If you have ever installed a PHP application or even Wordpress you probably know that you need to copy and paste the files into the root folder of your website and you are good to go.

Well, Laravel is setup a little different. Laravel has made things more secure by putting all the functionality of the application outside the of the root folder.

First, let's take a look at a basic Laravel folder structure: (folders are bold)

  • app
  • bootstrap
  • config
  • database
  • public
  • resources
  • routes
  • storage
  • tests
  • .env
  • artisan
  • composer.json
  • ... a few more files

All the folders above are not supposed to live in the root directory except for the contents of the public folder, in fact the root directory of your application should be the public folder. This means that your domain should be pointing to this public folder. This will be a bit more clear when I explain what happens when a domain is accessed.

Say that some types in devdojo.com in their browser. The domain name server or (DNS) will direct that domain to my server. When the server detects that someone is requesting access to the website, it then has a lookup of what folder to look into to send a response back to the client. This lookup could be any folder on the server. Take for instance the following folder: /var/www/html/devdojo/. The folder lookup location can be set up through the server or the hosting provider.

If I had setup a Laravel app in my /var/www/html/devdojo/ folder and this is folder my server looks to serve up an index.html or an index.php file, my app would not work because it needs to look in the public folder. So to get my Laravel app working correctly I need to tell the server that it should be serving up files frome the following folder /var/www/html/devdojo/public/ when someone requests access to the website.

By having all the functionality of our application outside the root folder of the website we won't have to worry about a lot of the common vulnerabilities people commonly have on their website. Since all the functionality/files are one folder above the root folder they can never be accessed by the end-user and is only available to the application. Thanks Laravel for the awesome security :)

Problems on a shared hosting provider?

If you are having trouble accessing your laravel application on a shared hosting be sure to checkout this article on 3 different ways to get it working on a shared hosting provider:


Hope this helps you understand the public folder in laravel applications.