Deploying a PHP application on Linux hosting is a routine task, but the best workflow depends on your stack, access method, and release process. In a managed hosting or control panel environment such as Plesk, deployment usually combines file upload, Git-based release, database updates, and permissions management. A reliable process helps reduce downtime, avoid broken dependencies, and keep your production environment consistent.
This guide explains how to deploy a PHP application on Linux hosting step by step, with practical tips for shared hosting, VPS, and managed hosting environments. It also covers common deployment methods, file permissions, Composer dependencies, environment configuration, database migrations, and basic troubleshooting.
Choose the Right Deployment Method
Before you upload files or connect Git, identify the deployment method that matches your hosting setup. The safest approach depends on whether you have control panel access, SSH access, or a fully managed environment.
Manual file upload
Manual deployment works well for small PHP sites, simple applications, and first-time setup. You upload files through SFTP, FTP, or a file manager in your hosting control panel. This method is straightforward, but it becomes harder to maintain when the application grows or when updates need to be repeatable.
Git-based deployment
Git deployment is the preferred choice for teams and applications that change frequently. On Linux hosting with SSH or Plesk Git integration, you can pull code from a repository into a deployment directory. This makes it easier to track versions, roll back changes, and deploy updates consistently.
Automated deployment
Some hosting platforms support deployment scripts, CI/CD pipelines, or webhooks. In a more advanced setup, you can push code from GitHub, GitLab, or Bitbucket into staging or production. Automation is useful for reducing manual errors, especially when the application requires Composer installs, cache clearing, or database migrations after each release.
Prepare the Linux Hosting Environment
A stable deployment starts with a correctly configured hosting environment. PHP applications on Linux hosting usually depend on the right PHP version, writable directories, database access, and web server configuration. If you are using Plesk, many of these options are available from the domain’s hosting settings.
Check PHP version and extensions
Confirm that the hosting plan supports the PHP version required by your application. Modern PHP frameworks often need PHP 8.1, 8.2, or newer, along with extensions such as mbstring, curl, json, intl, mysqli, pdo_mysql, and openssl. If your application uses image handling, XML, or caching, verify those modules as well.
Set the document root correctly
Most PHP applications should expose only the public web directory, such as public or public_html. In frameworks like Laravel or Symfony, the web root should usually point to the public folder, not the project root. In Plesk, you can often change the document root from the domain settings.
Configure database access
Make sure the hosting environment has a database user with the correct privileges. Record the database host, database name, username, and password. If the application uses an external database server, confirm firewall rules and remote access permissions before deployment.
Review storage and file permissions
Linux hosting environments are sensitive to ownership and permissions. PHP should be able to write only where necessary, usually to directories like storage, cache, logs, or uploads. Avoid making the entire application writable. Excessive permissions can create security risks and make troubleshooting harder.
Upload the PHP Application Files
After the environment is ready, deploy the application code to the target hosting account. The best file transfer method depends on your access level and the size of the project.
Use SFTP instead of plain FTP when possible
SFTP encrypts the connection and is the recommended option for production deployments. It protects credentials and file contents during transfer. On many Linux hosting plans, SFTP is available as part of the SSH account or hosting login configuration.
Upload the correct directory structure
Upload the full application structure, including source files, configuration templates, public assets, and dependency manifests such as composer.json. If you are deploying a framework-based application, preserve the folder layout expected by the runtime. A missing directory or renamed path can break routing, autoloading, or asset loading.
Avoid uploading unnecessary local files
Do not upload development-only files such as local IDE metadata, cache directories, build artifacts, or large unused backups. If your application uses a .git directory for deployment, keep it only if your hosting workflow requires it. Otherwise, exclude it from public access and production content.
Set Up the Application Configuration
Most PHP applications rely on environment-specific configuration. This is one of the most important parts of deploying to Linux hosting because production settings should not be identical to local development settings.
Create or update environment variables
Applications commonly use a .env file or server environment variables for database settings, mail credentials, API keys, and debug flags. For production, set debug mode to off and use production URLs, cache settings, and secret keys. If you are using Plesk, environment variables may be managed through application settings, hosting settings, or manually through configuration files.
Separate development and production values
Never reuse local credentials in production. Use a dedicated database, unique API keys, and production mail settings. This separation reduces the risk of accidental data loss and makes it easier to identify issues in staging before promoting a release to live traffic.
Protect sensitive files
Configuration files with passwords or private keys should not be publicly accessible. Keep sensitive files outside the web root when possible. If a file must remain inside the project directory, configure the web server to deny access to it.
