Your .env file is available in public - how to prevent this

Post Reply
User avatar
Posts: 34
Joined: Mon Jul 19, 2021 1:41 am

Since this can be a big security issue, here are the steps to take in order to prevent exposing .env files to the public:

For a particular domain for which we are going to prevent access to the .env file, check which Proxy Template is active. In this example, let's suppose that would be: 'proxy-pass-docker'
image.png (52.62 KiB) Viewed 31 times
So config files for this nginx template are those two:

Code: Select all

We would take the certain line of code from: ... g.stpl#L29
Particularly this one:

Code: Select all

location ~ /\.env {return 404;}
And insert it in those two files previously mentioned above

And the end, rebuild the nginx conf file with this:

Code: Select all

v-rebuild-web-domains admin
Instead of admin, insert your account name

Post Reply