Security deploy API Laravel


I have an app made in Laravel only to consume in REST but how do I do it so that there are not public files and sensitive routes like / storage or composer.json until .env? What good practices do you recommend, if .htaccess is a good idea or not, and also how to remove public from the route?

I am learning about servers and deploys, I listen to tips about all security.

PS: Use Elastic beanstalk for deploy

asked by Luis 13.04.2018 в 00:36

1 answer


Hi, I'm pretty sure that storage and .env are available to the public, Laravel comes with a .htaccess file configured to protect public, where you're sending your shared server / VPS production code.

To deploy the only application we have in PHP at work we use gitlab CI / CD


In this post you will find good practices to send your application to production without problems.

answered by 13.04.2018 в 01:28