Hostinger - Laravel - 共享主机

Question

我有一个 Laravel 9 应用程序部署在 hostinger 共享主机.

我的站点文件看起来像这样 public_html/laravel-app。

在 public_html 文件中，我没有 index.php 文件来更改所需的 bootstrap 链接以访问 Laravel application.. 所以目前所有的请求都是这样的： domain/laravel-app/public/index.php/{ROUTE}.

我怎样才能修复它，使其看起来像：domain/{ROUTE}?

Answer 1

这对您来说是一个很大的安全漏洞

您可以尝试在根目录中添加一个 .htaccess 文件

RewriteEngine on

# serve existing files in the /public folder as if they were in /
RewriteCond %{DOCUMENT_ROOT}public%{REQUEST_URI} -f
RewriteRule (.+) /public/ [L]

# route everything else to /public/index.php
RewriteRule ^ /public/index.php [L]

我会向您的托管服务商寻求帮助，因为他们可以更安全地为您做到这一点。

Answer 2

你这里有两个问题：

1. 您站点的文档根目录比您的应用程序所在的目录高两层

2. 您没有正确配置重写。

andylondon 的回答将帮助您解决问题 #2，但是如果您的目录可见性设置不正确，这仍然是一个很大的安全风险。您的 .env 文件和您可能以纯文本形式存在的任何其他配置文件都可以从 Web 访问，可能会暴露敏感信息。

由于您使用的是 cPanel，因此无法更改主域的文档根目录。您可以使用的解决方案是将 laravel-app 文件夹移动到您的主目录，比 public_html 高一级。然后，将 laravel-app/public 文件夹的内容移动到 public_html 中。您需要编辑 Laravel 的 index.php 中使用的路径，因为您的应用程序不在 web-inaccessible 文件夹中。

如果您将 laravel-app 放在您的主目录中，并将 Laravel 的 public 文件夹的内容放在 public_html 中，您的 index.php 文件（如Laravel 9) 应该是这样的：

<?php

use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;

define('LARAVEL_START', microtime(true));

/*
|--------------------------------------------------------------------------
| Check If The Application Is Under Maintenance
|--------------------------------------------------------------------------
|
| If the application is in maintenance / demo mode via the "down" command
| we will load this file so that any pre-rendered content can be shown
| instead of starting the framework, which could cause an exception.
|
*/

if (file_exists($maintenance = __DIR__.'/../laravel-app/storage/framework/maintenance.php')) {
    require $maintenance;
}

/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| this application. We just need to utilize it! We'll simply require it
| into the script here so we don't need to manually load our classes.
|
*/

require __DIR__.'/../laravel-app/vendor/autoload.php';

/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request using
| the application's HTTP kernel. Then, we will send the response back
| to this client's browser, allowing them to enjoy our application.
|
*/

$app = require_once __DIR__.'/../laravel-app/bootstrap/app.php';

$kernel = $app->make(Kernel::class);

$response = $kernel->handle(
    $request = Request::capture()
)->send();

$kernel->terminate($request, $response);

确保在 cPanel 的文件浏览器中启用隐藏文件并确保 .htaccess 文件也在那里，以解决您的重写问题。

Answer 3

首先，我将此归功于@apokryfos、@user83129 和@andylondon。解决方案是帮助的组合。

1. 第 1 步是 .htaccess 安全文件，正如@andylondon 所说，但应该看起来像这样 (added laravel-app before public):

RewriteEngine on

# serve existing files in the /public folder as if they were in /
RewriteCond %{DOCUMENT_ROOT}public%{REQUEST_URI} -f
RewriteRule (.+) /laravel-app/public/ [L]

# route everything else to /public/index.php
RewriteRule ^ /laravel-app/public/index.php [L]

2. 第2步我把laravel-app/public的内容复制到public_html
3. 第 3 步我更新了 public_html/index.php 看起来完全像这样：

<?php

use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;

define('LARAVEL_START', microtime(true));

/*
|--------------------------------------------------------------------------
| Check If The Application Is Under Maintenance
|--------------------------------------------------------------------------
|
| If the application is in maintenance / demo mode via the "down" command
| we will load this file so that any pre-rendered content can be shown
| instead of starting the framework, which could cause an exception.
|
*/

if (file_exists($maintenance = __DIR__.'/store-api-9/storage/framework/maintenance.php')) {
    require $maintenance;
}

/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| this application. We just need to utilize it! We'll simply require it
| into the script here so we don't need to manually load our classes.
|
*/

require __DIR__.'/laravel-app/vendor/autoload.php';

/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request using
| the application's HTTP kernel. Then, we will send the response back
| to this client's browser, allowing them to enjoy our application.
|
*/

$app = require_once __DIR__.'/laravel-app/bootstrap/app.php';

$kernel = $app->make(Kernel::class);

$response = $kernel->handle(
    $request = Request::capture()
)->send();

$kernel->terminate($request, $response);

PS：laravel-app 在我的答案中添加了一个自定义名称，我在其中命名包含我在 public_html 中部署的 Laravel 应用程序的目录并且可以根据每个开发者进行更改。

Answer 4

已在 . Mine blogged in Laravel without public in CPanel - How 中回答。 请确保 .env 不可访问 public.

因此，将 laravel 项目的 .htaccess 文件移动到 /public_html/.htaccess。

<IfModule mod_rewrite.c>

    <IfModule mod_negotiation.c>

        Options -MultiViews

    </IfModule>

 

    RewriteEngine On

 

    # Redirect Trailing Slashes If Not A Folder...

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteCond %{REQUEST_URI} (.+)/$

    RewriteRule ^ %1 [L,R=301]

 

    # Handle Front Controller...

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteRule ^ %your_project_path%/public/index.php [L]

 

    # Handle Authorization Header

    RewriteCond %{HTTP:Authorization} .

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

</IfModule>

%your_project_path% 应替换为实际项目路径。简直像domain/larave-app.