How to Deploy Laravel on VPS (Complete Guide with Security & Performance Tips)

Deploying a Laravel application on a VPS can be intimidating if you're not a DevOps expert. But with the right steps, you can have a production‑ready, secure, and performant Laravel environment in under an hour. This guide walks you through everything — from choosing a VPS provider to advanced security hardening and performance tweaks.

Why Deploy Laravel on a VPS?

While Platform‑as‑a‑Service (PaaS) options like Laravel Forge or DigitalOcean App Platform simplify deployment, a VPS gives you full control, lower long‑term costs, and deeper customization. The trade‑off is you're responsible for security and maintenance. This guide ensures you get it right the first time.

Prerequisites

• A VPS (Ubuntu 20.04/22.04 recommended) with at least 1 GB RAM
• SSH access (root or sudo user)
• Domain name pointed to your VPS IP (for SSL)
• Basic familiarity with Linux command line

Step 1: Choose a VPS Provider

Popular options include DigitalOcean, Linode, Vultr, and AWS EC2. For this tutorial, we'll assume you have an Ubuntu 22.04 server with a public IP.

Step 2: Initial Server Setup

# Update package lists
sudo apt update
sudo apt upgrade -y

# Create a non‑root user
adduser deploy
usermod -aG sudo deploy
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy

Disable root SSH login and change SSH port for better security (edit /etc/ssh/sshd_config).

Step 3: Install LEMP Stack

LEMP = Linux, Nginx, MySQL, PHP.

# Install Nginx
sudo apt install nginx -y

# Install MySQL
sudo apt install mysql-server -y
sudo mysql_secure_installation

# Install PHP 8.1 with extensions
sudo apt install php8.1-fpm php8.1-cli php8.1-mysql php8.1-mbstring php8.1-xml php8.1-bcmath php8.1-curl php8.1-zip -y

# Install Composer
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

Verify PHP‑FPM is running: systemctl status php8.1-fpm.

Step 4: Configure Laravel Environment

# Clone your Laravel project (or create fresh)
cd /var/www
sudo git clone https://github.com/your-repo/your-app.git
sudo chown -R deploy:www-data your-app
sudo chmod -R 775 your-app/storage your-app/bootstrap/cache

# Copy .env.example to .env and set database credentials
cd your-app
cp .env.example .env
nano .env

Generate application key: php artisan key:generate.

Step 5: Nginx Configuration

Create a new site configuration:

sudo nano /etc/nginx/sites-available/your-app

Basic config:

server {
    listen 80;
    server_name your-domain.com;
    root /var/www/your-app/public;

    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

Enable the site: sudo ln -s /etc/nginx/sites-available/your-app /etc/nginx/sites-enabled/ and test with sudo nginx -t.

Step 6: SSL with Let's Encrypt

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d your-domain.com -d www.your-domain.com

Automate renewal: sudo certbot renew --dry-run.

Step 7: Security Hardening

• Firewall: sudo ufw allow 'Nginx Full' && sudo ufw allow OpenSSH && sudo ufw enable
• Fail2ban: sudo apt install fail2ban -y
• Disable unnecessary services (e.g., Apache if not used)
• Regular updates: Set up unattended‑upgrades

Step 8: Performance Optimizations

• Enable OPcache in /etc/php/8.1/fpm/php.ini (set opcache.enable=1)
• Configure Redis for caching and session driver
• Set up queue workers with Supervisor
• Enable Nginx gzip compression and caching

Step 9: Monitoring & Logging

Install and configure Grafana + Prometheus for metrics, or use simpler tools like htop and logrotate.

Conclusion

Deploying Laravel on a VPS is a skill that pays dividends in control, cost savings, and performance. By following this guide, you've not only launched your application but also secured and optimized it for production traffic. Remember to keep your server updated, monitor logs, and back up your database regularly.

Need help? Check the official Laravel documentation or community forums.