I have a production build of my site on a VPS, and I deploy to a bare git repo which has a hook that checkouts the commits to an app directory. I use forever to keep my app running from the app directory.
What I want to do is set up a development build which I can push to. The development build could be hosted under a subdomain on my VPS. However, I'll need an authentication step that'll prevent anyone and everyone from accessing the development site. How could I put authentication in front of an entire site with little (if any) changes to my application?
Why don't you just run it on a port that isn't available to the public and then you could create an ssh tunnel and access it via localhost?
Add a dev ssh user to your VPS and assign it a password.
Your ssh tunnel would look like this (just adjust your ports accordingly):
ssh -N -L8808:localhost:8808 user#destination.com
You'll be prompted for your password and then you would leave your terminal session open and go to your dev server via "http://localhost:8808"
Another option (something I typically do). Is to have a file checked into your repo named "config.sample.json" with configuration information (in this case your username/password [development] restriction). Then you also set up git to ignore "config.json" (so you don't accidentally commit this to your repository and have to edit files on your production deployments).
Next you would write a function that would require that config.json file and use it's configuration data if the file is found otherwise it would load up as "production".
Then you would deploy your code to your development directory and afterward rename your "config.sample.json" to "config.json" and make any edits that were needed in that file to setup debugging, access control, etc.
Related
I am setting up Azure Pipelines, I have few that get sources from GitHub and trying to setup pipelines to reach TFS on Intranet, I created a Service Connection of type: “Azure Repos/Team Foundation Server” using this Other Git URL: https://tfs.myCie.com/defaultcollection/MyProject/_versionControl
When I run the pipeline, it takes some time then it displays a 504 Timeout error but the pipeline is still pending. After a while, it goes into error with this message in the step “Checkout repository#master to s”:
git -c http.proxy="http://myProxy.myCie.com:80" fetch --force --tags --prune --progress --no-recurse-submodules origin
fatal: unable to access 'https://tfs. myCie.com/defaultcollection/myProject/_versionControl/': OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tfs.oecd.org:443
##[warning] Git fetch failed with exit code 128, back off 3.667 seconds before retry.
Security team says that I should use a PAC file to setup the proxy and that should enable intranet and Internet calls but I don’t see how to update the proxy settings of my Self-Hosted Windows Agent.
Can I specify a file? Can there be a configuration for Internet and another one for intranet?
I don’t see how to update the proxy settings of my Self-Hosted Windows
Agent. Can I specify a file?
For the agent you need to create a .proxy file with the proxy URL in the root directory of your agent.
Locate the root directory of your build agent (this is the folder
that contains the run.exe and the _work folder).
Open a Command Prompt at this location.
Type this command, but replace PROXYIP & PORT with your values:
echo http://PROXYIP:PORT > .proxy
Check that your .proxy file is created at the right place:
Optional: If your proxy needs authentication, you must set these
environment variables:
set VSTS_HTTP_PROXY_USERNAME=user
set VSTS_HTTP_PROXY_PASSWORD=password
Restart the service for your build agent.
When you know that you need a proxy at the time of the installation, you can configure the proxy settings right when you call config.cmd:
./config.cmd --proxyurl http://127.0.0.1:8888 --proxyusername "user" --proxypassword "password"
For details, please refer to this blog.
Here is the official document you can refer to.
I have a big problem and I can't understand this topic. I have a server with a website. I created a repository there with git init. Than I made a git add * to add all files from my server to the repository. Than I made a commit to commit all files to the repository.
Than I cloned it with git clone ssh://username#mysite.com/wordpress/.git to my local client.
All worked fine and I got a copy from my project. No I changed something on my local version and made a commit with a push. I looked in FileZilla but the content in the file don't changed. In the other direction when I changed something on the sever and pulled it to the local copy I saw the changes. Do you know why the changes which I made on the local copy are not visible on my sever?
Thank you for your help!
You need to push changes to a central repository that both your local machine and server can pull from (or add them as remotes for each other). A service such as GitHub works nicely for this. Here are instructions for a full workflow that works well for this. Updated instructions can be found in this gist. This workflow uses hooks to do the heavy lifting so that updates to your server are automated.
Using Git to Manage a Live Web Site
Overview
As a freelancer, I build a lot of web sites. That's a lot of code changes to track. Thankfully, a Git-enabled workflow with proper branching makes short work of project tracking. I can easily see development features in branches as well as a snapshot of the sites' production code. A nice addition to that workflow is that ability to use Git to push updates to any of the various sites I work on while committing changes.
You'll need to have Git installed on your development machines as well as on the server or servers where you wish to host your website. This process can even be adapted to work with multiple servers such as mirrors behind a load balancer.