Install Dependencies with Composer
Many PHP applications use Composer for dependency management. On Linux hosting, Composer is usually run through SSH or, in some control panels, through the built-in terminal or deployment script.
Run Composer in production mode
For production deployment, install dependencies without development packages whenever appropriate. This keeps the application lean and reduces the number of unnecessary libraries on live hosting. Typical production deployments use optimized autoloading and no-dev installation options.
Check Composer compatibility
Verify that the hosting server has a compatible PHP version for all packages in your dependency tree. A package that works locally on PHP 8.3 may fail on a server running PHP 8.0. If possible, align the local and hosting PHP versions before deployment.
Use SSH for faster and safer dependency installation
Uploading the vendor directory manually is rarely ideal. It can be large, slow to transfer, and easy to corrupt. Installing dependencies on the server through SSH or deployment hooks usually provides a cleaner release process.
Configure the Web Server for the Application
PHP applications often need rewrite rules or web server configuration to function correctly. On Linux hosting, this is usually handled by Apache, Nginx, or an Apache + Nginx reverse proxy setup.
Set rewrite rules
Frameworks such as Laravel, Symfony, and WordPress often require URL rewriting so that clean URLs route to the front controller or correct script. If your hosting uses Apache, rules are typically placed in .htaccess. If Nginx is involved, rules may need to be added in the domain’s configuration or through the hosting panel.
Confirm the index file and routing entry point
Make sure the server knows which file should handle requests. In many PHP applications, this is index.php in the public directory. Incorrect document root or missing rewrite support can cause 404 errors, blank pages, or download prompts instead of execution.
Enable HTTPS before going live
Deploying over HTTPS is essential for secure login forms, API endpoints, and user sessions. On managed hosting platforms, SSL certificates can often be installed from the control panel. Once the certificate is active, verify redirects from HTTP to HTTPS and test the site after the switch.
Run Database Migrations and Seed Data
If your PHP application uses a database schema, deployment usually includes migrations. This step should be handled carefully because it can affect live data.
Back up before applying schema changes
Always create a database backup before running migrations in production. Even well-tested schema changes can fail because of incompatible data, missing indexes, or timeouts. A recent backup gives you a rollback path if something goes wrong.
Apply migrations during a low-traffic window
If migrations lock tables or modify large datasets, schedule them during off-peak hours. For smaller applications, the process may be fast enough to run during a standard update window. For larger systems, consider staging validation before production release.
Verify the application still connects to the database
After migration, test the application’s login, main pages, and any forms or API endpoints that use the database. A successful migration does not always mean the app is fully functional.
Use a Staging Environment for Safer Releases
A staging environment is highly recommended for hosting deployment workflows. It lets you test updates in an environment that mirrors production as closely as possible before deploying to the live site.
What staging should match
Ideally, staging should use the same PHP version, extensions, database engine, file permissions, and server configuration as production. If your hosting platform supports separate staging subscriptions or additional domains in Plesk, use them to test release changes before going live.
Test the full deployment flow
Do not stop at code validation. Test login, forms, file uploads, third-party integrations, scheduled tasks, and email delivery. A deployment that looks correct on the homepage can still fail in background jobs or admin functions.
Promote the same release to production
When staging passes checks, deploy the same tagged release or commit to production. This reduces drift between environments and helps you identify whether issues come from the code or from the hosting configuration.
Optimize File Permissions and Ownership
Linux file permissions are a common source of deployment problems. Correct ownership and access settings help the web server read application files and write only where necessary.
Use restrictive permissions by default
Application files should generally be readable by the web server but not world-writable. Writable folders should be limited to the directories that actually need write access, such as cache, logs, temp files, or user uploads.
Fix ownership issues after upload
If files are uploaded under the wrong system user, PHP may be unable to read or write them correctly. This can happen after manual transfers, server migrations, or mixed SSH and panel-based deployment. In managed hosting environments, ownership can often be adjusted through the control panel or support tools.
Protect executable and sensitive areas
Do not leave deployment scripts, backups, or environment files accessible from the browser. Use server-side restrictions where needed, especially for private keys, maintenance scripts, and admin-only resources.
Clear Cache and Verify the Release
After deployment, your application may still use old cached files, compiled templates, or opcode cache entries. Clearing these components is part of a proper Linux hosting release workflow.
Clear framework cache
Many PHP frameworks build caches for routes, configuration, views, or compiled classes. Clear or rebuild these caches after updating environment values or deploying a new version. Otherwise, the application may continue to use outdated configuration.
Restart PHP if needed
If your hosting setup uses PHP-FPM or a similar process manager, a restart may help apply updated code, config, or extension changes. In a managed platform, this may be handled automatically or through a control panel option.
