{"id":466,"date":"2025-08-27T22:34:15","date_gmt":"2025-08-27T22:34:15","guid":{"rendered":"https:\/\/1v0.net\/blog\/?p=466"},"modified":"2025-09-05T11:34:16","modified_gmt":"2025-09-05T11:34:16","slug":"laravel-deployment-checklist-for-2025","status":"publish","type":"post","link":"https:\/\/1v0.net\/blog\/laravel-deployment-checklist-for-2025\/","title":{"rendered":"Laravel Deployment Checklist for 2025"},"content":{"rendered":"\n

Laravel Deployment Checklist for 2025<\/strong><\/h2>\n\n\n\n

Deploying a Laravel 12 application is more than just copying files to a server. A proper deployment process ensures performance, security, and maintainability in production. This checklist will help you avoid common pitfalls and ship your Laravel apps with confidence in 2025.<\/p>\n\n\n\n

<\/div>\n\n\n\n

1 \u2014 Environment Configuration<\/strong><\/h2>\n\n\n# .env (production)\nAPP_ENV=production\nAPP_DEBUG=false\nAPP_URL=https:\/\/yourdomain.com\n\nLOG_CHANNEL=stack\n\nDB_CONNECTION=mysql\nDB_HOST=127.0.0.1\nDB_PORT=3306\nDB_DATABASE=your_database\nDB_USERNAME=your_user\nDB_PASSWORD=your_password\n\n\n

Always disable APP_DEBUG<\/code> in production to avoid exposing sensitive stack traces (see How to Prevent CSRF, XSS, and SQL Injection in Laravel Apps<\/a> for more security tips).<\/p>\n\n\n\n