Setting up Passwordless SSH Access
The process for updating a live web server relies on the use of post hooks within the Git environment. Since this is fully automated, there is no opportunity to enter login credentials while establishing the SSH connection to the remote server. To work around this, we are going to set up passwordless SSH access. To begin, you will need to SSH into your server.
ssh user#hostname
Next, you'll need to make sure you have a ~/.ssh in your user's home directory. If not, go ahead and create one now.
mkdir ~/.ssh
On Mac and Linux, you can harness the power of terminal to do both in one go.
if [ ! -d ~/.ssh ]; then mkdir ~/.ssh; fi
Next you'll need to generate a public SSH key if you don't already have one. List the files in your ~/.ssh directory to check.
ls -al ~/.ssh
The file you're looking for is usually named similarly to id_rsa.pub. If you're not sure, you can generate a new one. The command below will create an SSH key using the provided email as a label.
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
You'll probably want to keep all of the default settings. This will should create a file named id_rsa in the ~/.ssh directory created earlier.
When prompted, be sure to provide a secure SSH passphrase.
If you had to create an SSH key, you'll need to configure the ssh-agent program to use it.
ssh-add ~/.ssh/id_rsa
If you know what you are doing, you can use an existing SSH key in your ~/.ssh directory by providing the private key file to ssh-agent.
If you're still not sure what's going on, you should two files in your ~/.ssh directory that correspond to the private and public key files. Typically, the public key will be a file by the same name with a .pub extension added. An example would be a private key file named id_rsa and a public key file named id_rsa.pub.
Once you have generated an SSH key on your local machine, it's time to put the matching shared key file on the server.
ssh user#hostname 'cat >> ~/.ssh/authorized_keys' < ~/.ssh/id_rsa.pub
This will add your public key to the authorized keys on the remote server. This process can be repeated from each development machine to add as many authorized keys as necessary to the server. You'll know you did it correctly when you close your connection and reconnect without being prompted for a password.
Configuring the Remote Server Repository
The machine you intend to use as a live production server needs to have a Git repository that can write to an appropriate web-accessible directory. The Git metadata (the .git directory) does not need to be in a web-accessible location. Instead, it can be anywhere that is user-writeable by your SSH user.
Setting up a Bare Repository
In order to push files to your web server, you'll need to have a copy of your repository on your web server. You'll want to start by creating a bare repository to house your web site. The repository should be set up somewhere outside of your web root. We'll instruct Git where to put the actual files later. Once you decide on location for your repository, the following commands will create the bare repository.
mkdir mywebsite.git
cd mywebsite.git
git init --bare
A bare repository contains all of the Git metadata without any HEAD. Essentially, this means that your repository has a .git directory, but does not have any working files checked out. The next step is to create a Git hook that will check out those files any time you instruct it to.
If you wish to run git commands from the detached work tree, you'll need to set the environmental variable GIT_DIR to the path of mywebsite.git before running any commands.
Add a Post-Receive Hook
Create a file named post-receive in the hooks directory of your repository with the following contents.
#!/bin/sh
GIT_WORK_TREE=/path/to/webroot/of/mywebsite git checkout -f
Once you create your hook, go ahead and mark it as executable.
chmod +x hooks/post-receive
GIT_WORK_TREE allows you to instruct Git where the working directory should be for a repository. This allows you to keep the repository outside of the web root with a detached work tree in a web accessible location. Make sure the path you specify exists, Git will not create it for you.
Configuring the Local Development Machine
The local development machine will house the web site repository. Relevant files will be copied to the live server whenever you choose to push those changes. This means you should keep a working copy of the repository on your development machine. You could also employ the use of any centralized repository including cloud-based ones such as GitHub or BitBucket. Your workflow is entirely up to you. Since all changes are pushed from the local repository, this process is not affected by how you choose to handle your project.
Setting up the Working Repository
On your development machine, you should have a working Git repository. If not, you can create on in an existing project directory with the following commands.
git init
git add -A
git commit -m "Initial Commit"
Add a Remote Repository Pointing to the Web Server
Once you have a working repository, you'll need to add a remote pointing to the one you set up on your server.
git remote add live ssh://server1.example.com/home/user/mywebsite.git
Make sure the hostname and path you provide point to the server and repository you set up previously. Finally, it's time to push your current website to the live server for the first time.
git push live +master:refs/head/main
This command instructs Git to push the current main branch to the live remote. (There's no need to send any other branches.) In the future, the server will only check out from the main branch so you won't need to specify that explicitly every time.
Build Something Beautiful
Everything is ready to go. It's time to let the creative juices flow! Your workflow doesn't need to change at all. Whenever you are ready, pushing changes to the live web server is as simple as running the following command.
git push live
Setting receive.denycurrentbranch to "ignore" on the server eliminates a warning issued by recent versions of Git when you push an update to a checked-out branch on the server.
Additional Tips
Here are a few more tips and tricks that you may find useful when employing this style of workflow.
Pushing Changes to Multiple Servers
You may find the need to push to multiple servers. Perhaps you have multiple testing servers or your live site is mirrored across multiple servers behind a load balancer. In any case, pushing to multiple servers is as easy as adding more urls to the [remote "live"] section in .git/config.
[remote "live"]
url = ssh://server1.example.com/home/user/mywebsite.git
url = ssh://server2.example.com/home/user/mywebsite.git
Now issuing the command git push live will update all of the urls you've added at one time. Simple!
