Connect Your Website to a GitHub Repo with SSH Keys
Connect Your Website to a GitHub Repo with SSH KeysLearn how to connect a repository on github.gatech.edu to a virtual host on a server (examples given for a RHEL7 server, but similar will work IF using at least OpenSSH version 5 or higher on your server).
Make SSH Keys on Server
- On your server, become the superuser (
sudo su
). - Create a folder in which to store SSH keys (
mkdir /var/www/.ssh
). - Create an SSH key pair on your server in that .ssh directory (
ssh-keygen -b 2048 -t rsa
), and name the key for the virtual host (example: /var/www/.ssh/mysite). - Create a config file (
touch /var/www/.ssh/config
) and add this code inside it:# mysite.gt Host mysite HostName github.gatech.edu PreferredAuthentications publickey IdentityFile /var/www/.ssh/mysite
- Change the .ssh folder permissions (
chmod 700 /var/www/.ssh
). - Change the .ssh folder ownership for use by apache (
chown -R apache:apache /var/www/.ssh
). - Change ownership of the already-existing vhost's folder for use by apache (
chown -R apache:apache /var/www/vhosts/
mysite.gatech.edu
). - Copy the contents of the public key into your Text Editor of choice (
cat /var/www/.ssh/
mysite.pub
).
Add Deploy Key on Github
- Create your private repo on github.gatech.edu, under the appropriate departmental Team. Do not add any files (not even a README).
- Within your repo, click the Settings tab.
- Choose "Deploy keys" in the left side menu, and click on "Add deploy key"
- Give a descriptive title, like "Mysite server public key".
- Paste the public key you copied from your server into the "Key" area.
- If this is your initial copying of the repo from the server TO github, check "Allow write access", so that you can push to this github repo from your server.
- If you already have the initial copy of your files pulled from the server, you need to delete the old key and make a new one that does NOT allow write access (to improve the security setup).
- Click "Add key".
Connect your Server to Github
- Make sure git is running (
git --version
). - Become the apache user (
su -s /bin/bash - apache
). - You probably need to symlink the .ssh directory for the apache user, so that known_hosts is saved in the correct place.
- As the apache user, change to the home directory (
cd ~
) - Find where that home directory is located (
pwd
) - Make a symlink from your recently-created .ssh folder to apache's home directory location (
ln -s /var/www/.ssh /path/to/apache/home/.ssh
).
- As the apache user, change to the home directory (
Existing Server Repository
If this vhost on your server already has a git repo initialized, follow these steps:
- Change to your vhost's folder (
cd /var/www/vhosts/mysite.cc.gatech.edu
). - Use ssh not http to add the github repo as its origin, including the "Host" you created in the .ssh/config file as the url so that the server uses the correct ssh key to connect (
git remote add origin git@mysite:My-Dept/mysite.git
). - Push your server's repo to github (
git push -u origin master
). - Check the repo on github to make sure you see the commits from your server.
New Server Repository
If this vhost on your server does not yet have a git repo initialized, follow these steps:
- Change to the directory above your vhost (
cd /var/www/vhosts
). - Use ssh not http to copy the repo from github to your server, including the "Host" you created in the .ssh/config file as the url so that the server uses the correct ssh key to connect (
git clone git@mysite:My-Dept/mysite.git mysite.gatech.edu
). - Change to your vhost's folder (
cd /var/www/vhosts/mysite.gatech.edu
). - Check the repo on your server to make sure you see the commits from github (
git log -n 1
).
Configure protected master branch on Github (Under construction section)
Since you will be connecting the repo to a Production site, you need to protect the master branch on github, so that all changes pushed to it must go through an approval process before being merged into the master/production branch.
Customize .gitignore file
For a Drupal 7 site, add these lines to the repo's .gitignore file (as they should not be version controlled):
- sites/*/files
- sites/*/private
- sites/*/settings.php
Set cron to do a git pull as the apache user (Under construction section)
Example:0 */1 * * * cd /var/www/vhosts/mysite.gatech.edu && git pull >> /dev/null
Change File Permissions (Under construction section)
Often, the file and directory permissions on the server differ from your local development environment. You will need a cron job or automatic git-accompanying command so that, whenever it pulls updates from the remote repository, files and directories receive the correct ownership and permissions for the server.
For a Drupal 7 site, the defaults should be:
- user and group = apache:apache
- most directories = 755
- most files = 644
- not version controlled, so set it once and forget it:
- settings.php file = 444
- /sites/*/files = 777 (directory)
- /sites/*/files/* = 666 (files)