Skip to main content
This guide walks you through the ten steps required to get Tripfy Africa running on a production server. Follow the steps in order — some steps depend on the previous one completing successfully.

Prerequisites

Before you start, make sure your server meets these requirements:
RequirementMinimum
PHP8.1+
MySQL8.0+
ComposerLatest stable
Node.js16.x+ (for asset builds if needed)
SSL certificateRequired for production

Installation steps

1

Upload files to your server

Upload your entire project to the hosting server. Set the web server document root to point at the public/ folder — not the project root.
document root → /path/to/tripfy.africa/public/
If your document root points to the project root instead of public/, sensitive files such as .env will be publicly accessible.
2

Configure your .env file

Copy the provided .env file to your project root and update the values below for your live server.
cp .env.example .env

# Core application
APP_NAME="Tripfy Africa"
APP_ENV=production
APP_DEBUG=false
APP_URL=https://tripfy.africa
APP_TIMEZONE=Africa/Addis_Ababa

# Database
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=your_database_name
DB_USERNAME=your_db_user
DB_PASSWORD=your_db_password

# Mail
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=your_smtp_username
MAIL_PASSWORD=your_smtp_password
MAIL_FROM_ADDRESS=[email protected]
MAIL_FROM_NAME="Tripfy Africa"

# Cache / queue / session
CACHE_DRIVER=file
QUEUE_CONNECTION=database
SESSION_DRIVER=file
SESSION_LIFETIME=120

# File storage
FILESYSTEM_DISK=local

# Push notifications (Firebase)
FIREBASE_SERVER_KEY=your_key
FIREBASE_VAPID_KEY=your_key

# SMS (choose one provider)
SMS_METHOD=twilio
TWILIO_ACCOUNT_SID=your_sid
TWILIO_AUTH_TOKEN=your_token
TWILIO_PHONE_NUMBER=+1xxxxxxxxxx

# reCAPTCHA
GOOGLE_RECAPTCHA_SITE_KEY=your_key
GOOGLE_RECAPTCHA_SECRET_KEY=your_secret
Set APP_DEBUG=false in production. Leaving it true exposes stack traces and environment variables to the browser.
3

Import the database SQL file

Import the provided tripfy_africa.sql dump into your MySQL database:
mysql -u root -p your_database_name < tripfy_africa.sql
This imports the base schema, seed data, and all initial configuration rows.
4

Run migrations

Apply any pending migrations on top of the imported SQL. This step adds notification templates and applies the Tripfy Africa fixes:
php artisan migrate
The migration 2026_01_01_000001_tripfy_africa_fixes.php inserts the NEW_BOOKING_RECEIVED, BOOKING_ACCEPTED, BOOKING_REJECTED, and TOUR_COMPLETED notification templates, and patches any old domain references left in content_details and basic_controls.
5

Install PHP dependencies

composer install --optimize-autoloader --no-dev
If APP_KEY in your .env is empty, generate one now:
php artisan key:generate
Only run key:generate if APP_KEY is blank. Running it on an existing installation with active sessions will invalidate all session tokens and encrypted values.
6

Copy the modified files

Replace these files in your project with the versions from the release ZIP. These files contain security patches, bug fixes, and Tripfy Africa branding.Controllers (app/Http/Controllers/)
FileChange
CheckoutController.phpSecurity fixes, booking ownership checks
User/BookingController.phpBug fix; sends booking email to guide
User/ReviewController.phpCorrected rating formula
Admin/BasicControlController.phpLive colour picker + dynamic CSS generation
Routes
FileChange
routes/web.phpHTTP method fixes, security patches
routes/admin.phpRemoved dangerous /trans route; protected utility routes behind admin auth
Views (resources/views/)
FileChange
themes/adventra/layouts/app.blade.phpLoads dynamic colours + Tripfy CSS
themes/adventra/layouts/user.blade.phpDashboard with Tripfy theme
themes/adventra/partials/header.blade.phpNew header with theme toggle
themes/adventra/partials/pwa.blade.phpRebranded PWA popup
themes/adventra/frontend/package/list.blade.phpNew card grid
themes/adventra/frontend/checkout/userInfo.blade.phpStep-based checkout
admin/layouts/app.blade.phpAdmin panel with Tripfy branding
admin/control_panel/basic_control.blade.phpColour pickers with live preview
Assets (public/assets/)
FileNotes
themes/adventra/css/tripfy.cssFull light + dark theme system
themes/adventra/js/tripfy.jsTheme toggle, scroll reveal, interactions
admin/css/tripfy-admin.cssAdmin panel branding
Seeders (database/seeders/)
FileNotes
AdminSeeder.phpCreates [email protected]
BasicControlSeeder.phpSets sender email to [email protected]
NotificationSeeder.phpUpdates all email templates to @tripfy.africa addresses
7

