[self writeBlog];

Setup Git Push To Securly Update Your Website

I have recently reported about my new website and the workflow I am using. More specifically about Hugo and GitHub pages.

One task GitHub Pages solves perfectly is the need to publish changes. GitHub Pages does that automatically for you, which is one reason I chose it in first place. Due to the limitations on https with custom domains though, I decided to self host my HTML pages once more.

And so I changed my setup once again. I didn’t fully drop GitHub Pages, but I redirect the GitHub Pages site to https://iflorian.com through their CNAME option under GitHub Pages -> Settings and I serve the same content just from there.

Now this brings back exactly the problem I just said GitHub Pages would solve, so I have to solve this problem myself.

The Easy Path

The easiest path I could choose would be to directly push into the publishing folder of my webserver by adding the remote repo as a git remote and push to it. If there wouldn’t be this one problem …

I recently read this article “Don’t publicly expose .git or how we downloaded your website’s sourcecode - An analysis of Alexa’s 1M” on Internetwache.org that nicely shows an issue that is often overlooked when having your website under version control.

While my website is publicly available on my GitHub account including the git history, you normally wouldn’t want to expose that in case of a normal homepage setup - and after all, if we don’t need to, why would we expose our git data on a website?

This is when I found this great writing on this topic: How To Set Up Automatic Deployment with Git with a VPS

It has two small minor errors, which is why I want to quickly show how to do the same thing and fix what I just mentioned.

Pushing Website Updates via Git

First you want to clone your repo somewhere safe on your server:

git clone https://github.com/caffeineflo/repo.git

Next, you want to configure git hooks to checkout your HTML files to the directory your webserver is serving:

cd /path/repo/.git/hooks/
vi post-receive

Now you’ve opened the post-receive hook, the script you put in here will be executed post receiving a push:

#!/bin/sh
git --work-tree=/path/www --git-dir=/path/repo/.git checkout -f

The path you put in under the –work-tree parameter is your webserver directory and the –git-dir parameter needs to point to the .git directory where you checked out your website.

Pro Tip: You could only do a flat/bare clone when initially cloning the repo as you don’t need your repo in two places.

Make the script executable:

chmod +x post-receive

You’re free to exit your remote machine now.

On the local side of things you only need to add your remote now. Depending on what type of connection you use with your remote end you need to adjust this. In your local repo directory, add the remote:

git remote add iflorian.com ssh://iflorian/path/repo

If you now push your code from your local end to the newly added remote end:

git push iflorian.com master

Your remote end will receive the push, run the post-receive hook and update your webserver.

While I admit that this solution needs a bit of setup and is therefore more complex than the initial GitHub Pages approach, I think it’s a great and safe way to remote update your webserver!

Congrats! You’ve made it!