hakk

software development, devops, and other drivel
Tree lined path

Setting up www-data for git deployment

A brief guide about setting up the www-data account so it’s able to clone and/or pull from a git repo.

This was done for GitHub, it will be a very similar process for other git hosting services, I believe.

After creating a git repo and a githook listener (I’m planning a future post for this), there are a few more steps that need to be taking before the listener will be able to pull down the new code or posts. In my particular case the githook listener was running as www-data on Ubuntu.

Step 1: Is to create an ssh key for www-data. If you’re not already switch to root.

$ sudo su -

Step 2: reate the directory to store the key:

root:~/# mkdir /var/www/.ssh

Step 3: Generate the key:

root:~/# sudo -u www-data ssh-keygen -t rsa -b 4096 -C "www-data@example.com"

This should automatically ask to write them to /var/www/.ssh and just accept the default names while leaving the passphrase empty. This makes it a little less secure if someone should gain access to the key but the transport will still be secure.

Step 4: Make sure the permissions are correct

Now that the keys are created it’s time to make sure the permissions on the directory and key files are set properly along with the owner.

root:~/# chown -R www-data:www-data /var/www/.ssh
root:~/# chmod 0700 /var/www/.ssh
root:~/# chmod 0600 /var/www/.ssh/id_rsa

Step 5: Add the public key to Deploy keys on your GitHub repo

Now it’s time to add the new public key to GitHub, but we’ll avoid giving it too much power by setting it as a deploy key. To do this navigate to your GitHub repo, click the “Settings” tab and “Deploy keys” option within that. Copy the contents of id_rsa.pub and paste it in.

Deploy keys on GitHub Screenshot
Deploy keys on GitHub Screenshot

Step 6: Attempt to use it from the terminal

This is the part that gave me trouble, I didn’t do this and it took me awhile to figure out what was wrong. The script simply wouldn’t work but wasn’t putting any clues as to what was happening. Finally I tried the following and was able to accept the host key.

root:~/# sudo -u www-data git clone git@github.com:example/some-repo.git

That’s it, you should now be able to clone and pull from that GitHub repo.

Posted on May 25, 2020 by bmcculley