Generate the dynamic CSS

Run this once after deployment so the frontend picks up your brand colours from the database:
php artisan tinker
>>> app(\App\Http\Controllers\Admin\BasicControlController::class)->generateDynamicCssPublic();
Alternatively, log in to the admin panel, navigate to Settings → Basic Control, and click Save. Saving the form regenerates the CSS automatically.
8

Set file permissions

chmod -R 775 storage/ bootstrap/cache/
chown -R www-data:www-data storage/ bootstrap/cache/
The storage/ and bootstrap/cache/ directories must be writable by the web server user. If your server runs PHP under a different user (e.g. nginx or apache), replace www-data accordingly.
9

Optimise for production

php artisan optimize
php artisan config:cache
php artisan route:cache
php artisan view:cache
These commands compile and cache your configuration, routes, and Blade views for faster cold-start performance.
After running config:cache, changes to .env will not take effect until you run php artisan config:clear followed by php artisan config:cache again.
10

Set up the cron job

Add the Laravel scheduler to your server’s crontab. Run crontab -e and add:
* * * * * cd /path/to/tripfy.africa && php artisan schedule:run >> /dev/null 2>&1
Replace /path/to/tripfy.africa with the absolute path to your project root. The scheduler runs every minute and dispatches any due background jobs (booking reminders, plan expiry checks, etc.).

Admin panel access

After deployment, access the admin panel at: 
https://tripfy.africa/admin
CredentialValue
Email[email protected]
PasswordSet during initial setup or check database/seeders/AdminSeeder.php
From the admin panel you can manage:
  • Basic Control — site title, currency, primary and secondary colours (with live preview), maintenance mode
  • Appearance — home page layout, tour listing variation, page themes
  • Content — hero section, destinations, about page, footer, all page sections
  • KYC Management — approve or reject guide identity verifications
  • Packages — review, approve, hold, or reject tour packages
  • Bookings — view all bookings across all guides
  • Users — manage traveler and guide accounts
  • Notification Templates — edit email, SMS, and push notification bodies
  • Payment Gateways — configure all payment methods
  • Email / SMS config — SMTP, Twilio, Infobip, and other provider settings
  • Blog — full blog management
  • Languages — add locales and edit translation keys

Security fixes applied

The following vulnerabilities were patched in this release. Review these if you are upgrading from an earlier version.
If you are running an older build, apply the patched routes/web.php, routes/admin.php, and controller files from Step 6 before going live.
  1. Dangerous /trans route removed — this route was modifying database content without authentication.
  2. /queue-work and /schedule-run moved behind admin auth — previously accessible without login.
  3. accept-booking changed GET → POST — prevents CSRF exploitation via crafted URLs.
  4. coupon/check changed GET → POST — prevents coupon codes appearing in server access logs.
  5. date/update changed Route::any() → POST only — limits HTTP method surface.
  6. All booking operations scoped to authenticated user — prevents insecure direct object reference (IDOR) attacks.
  7. Booking ownership verified before accept / reject / complete / refund — a guide can no longer act on another guide’s bookings.
  8. Mass assignment risk reduced in Booking model$fillable tightened.

Domain references fixed

All old test domains have been replaced with https://tripfy.africa in configuration, seeders, and content:
Old valueReplaced with
touriety.bugfinder.apphttps://tripfy.africa
trip-vendor.bugfinder.apphttps://tripfy.africa
touriety.binaryvines.comhttps://tripfy.africa
[email protected][email protected]
[email protected][email protected]
APP_URL=http://localhosthttps://tripfy.africa

Build docs developers (and LLMs) love

Get started for freeTalk to us