Home > Software design >  Hostinger - Laravel - Shared hosting
Hostinger - Laravel - Shared hosting

Time:02-15

I have a Laravel 9 App that I deployed on hostinger shared hosting.

My site files look like this public_html/laravel-app.

In public_html file I don't have an index.php file to change the required bootstrap linked to access the Laravel application.. So all requests currently look like this: domain/laravel-app/public/index.php/{ROUTE}.

How can I fix it so it looks like: domain/{ROUTE}?

CodePudding user response:

this is a big security hole for you

you could try adding a .htaccess file in the root directory

RewriteEngine on

# serve existing files in the /public folder as if they were in /
RewriteCond %{DOCUMENT_ROOT}public%{REQUEST_URI} -f
RewriteRule (. ) /public/$1 [L]

# route everything else to /public/index.php
RewriteRule ^ /public/index.php [L]

I would ask your hostinger host for help as they can do this more securely for you.

CodePudding user response:

You have two problems here:

  1. Your site's document root is set two levels above where your application is

  2. You don't have rewrites properly configured.

andylondon's answer will help you solve problem #2 however this is still a large security risk if your directory visibility is not properly set. Your .env file and any other configuration files you might have lying around in plain text would be accessible from the web potentially exposing sensitive information.

Since you are using cPanel, you cannot change the document root of your main domain. A solution you can use is to move laravel-app folder to your home directory, one level above public_html. Then, move the contents of the laravel-app/public folder into public_html. You will need to edit the paths used in the Laravel's index.php because your application is not in a web-inaccessible folder.

If you placed laravel-app in your home directory and the contents of Laravel's public folder in public_html, your index.php file (as of Laravel 9) should look like this:

<?php

use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;

define('LARAVEL_START', microtime(true));

/*
|--------------------------------------------------------------------------
| Check If The Application Is Under Maintenance
|--------------------------------------------------------------------------
|
| If the application is in maintenance / demo mode via the "down" command
| we will load this file so that any pre-rendered content can be shown
| instead of starting the framework, which could cause an exception.
|
*/

if (file_exists($maintenance = __DIR__.'/../laravel-app/storage/framework/maintenance.php')) {
    require $maintenance;
}

/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| this application. We just need to utilize it! We'll simply require it
| into the script here so we don't need to manually load our classes.
|
*/

require __DIR__.'/../laravel-app/vendor/autoload.php';

/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request using
| the application's HTTP kernel. Then, we will send the response back
| to this client's browser, allowing them to enjoy our application.
|
*/

$app = require_once __DIR__.'/../laravel-app/bootstrap/app.php';

$kernel = $app->make(Kernel::class);

$response = $kernel->handle(
    $request = Request::capture()
)->send();

$kernel->terminate($request, $response);

Make sure your enable hidden files in cPanel's file browser and ensure the .htaccess file is there as well, to solve your rewrite problems.

CodePudding user response:

First of all I give credit in this to @apokryfos, @user83129 and @andylondon. The solution was a combination of there help.

  1. Step 1 was the .htaccess file for security as @andylondon said but should look like this (added laravel-app before public):
RewriteEngine on

# serve existing files in the /public folder as if they were in /
RewriteCond %{DOCUMENT_ROOT}public%{REQUEST_URI} -f
RewriteRule (. ) /laravel-app/public/$1 [L]

# route everything else to /public/index.php
RewriteRule ^ /laravel-app/public/index.php [L]
  1. Step 2 I copied the contents of laravel-app/public to public_html
  2. Step 3 I updated public_html/index.php to look exactly like this:
<?php

use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;

define('LARAVEL_START', microtime(true));

/*
|--------------------------------------------------------------------------
| Check If The Application Is Under Maintenance
|--------------------------------------------------------------------------
|
| If the application is in maintenance / demo mode via the "down" command
| we will load this file so that any pre-rendered content can be shown
| instead of starting the framework, which could cause an exception.
|
*/

if (file_exists($maintenance = __DIR__.'/store-api-9/storage/framework/maintenance.php')) {
    require $maintenance;
}

/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| this application. We just need to utilize it! We'll simply require it
| into the script here so we don't need to manually load our classes.
|
*/

require __DIR__.'/laravel-app/vendor/autoload.php';

/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request using
| the application's HTTP kernel. Then, we will send the response back
| to this client's browser, allowing them to enjoy our application.
|
*/

$app = require_once __DIR__.'/laravel-app/bootstrap/app.php';

$kernel = $app->make(Kernel::class);

$response = $kernel->handle(
    $request = Request::capture()
)->send();

$kernel->terminate($request, $response);

PS: laravel-app added in my answer is a custom name in which I named the directory containing my deployed Laravel app in public_html and can be changed according to each developer.

CodePudding user response:

Already Answered in 28364496. Mine blogged in Laravel without public in CPanel - How. Please make sure .env is not accessible public.

So, move .htaccess file of laravel project to /public_html/.htaccess.

<IfModule mod_rewrite.c>

    <IfModule mod_negotiation.c>

        Options -MultiViews

    </IfModule>

 

    RewriteEngine On

 

    # Redirect Trailing Slashes If Not A Folder...

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteCond %{REQUEST_URI} (. )/$

    RewriteRule ^ %1 [L,R=301]

 

    # Handle Front Controller...

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteRule ^ %your_project_path%/public/index.php [L]

 

    # Handle Authorization Header

    RewriteCond %{HTTP:Authorization} .

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

</IfModule>

%your_project_path% should replace with actual project path. Simply like domain/larave-app.

  • Related