<\/div>\n\n\n\n

2 \u2014 Cache Config, Routes & Views<\/strong><\/h2>\n\n\n
# Optimize config, routes, and views<\/span>\nphp artisan config:cache\nphp artisan route:cache\nphp artisan view:cache<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n
3 \u2014 Queue & Scheduler Setup<\/strong><\/h2>\n\n\n
# Supervisor config for queue workers (example)<\/span>\n[program:laravel-worker]\nprocess_name=%(program_name)s_%(process_num)02d\ncommand<\/span>=php \/var\/www\/current\/artisan queue:work --sleep=3 --tries=3 --max-time=3600\nautostart=true<\/span>\nautorestart=true<\/span>\nnumprocs=3\nredirect_stderr=true<\/span>\nstdout_logfile=\/var\/www\/current\/storage\/logs\/worker.log<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n
4 \u2014 File Storage & Symbolic Links<\/strong><\/h2>\n\n\n\n
Make sure your storage<\/code> and bootstrap\/cache<\/code> folders are writable. Then link storage\/app\/public<\/code> to public\/storage<\/code>.<\/p>\n\n\n
php artisan storage:link\nsudo chown -R www-data:www-data \/var\/www\/current\/storage \/var\/www\/current\/bootstrap\/cache\nsudo chmod -R 775 \/var\/www\/current\/storage \/var\/www\/current\/bootstrap\/cache<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n
5 \u2014 Database Migration & Seeding<\/strong><\/h2>\n\n\n
# Run migrations in production (force required)<\/span>\nphp artisan migrate --force\n\n# Optionally seed initial data<\/span>\nphp artisan db:seed --force<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n
6 \u2014 Add Security Headers & HTTPS<\/strong><\/h2>\n\n\n\n
Use Nginx to enforce HTTPS and add HTTP security headers.<\/p>\n\n\n
server<\/span> {\n    listen<\/span> 443<\/span> ssl http2;\n    server_name<\/span> your-domain.com;\n\n    ssl_certificate<\/span>     \/etc\/letsencrypt\/live\/your-domain.com\/fullchain.pem;\n    ssl_certificate_key<\/span> \/etc\/letsencrypt\/live\/your-domain.com\/privkey.pem;\n\n    add_header<\/span> X-Frame-Options \"SAMEORIGIN\"<\/span>;\n    add_header<\/span> X-Content-Type-Options \"nosniff\"<\/span>;\n    add_header<\/span> Referrer-Policy \"strict-origin-when-cross-origin\"<\/span>;\n    add_header<\/span> Content-Security-Policy \"default-src 'self'\"<\/span>;\n\n    root<\/span> \/var\/www\/current\/public;\n    index<\/span> index.php index.html;\n}<\/code><\/span>Code language:<\/span> Nginx<\/span> (<\/span>nginx<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n
7 \u2014 Deployment Sanity Check UI<\/strong><\/h2>\n\n\n\n
Add a simple admin-only endpoint to confirm Nginx headers, HTTPS, and storage access are all functioning correctly.<\/p>\n\n\n
\/\/ routes\/web.php<\/span>\nuse<\/span> Illuminate<\/span>\\\\Support<\/span>\\\\Facades<\/span>\\\\Route<\/span>;\n\nRoute::middleware(['auth'<\/span>,'can:viewAdmin'<\/span>])->get('\/admin\/deployment-check'<\/span>, function<\/span> ()<\/span> <\/span>{\n    return<\/span> view('admin.deployment-check'<\/span>, [\n        'phpVersion'<\/span> => phpversion(),\n        'laravelEnv'<\/span> => app()->environment(),\n        'isSecure'<\/span>   => request()->isSecure(),\n        'clientIp'<\/span>   => request()->ip(),\n        'cachePathWritable'<\/span> => is_writable(storage_path('framework\/cache'<\/span>)),\n    ]);\n});<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
This creates a page that shows the PHP version, Laravel environment, whether HTTPS is active, the detected client IP (to confirm real_ip<\/code> works), and whether cache directories are writable. Only admins should have access to this page.<\/p>\n\n\n
<!-- resources\/views\/admin\/deployment-check.blade.php --><\/span>\n@extends('layouts.app')\n@section('content')\n<div<\/span> class<\/span>=\"container\"<\/span>><\/span>\n  <h1<\/span> class<\/span>=\"mb-4\"<\/span>><\/span>Deployment Health Check<\/h1<\/span>><\/span>\n  <ul<\/span> class<\/span>=\"list-group\"<\/span>><\/span>\n    <li<\/span> class<\/span>=\"list-group-item\"<\/span>><\/span><strong<\/span>><\/span>PHP Version:<\/strong<\/span>><\/span> {{ $phpVersion }}<\/li<\/span>><\/span>\n    <li<\/span> class<\/span>=\"list-group-item\"<\/span>><\/span><strong<\/span>><\/span>Environment:<\/strong<\/span>><\/span> {{ $laravelEnv }}<\/li<\/span>><\/span>\n    <li<\/span> class<\/span>=\"list-group-item\"<\/span>><\/span><strong<\/span>><\/span>HTTPS Enabled:<\/strong<\/span>><\/span> {{ $isSecure ? 'Yes' : 'No' }}<\/li<\/span>><\/span>\n    <li<\/span> class<\/span>=\"list-group-item\"<\/span>><\/span><strong<\/span>><\/span>Client IP:<\/strong<\/span>><\/span> {{ $clientIp }}<\/li<\/span>><\/span>\n    <li<\/span> class<\/span>=\"list-group-item\"<\/span>><\/span><strong<\/span>><\/span>Cache Writable:<\/strong<\/span>><\/span> {{ $cachePathWritable ? 'Yes' : 'No' }}<\/li<\/span>><\/span>\n  <\/ul<\/span>><\/span>\n<\/div<\/span>><\/span>\n@endsection<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n
This dashboard view provides instant feedback on whether your Laravel app is healthy and properly configured in production.<\/p>\n\n\n\n
<\/div>\n\n\n\n
Wrapping Up<\/h2>\n\n\n\n
By combining Nginx with Laravel 12, you get a fast and reliable production setup. Key steps include configuring the server block, enabling caching, ensuring HTTPS, tuning PHP-FPM, and monitoring your application. For more advanced scenarios, you can explore containerized setups or automated deployment tools.<\/p>\n\n\n\n
<\/div>\n\n\n\n
What\u2019s Next<\/h2>\n\n\n\n
Certificates can be managed with Let\u2019s Encrypt for free. If you\u2019re using AWS or DigitalOcean, see How to Deploy a Laravel 12 App on DigitalOcean<\/a> or Deploying Laravel on AWS: Complete Guide (2025)<\/a> for infrastructure-specific instructions.<\/p>\n\n\n\n
Always run migrations with --force<\/code> in production to apply schema changes without prompts. If you\u2019re working with multi-tenant setups, also see Building a Multi-Tenant App in Laravel with Separate Databases<\/a> for tenant-specific migrations.<\/p>\n\n\n\n
This ensures user uploads (like images or documents) are accessible through the web server. For a deep dive into secure file handling, check How to Prevent CSRF, XSS, and SQL Injection in Laravel Apps<\/a> and How to Build a Secure File Upload API in Laravel<\/a>.<\/p>\n\n\n\n
Queue workers should always be monitored by a process manager like Supervisor. This ensures failed jobs can be retried and workers restart if they crash. For more advanced queue monitoring, see How to Use Laravel Horizon for Queue Monitoring<\/a>.<\/p>\n\n\n\n
This ensures Laravel loads configuration, routes, and views directly from cached files, reducing filesystem lookups. Learn more in 10 Proven Ways to Optimize Laravel for High Traffic<\/a>.<\/p>\n\n\n\n