Your .env file is available in public - how to prevent this

Post Reply
User avatar
isscbta
Posts: 39
Joined: Mon Jul 19, 2021 1:41 am

Since this can be a big security issue, here are the steps to take in order to prevent exposing .env files to the public:

For a particular domain for which we are going to prevent access to the .env file, check which Proxy Template is active. In this example, let's suppose that would be: 'proxy-pass-docker'
image.png
image.png (52.62 KiB) Viewed 119 times
So config files for this nginx template are those two:

Code: Select all

/usr/local/vesta/data/templates/web/nginx/proxy-pass-docker.tpl
/usr/local/vesta/data/templates/web/nginx/proxy-pass-docker.stpl
We would take the certain line of code from: https://github.com/myvesta/vesta/blob/m ... g.stpl#L29
Particularly this one:

Code: Select all

location ~ /\.env {return 404;}
And insert it in those two files previously mentioned above

And the end, rebuild the nginx conf file with this:

Code: Select all

v-rebuild-web-domains admin
Instead of admin, insert your account name

Tags:
Post Reply