{danger.fa-lock} Always point your document root to the
public/directory — never the project root. Exposing.env,app/, ordatabase/files is a critical security risk.
Create /etc/nginx/sites-available/slotara:
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/slotara/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
}
location ~ /\.(?!well-known).* {
deny all;
}
}Enable and reload:
ln -s /etc/nginx/sites-available/slotara /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginxAdd HTTPS with Let's Encrypt (free):
apt install certbot python3-certbot-nginx
certbot --nginx -d yourdomain.com -d www.yourdomain.comCertbot auto-renews the certificate and updates your Nginx config.
Create /etc/apache2/sites-available/slotara.conf:
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/slotara/public
<Directory /var/www/slotara/public>
AllowOverride All
Require all granted
Options -Indexes
</Directory>
ErrorLog ${APACHE_LOG_DIR}/slotara-error.log
CustomLog ${APACHE_LOG_DIR}/slotara-access.log combined
</VirtualHost>a2ensite slotara.conf
a2enmod rewrite headers
systemctl reload apache2The project includes a public/.htaccess file that handles URL rewriting. Ensure AllowOverride All is set or Laravel routes won't work.
{warning.fa-exclamation-triangle} If you see
404 Not Foundon all routes except/,mod_rewriteis not enabled orAllowOverride Allis missing from your Apache config.
cPanel doesn't let you change the document root, so you need to restructure the files:
Step 1 — Upload project files:
public_html/ ← contents of slotara/public/ go here
slotara_app/ ← everything else goes here (outside public_html)
├── app/
├── bootstrap/
├── config/
├── database/
├── vendor/
└── ...Step 2 — Edit public_html/index.php:
<?php
use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;
define('LARAVEL_START', microtime(true));
// Change both paths to point to your app folder
require __DIR__.'/../slotara_app/vendor/autoload.php';
$app = require_once __DIR__.'/../slotara_app/bootstrap/app.php';
$kernel = $app->make(Kernel::class);
$response = $kernel->handle(
$request = Request::capture()
)->send();
$kernel->terminate($request, $response);Step 3 — Edit public_html/.htaccess:
No changes needed — the existing .htaccess handles rewriting.
{primary.fa-info-circle} Also update
APP_ROOTin your.envto point to theslotara_app/folder if path helpers behave unexpectedly.
All emails are sent via the queue. Without a running worker, they pile up and never send.
Install Supervisor:
apt install supervisorCreate /etc/supervisor/conf.d/slotara-worker.conf:
[program:slotara-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/slotara/artisan queue:work --sleep=3 --tries=3 --max-time=3600
autostart=true
autorestart=true
user=www-data
numprocs=1
redirect_stderr=true
stdout_logfile=/var/www/slotara/storage/logs/worker.log
stopwaitsecs=3600Start the worker:
supervisorctl reread
supervisorctl update
supervisorctl start slotara-worker:*Check status:
supervisorctl status{primary.fa-refresh} After each deployment, run
supervisorctl restart slotara-worker:*to reload new code into the worker process.
Slotara uses Laravel's task scheduler for reminder emails. Add one cron entry to run the scheduler every minute:
crontab -eAdd this line:
* * * * * cd /var/www/slotara && php artisan schedule:run >> /dev/null 2>&1On cPanel, add a cron job via Cron Jobs in the control panel with the same command.
Without the cron job, booking reminders will not run.