Setting up www-data for git deployment
A brief guide about setting up the www-data account so it’s able to clone and/or pull from a git repo.
This was done for GitHub, it will be a very similar process for other git hosting services, I believe.
After creating a git repo and a githook listener (I’m planning a future post for this), there are a few more steps that need to be taking before the listener will be able to pull down the new code or posts. In my particular case the githook listener was running as www-data on Ubuntu.
Step 1: Is to create an ssh key for www-data. If you’re not already switch to root.
$ sudo su -
Step 2: reate the directory to store the key:
root:~/# mkdir /var/www/.ssh
Step 3: Generate the key:
root:~/# sudo -u www-data ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
This should automatically ask to write them to
/var/www/.ssh and just
accept the default names while leaving the passphrase empty. This makes
it a little less secure if someone should gain access to the key but the
transport will still be secure.
Step 4: Make sure the permissions are correct
Now that the keys are created it’s time to make sure the permissions on the directory and key files are set properly along with the owner.
root:~/# chown -R www-data:www-data /var/www/.ssh root:~/# chmod 0700 /var/www/.ssh root:~/# chmod 0600 /var/www/.ssh/id_rsa
Step 5: Add the public key to Deploy keys on your GitHub repo
Now it’s time to add the new public key to GitHub, but we’ll avoid giving it too much power by setting it as a deploy key. To do this navigate to your GitHub repo, click the “Settings” tab and “Deploy keys” option within that. Copy the contents of id_rsa.pub and paste it in.
Step 6: Attempt to use it from the terminal
This is the part that gave me trouble, I didn’t do this and it took me awhile to figure out what was wrong. The script simply wouldn’t work but wasn’t putting any clues as to what was happening. Finally I tried the following and was able to accept the host key.
root:~/# sudo -u www-data git clone email@example.com:example/some-repo.git
That’s it, you should now be able to clone and pull from that GitHub repo.