Laravel "public" folder on a cloud server: is it safe to leave it in public

we recently contracted a cloud server (NOT shared hosting). We are going to proceed to install Laravel in it. I would like to know if it is safe to leave the content of the "public" folder inside "public_html" and move the rest of the app one level up or if it is necessary to also move the public folder outside of public_html (this last option is complicated to set due to restrictions of the server). Thanks in advance!

CodePudding user response：

It is completly fine to upload a Laravel project like that, in my experience the folder structure i used was...

| public_html
  | index.php
  | ... etc
| laravel-app
  | app
  | migrations
  | ... etc

While my public_html/index.php file had this config.

require __DIR__ . '/../../laravel-app/vendor/autoload.php';

$app = require_once __DIR__ . '/../laravel-app/bootstrap/app.php';

With this structure your are not compromising user information by not setting any info in the public folder.

What is more, by doing this you take away form git structure all the files in public folder, so any hand made change made to the files won't affect your git repo.

Of course, when you modifie any of the files (js, css, index, etc) you need to manually move them.

I made a video not so long ago (it is in spanish) but the goal is to load a Laravel project to cPanel, the pont is that i made a script that moved the /public files to /public_html with every git push to master, maybe you can do something similar.

Video: https://www.youtube.com/watch?v=a5cyTpQMqi0

CodePudding user response：

if in the files in the public folder are not stored confidential info such as passwords and usernames related to any component of your website it can be fine