Connect your website to a github repo with SSH keys

Category

Learn how to connect a repository on github.gatech.edu to a virtual host on a server (examples given for a RHEL7 server, but similar will work IF using at least OpenSSH version 5 or higher on your server).

Make SSH Keys on Server

  1. On your server, become the superuser (sudo su).
  2. Create a folder in which to store SSH keys (mkdir /var/www/.ssh).
  3. Create an SSH key pair on your server in that .ssh directory (ssh-keygen -b 2048 -t rsa), and name the key for the virtual host (example: /var/www/.ssh/mysite).
  4. Create a config file (touch /var/www/.ssh/config) and add this code inside it:
    # mysite.gt
    Host mysite
    HostName github.gatech.edu
    PreferredAuthentications publickey
    IdentityFile /var/www/.ssh/mysite
  5. Change the .ssh folder permissions (chmod 700 /var/www/.ssh).
  6. Change the .ssh folder ownership for use by apache (chown -R apache:apache /var/www/.ssh).
  7. Change ownership of the already-existing vhost's folder for use by apache (chown -R apache:apache /var/www/vhosts/mysite.gatech.edu).
  8. Copy the contents of the public key into your Text Editor of choice (cat /var/www/.ssh/mysite.pub).

Add Deploy Key on Github

  1. Create your private repo on github.gatech.edu, under the appropriate departmental Team. Do not add any files (not even a README).
  2. Within your repo, click the Settings tab.
  3. Choose "Deploy keys" in the left side menu, and click on "Add deploy key"
  4. Give a descriptive title, like "Mysite server public key".
  5. Paste the public key you copied from your server into the "Key" area.
    • If this is your initial copying of the repo from the server TO github, check "Allow write access", so that you can push to this github repo from your server.
    • If you already have the initial copy of your files pulled from the server, you need to delete the old key and make a new one that does NOT allow write access (to improve the security setup).
  6. Click "Add key".

Connect your Server to Github

  1. Make sure git is running (git --version).
  2. Become the apache user (su -s /bin/bash - apache).
  3. You probably need to symlink the .ssh directory for the apache user, so that known_hosts is saved in the correct place.
    • As the apache user, change to the home directory (cd ~)
    • Find where that home directory is located (pwd)
    • Make a symlink from your recently-created .ssh folder to apache's home directory location (ln -s /var/www/.ssh /path/to/apache/home/.ssh).

Existing Server Repository

If this vhost on your server already has a git repo initialized, follow these steps:

  1. Change to your vhost's folder (cd /var/www/vhosts/mysite.cc.gatech.edu).
  2. Use ssh not http to add the github repo as its origin, including the "Host" you created in the .ssh/config file as the url so that the server uses the correct ssh key to connect (git remote add origin git@mysite:My-Dept/mysite.git).
  3. Push your server's repo to github (git push -u origin master).
  4. Check the repo on github to make sure you see the commits from your server.

New Server Repository

If this vhost on your server does not yet have a git repo initialized, follow these steps:

  1. Change to the directory above your vhost (cd /var/www/vhosts).
  2. Use ssh not http to copy the repo from github to your server, including the "Host" you created in the .ssh/config file as the url so that the server uses the correct ssh key to connect (git clone git@mysite:My-Dept/mysite.git mysite.gatech.edu).
  3. Change to your vhost's folder (cd /var/www/vhosts/mysite.gatech.edu).
  4. Check the repo on your server to make sure you see the commits from github (git log -n 1).

Configure protected master branch on Github (Under construction section)

Since you will be connecting the repo to a Production site, you need to protect the master branch on github, so that all changes pushed to it must go through an approval process before being merged into the master/production branch.

Customize .gitignore file

For a Drupal 7 site, add these lines to the repo's .gitignore file (as they should not be version controlled):

  • sites/*/files
  • sites/*/private
  • sites/*/settings.php

Set cron to do a git pull as the apache user (Under construction section)

Example:
0 */1 * * * cd /var/www/vhosts/mysite.gatech.edu && git pull >> /dev/null

Change File Permissions (Under construction section)

Often, the file and directory permissions on the server differ from your local development environment. You will need a cron job or automatic git-accompanying command so that, whenever it pulls updates from the remote repository, files and directories receive the correct ownership and permissions for the server.

For a Drupal 7 site, the defaults should be:

  • user and group = apache:apache
  • most directories = 755
  • most files = 644
  • not version controlled, so set it once and forget it:
    • settings.php file = 444
    • /sites/*/files = 777 (directory)
    • /sites/*/files/* = 666 (files)