How Do I Deploy a Laravel Application?

This guide outlines professional best practices for deploying a Laravel application. Modern Laravel deployments prioritize performance with FrankenPHP, managed infrastructure through Laravel Cloud, and safe operational workflows that avoid production-breaking mistakes.

Prepare Your Laravel Application

Before deploying, ensure the application is correctly configured for a production environment. These steps should be completed during initial setup or environment provisioning, not on every deployment.

• Environment Configuration: Set APP_ENV=production and APP_DEBUG=false in your production environment variables.
• Application Key: Ensure APP_KEY is securely set in production. The application key must never be regenerated during a standard deployment.

If the production key is missing, generate one locally using:

php artisan key:generate --show

Then securely inject the value into your production environment or secret manager. Regenerating the key in production will invalidate user sessions and break encrypted data.

Optimization: Laravel includes a unified optimization engine. Run the following command during deployment to cache configuration, routes, events, and views:

php artisan optimize

Choose Your Deployment Platform

Laravel applications are commonly deployed using one of the following approaches, depending on scalability and control requirements.

• Laravel Cloud (Recommended): A fully managed, auto-scaling platform with push-to-deploy workflows. It handles SSL certificates, database clusters, and scaling automatically.
• FrankenPHP with a VPS: Running Laravel Octane on FrankenPHP using providers like DigitalOcean or AWS. This is the preferred option for high-performance, low-latency applications.
• Laravel Forge: Ideal for teams that want full control over their VPS while automating Nginx, PHP, and database provisioning.

The Deployment Flow (CLI Checklist)

Once the server and environment variables are prepared, follow this standard deployment sequence.

Pull the latest code:

git pull origin main

Install production dependencies:

composer install --no-dev --optimize-autoloader
npm ci && npm run build

Create the storage symlink (required for public files):

php artisan storage:link

Run database migrations:

php artisan migrate --force

Restart long-running services: Laravel commonly uses persistent workers that must be reloaded to apply new code safely.

• For Octane or FrankenPHP:

php artisan octane:reload

• For queue workers:

php artisan queue:restart

Critical Best Practices

• Native Health Checks: Laravel includes a built-in /up endpoint. Configure load balancers and uptime monitors to use this route so traffic is only sent to healthy instances.
• Automated Backups: Use tools such as spatie/laravel-backup to schedule regular database and storage backups.
• Real-Time Monitoring: Enable Laravel Pulse in production to monitor slow requests, queue throughput, and system health in real time.

Final Security Hardening

Ensure the storage and bootstrap/cache directories are writable by the web server user. In most cases, this is handled automatically by Laravel Cloud or Forge during provisioning.

For manual or custom server setups, permissions should be configured once during provisioning rather than reapplied on every deployment.

Additionally, enforce HTTPS by redirecting all HTTP traffic to HTTPS and enabling HSTS headers in your Nginx or FrankenPHP configuration.