Run a post-deployment checklist
Verify the homepage, critical pages, admin login, file uploads, cron tasks, API routes, and email sending. Check server logs for warnings or fatal errors. If possible, test from both desktop and mobile to make sure caching or asset loading is working as expected.
Deploy with Git on Linux Hosting
Git-based deployment is one of the most efficient methods for PHP applications on Linux hosting. It supports version tracking, repeatable releases, and easier collaboration.
Typical Git deployment workflow
A common workflow is to push code to a remote repository, pull the tagged release into the hosting account, install dependencies, run migrations, and clear caches. Some setups use a release directory and a symlink to switch traffic atomically.
Use branches carefully
Keep production on a stable branch or tagged release. Use a separate branch for staging or testing. Avoid deploying unfinished development branches to live hosting unless you have a very controlled release process.
Automate safe release steps
Deployment scripts can run Composer, update static assets, clear cache, and execute migration commands. Keep scripts idempotent and easy to review so you can diagnose problems if the release fails.
Common Problems After Deployment
Even a well-prepared release can fail due to environmental differences, missing configuration, or permission issues. These are some of the most common deployment problems on Linux hosting.
Blank page or 500 error
This usually indicates a PHP fatal error, missing extension, incorrect permissions, or a problem in .htaccess or server configuration. Check application and server logs first. In Plesk, logs are often available from the domain’s log section or file manager.
Permission denied errors
These are often caused by incorrect ownership or missing write access for cache and upload directories. Review the user under which PHP runs and confirm that writable folders are accessible.
Missing vendor directory
If the application depends on Composer, a missing or incomplete vendor directory can break autoloading. Reinstall dependencies on the server and confirm that the deployment process includes this step every time.
404 errors on clean URLs
Rewrite rules may be missing, disabled, or placed in the wrong directory. Verify the document root and rewrite configuration. If you are using a control panel, confirm that the application is placed in the correct hosting path.
Database connection failures
Check the credentials, database host, firewall settings, and database user privileges. A connection may work locally but fail on hosting if the server name or authentication method differs.
Best Practices for Production Deployment
A good deployment process is repeatable, documented, and safe. The following practices improve reliability on Linux hosting, especially for PHP applications with regular updates.
- Use Git or another version control system for all production code.
- Keep production and staging environments separate.
- Back up files and databases before each release.
- Deploy over SFTP or SSH instead of plain FTP.
- Install Composer dependencies on the server or in a build pipeline.
- Keep sensitive configuration out of public web paths.
- Test PHP version compatibility before updating the server stack.
- Review logs after every deployment.
- Use HTTPS and verify redirects after launch.
- Document rollback steps for failed releases.
FAQ
Can I deploy a PHP application on shared Linux hosting?
Yes. Many PHP applications run well on shared Linux hosting if the plan supports the required PHP version, extensions, and file permissions. For more complex deployments, SSH or a control panel like Plesk makes the process easier.
Should I upload the vendor folder with Composer dependencies?
In most cases, it is better to install dependencies on the server using Composer. Uploading the vendor folder can work for small sites, but it is less reliable and harder to maintain across updates.
What is the best document root for Laravel or similar frameworks?
The document root should usually point to the public directory, not the project root. This helps protect application files and ensures that only public assets and the front controller are exposed.
Do I need a staging environment?
Staging is strongly recommended, especially if your application uses a database, third-party APIs, or frequent updates. It reduces the risk of breaking the live site and makes testing much safer.
Why does my site show a 500 error after deployment?
A 500 error often means there is a server-side problem such as a PHP fatal error, a bad rewrite rule, a missing dependency, or a permissions issue. Check logs first, then verify PHP version, configuration, and file ownership.
How do I deploy updates without downtime?
For small sites, downtime can be minimized by uploading files during low traffic periods. For more advanced setups, use a release directory with atomic symlink switching, so the new version becomes active only after all files and dependencies are ready.
Conclusion
Deploying a PHP application on Linux hosting is most reliable when you combine the right environment, a clear release process, and good configuration discipline. Whether you use manual upload, Git, or automated deployment, the core steps remain the same: prepare the server, place the files correctly, configure environment values, install dependencies, apply database changes, and verify the release.
In a hosting company or managed hosting context, tools like Plesk can simplify several of these tasks, especially for document root settings, SSL, Git integration, and file management. Still, the best results come from a consistent deployment workflow with staging, backups, and post-release checks. That approach keeps your PHP application stable, secure, and easier to maintain as it grows.