into require __DIR__.'/protected/bootstrap/autoload.php';

also edit $app = require_once __DIR__.'/../bootstrap/app.php'; into $app = require_once __DIR__.'/protected/bootstrap/app.php';

answered Nov 04 '15 at 07:16

Agung Kessawa

533
6
18

1

If you won't protect that folder somehow, through .htaccess, ths guideline would just fakes some protection... I do not recommend it this way. – giovannipds May 13 '16 at 21:52
@giovannipds may you please share some way with htaccess to protect that folder please. – Noitidart Sep 10 '17 at 22:57
I can't. Firstly I'd recommend you to get rid of a hosting like this nowadays. Secondly, you can manage this situation with URL redirection rules at `.htaccess` + permissions based on directories and/or extensions. It's something that depends on your project/framework, I have no ready code for Laravel here. It's just not the right way. The best thing to do is to get rid of a hosting like this, this is important. – giovannipds Oct 12 '17 at 13:31

ssi-anik · Answer 2 · 2016-05-13T22:10:31.160

8

UPDATE
This is a risky process. By using this, you give malicious users permissions to find bugs. like, http://project-url/storage/logs/laravel.log is still open.

Previous Answer:
Those who hardly check the comments, @Andrew F. has already given the answer.
but he missed some other files like composer and package.
Formatted answer is:

move every file in public to parent folder.
update paths in index.php.

add the following line to .htaccess:

RewriteRule ^(server\.php|gulpfile\.js|\.env|composer.*|package.*) - [F,L,NC]

edited May 13 '16 at 22:10

answered Oct 15 '15 at 07:33

ssi-anik

2,998
3
23
52

I got a 500 Internal Server Error with this. – giovannipds May 13 '16 at 21:50
are you using 5.1? @GiovanniPiresdaSilva – ssi-anik May 13 '16 at 22:05
I'm almost sure I was, @ssi-anik. I don't know anymore, haha, but I've already figured out this. Sorry If I didn't see your fast reply before. Thanks anyway. =) – giovannipds Jul 04 '16 at 18:49

score 2 · Accepted Answer · answered Jun 15 '15 at 09:37

2

There is no difference between L4 and L5, so do the same thing you did for L4.

answered Jun 15 '15 at 09:37

Karwan Jacksi

76
1
8

1

Anyways you should protect the root files somehow, remember that. – giovannipds May 13 '16 at 21:55

score 2 · Answer 4 · answered Jun 25 '15 at 09:41

2

If you are trying to run Laravel 5.1 into a shared hosting space or you are trying to put your laravel 5/5.1 into a sub directory on your shared hosting so you can access it like this:

http://mywebsite.com/mylaravel/

So this answer is for you, first of all make sure you meet

Laravel 5.1 requirements :

- PHP 5.5
- PHP extension Mcrypt
- PHP extension Mbstring
- PHP extension OpenSSL

Here two tutorials for you :

Link 1

Link 2

answered Jun 25 '15 at 09:41

Mohamed Salem Lamiri

5,767
6
34
47

Thanks a lot for your answer. Unfortunatelly I can not create directories not accesible from the web. I mean, I have just one folder to place all my files. Anyway, @itachi told me to do like L4 and it worked. Thanks! – Andrew F. Jun 27 '15 at 01:09
I just rename my public `folder` to `public_html`. And change bootstrap files, Is this correct way for laravel 5.1+ – Aipo Aug 31 '15 at 19:19

Deploy Laravel 5 using only FTP in a shared hosting

4 Answers4

Linked