The Laravel Droplet ( https://marketplace.digitalocean.com/apps/laravel ) automatically creates a working .env file. This file has the default settings of: APP_ENV=local APP_DEBUG=true This is only acceptable settings for a local environment. In production this is a big security issue for Laravel applications as it is relatively easy to expose key environment variables. Either the .env file should not be automatically generated or the Getting Started instructions should have a callout for inexperienced users to change these settings immediately.