Your .env file is available in public - how to prevent this
Posted: Mon Sep 19, 2022 12:59 pm
Since this can be a big security issue, here are the steps to take in order to prevent exposing .env files to the public:
For a particular domain for which we are going to prevent access to the .env file, check which Proxy Template is active. In this example, let's suppose that would be: 'proxy-pass-docker'
So config files for this nginx template are those two:
We would take the certain line of code from: https://github.com/myvesta/vesta/blob/m ... g.stpl#L29
Particularly this one:
And insert it in those two files previously mentioned above
And the end, rebuild the nginx conf file with this:
Instead of admin, insert your account name
For a particular domain for which we are going to prevent access to the .env file, check which Proxy Template is active. In this example, let's suppose that would be: 'proxy-pass-docker'
So config files for this nginx template are those two:
Code: Select all
/usr/local/vesta/data/templates/web/nginx/proxy-pass-docker.tpl
/usr/local/vesta/data/templates/web/nginx/proxy-pass-docker.stpl
Particularly this one:
Code: Select all
location ~ /\.env {return 404;}
And the end, rebuild the nginx conf file with this:
Code: Select all
v-rebuild-web-domains admin