Ignoring Local Changes to Tracked Files
From time to time you'll find there are files you want to track in your repository but don't wish to have changed every time you update your website. A good example would be configuration files in your web site that have settings specific to the server the site is on. Pushing updates to your site would ordinarily overwrite these files with whatever version of the file lives on your development machine. Preventing this is easy. SSH into the remote server and navigate into the Git repository. Enter the following command, listing each file you wish to ignore.
git update-index --assume-unchanged <file...>
This instructs Git to ignore any changes to the specified files with any future checkouts. You can reverse this effect on one or more files any time you deem necessary.
git update-index --no-assume-unchanged <file...>
If you want to see a list of ignored files, that's easy too.
git ls-files -v | grep ^[a-z]
References
Deploy Your Website Changes Using Git
A simple Git deployment strategy for static sites
Using Git to manage a website
Ignoring Local Changes to Tracked Files in Git
pushing the code merely updates the remote repository's references.
It doesn't change the checked out working copy.
Consider that you could add a colleague's repository as a remote. If you pushed and the behaviour was that it would auto-checkout that new code, that would affect what they're working on.
It sounds like what you really want is a continuous integration tool, be it something full featured or merely an rsync triggered from a git hook.
you should only ever push to a bare repository (unless you know exactly what you are doing; and even then, you should only ever push to a bare repository).
you shouldn't clone a working copy's .git/ directory.
Background: My PHP projects (CakePHP, Wordpress) run on an Ubuntu server in my network, I access them through a development TLD (.dev for example) setup through a local DNS server and I edit the files through a Samba share.
I would like to utilize Livereload for my development, preferably have it running on the server itself. I have basic Node/Gulp knowledge, but haven't been able to get this running.
Livereload (or a middleware server) should proxy the 'real' URLs, making sure all websites run as they would normally and Livereload should be available over the network (so not just localhost, because that runs on the development server)
Desired result:
Livereload runs on my dev server (IP: 10.0.0.1), my project is called helloworld.dev, I browse to 10.0.0.1:3000 on my machine and see helloworld.dev proxied through Livereload. I now edit a CSS file over the Samba share and the CSS is reloaded without a refresh.
I've tried using a few NPM packages, gulp-livereload, livereload, node-livereload, with their provided examples that come with the packages, but haven't been able to get the desired result. They all expect you to run in locally, don't support access to the Livereload URL over the network, cannot proxy the 'real' URLs or require static content.
Can anyone provide an example or 'proof of concept' code of my wish, so I can see where to start?
I found the answer: http://nitoyon.github.io/livereloadx/
This does EXACTLY what I need.
I can run
livereloadx -y http://helloworld.dev -l
open
http://serverip:35729
and I'm ready to roll.
The -y option creates the proxy to the 'real' URL and the -l makes it serve files from local filesystem instead of through its proxy.
I have copied all of the files from my production server into a local repo. I want to set up Git on the production server (Linux) so that when I push changes, they are automatically synchronized with the server.
Unfortunately, our hosting service does not allow us SSH access. Is it possible to install and set up Git on the server without having SSH access? (I can run commands in a php script using shell_exec() as kind of a workaround).
Here are some close threads with popular answers:
How to make a “git push” update files on your web host?
Pushing from GitHub to a Web Server
Private git repository over http
You could use http, https or git protocol instead of ssh. More information you can find here
I have two PC in my network:
1) CentOs
2) Windows 7
I created repository on Linux machine and add some pre-commit hook scripts. Then, I checked out files to working copy directories on both machines. Now, when I make some changes and commit them from linux working copy then pre-commit hooks works as they should. But when I commit my changes from Windows (using Tortoise or command line) commit execute but without any results of working scripts.
I have read, that scripts are lunched on PC that holds repository (correct me if I'm wrong), so it shouldn't be matter of what kind of platform I'm making changes.
So, if any one can explain me why this doesn't work from windows then I would be grateful?
The pre-commit hook is run by the machine that's hosting the server. If you're using the repository with a file:// URL or using svnlook or svnadmin commands then that's always the local machine since there isn't actually a server and the repository is accessed directly.
From the what you're saying it sounds to me like you're putting the repository on a network volume (SMB, NFS, etc) and then using a file:// URL to access it. If you use one of the other access methods then you won't have this problem.
You have 3 options.
svnserve
svnserve is a simple daemon that provides the svn:// access method. It listens on its own network port and talks a protocol that's specific to Subversion.
svnserve over ssh
The svnserve protocol is tunneled over ssh and a svnserve process is started on demand.
Apache HTTP
The mod_dav_svn and mod_authz_svn modules provide access to Subversion via an Apache httpd server. This uses the DAV and DeltaV protocols over HTTP (optionally with SSL/TLS support).
The SVN Book has a whole section on server setup that covers choosing the server to how to configure it. You probably want to read this before you make a choise and then read the configuration steps for your chosen server.