Reputation: 49329
Deploying websites with git security
I have website that is under version control. To make it easy to deploy it to the server i am thinking about cloning the repo to the server and whenever i want to update the pages just pull changes from the server. From security point of view is this a bad idea to leave .git folder lying around on the webserver ?
Upvotes: 2
Views: 1163
Answers (2)
Reputation: 14877
Use something like git --git-dir=... checkout . This enables you to have the .git directory outside the html tree. You can even use a bare repo by adding --work-tree:
git --git-dir=... --work-tree=... checkout
Using a bare repo avoids having a redundant copy of the tree, and is better for pushing into.
The same can be specified using environment variables, too. The git man page has the details.
Upvotes: 3
Reputation: 2081
You can place arbitrary files in .git, such as a .htaccess file which would prevent any access through the web server.
If you want an extra security layer (in case you forget to put the .htaccess there while recloning the repository for example), you can have your web server refuse to serve any URL with .git/ in it by using mod_rewrite (provided you use Apache, other web servers will use other mechanisms).
Upvotes: 4
Related Questions
- Advice for using Git to manage website development?
- How to deploy a website via git pull?
- Security concerns when using git as a deployment utility
- Deploy Website using git
- Using GIT to deploy website
- Deploying a website to multiple environments with git
- Deploy web site via Git
- Best practices for using git in website deployments
- Deploying PHP website from Git repository
- How should I set up my git remote repo to deploy websites?