/ DevOps Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Deploy Your Static or Dynamic Websites Using Git in Public Cloud

DZone's Guide to

Deploy Your Static or Dynamic Websites Using Git in Public Cloud

Do you want to save some pennies or just for a quick demo? Well, that doesn't necessarily mean that you need to rent a VM.

by
·
Oct. 18, 16 · DevOps Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Do you need to strengthen the security of the mobile apps you build? Discover more than 50 secure mobile development coding practices to make your apps more secure.

So, You Don’t Want to Start VMs in Public Cloud

If you want to save some pennies or just for a quick demo, you don’t necessarily need to rent a VM. You can run websites directly in your laptop, Linux, or Mac (pity for Windows users), then export your laptop to the internet.

Allow Git Clone by SSH Key and Run Git Pull Every 10 Minutes

Configure GitHub/BitBucket your SSH key.

I assume you’re familiar with Git clone by SSH. Probably like lots of developers, you will use your own private key. I highly disagree with that. Too dangerous! Your SSH private key can unlock lots of precious treasures, far more than this git repo. Right?

Git deploy key

How to improve? Create a read-only git deploy key in GitHub/BitBucket repo setting. To do that, we need to create a new SSH key pair so that it’s new and isolated. And Git deploy key has a nice limitation: we can’t use the same deploy key for multiple repos. It adds extra security.

For simplicity or reasonable security compromise, some people may still use their private key. I admit, it makes sense to some extent. Then, protect your SSH key with a passphrase. It’s easy and simple.

For simplicity, here, we use root to checkout the code and set up the website. To improve the security, try with an ordinary OS user.

# Update ssh key to below
vim /root/git_deploy_key

# ssh private key can't be widely open
chmod 400 /root/git_deploy_key

Specify the SSH key for the Git clone:

vim /root/.ssh/config

host github.com
     HostName github.com
     StrictHostKeyChecking no
     User git
     IdentityFile /root/git_deploy_key

Run the Git clone to get the repo:

# Run with correct parameters.
cd /var/www/
git clone git@github.com:XXX/denny_www.git

Create a crontab for a periodical Ggit pull. Now, there is no need for manual login and update anymore.

crontab -e

# Change file path
*/10 * * * * cd /var/www/denny_www; git pull

For Static Websites, Create Apache Vhost

For static websites of plain HTML, we don’t need to run  with our own server. It can be done with GitHub Pages. See more discussion here.

Well, GitHub Pages only solves 80% of the problem. If you’re in China, the accessibility of GitHub is not guaranteed. You may want to use your own domain instead of XXX.github.io. Use Apache2 or NGINX to serve the requests.

Apache vhost example (NGINX is pretty similar):

# Install apache
apt-get install -y apache2

# Define vhost
vim /etc/apache2/sites-enabled/my-static.conf

<VirtualHost *:80>
    ServerAdmin webmaster@dummy.test.com
    DocumentRoot /var/www/denny_www
    <Directory '/var/www/denny_www'>
        Options All
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog /var/log/apache2/my-error.log
    CustomLog /var/log/apache2/my.log common
</VirtualHost>

# Reload apache
service apache2 reload

For Dynamic Websites, Use Apache For HTTP Reverse Proxy

Let’s say your dynamic website listens on port 8082 and you want to open by My Test

Configure the DNS setting properly or be sure that /etc/hosts is properly changed. Then, enable Apache modules for:

a2enmod proxy
a2enmod proxy_http

# Restart apache to load modules
service apache2 restart

vim /etc/apache2/sites-enabled/dynamic.conf:

<VirtualHost *:80>
ServerName www.mytest.com
ServerAlias mytest.com
ServerAdmin webmaster@smallco.example.com
ErrorLog /var/log/apache2/dynamic_error_log
TransferLog /var/log/apache2/dynamic_access_log
DocumentRoot /var/www
ProxyPass / http://127.0.0.1:8082/
ProxyPassReverse / http://127.0.0.1:8082/
</VirtualHost>

If necessary, configure the firewall to allow the traffic:

ufw allow 80/tcp

# Some URI might has port number attached
ufw allow 8082/tcp
curl -I http://www.mytest.com

Add Password Protection to Your Existing Websites

Sometimes, you may only want certain people to visit your websites. With Apache htpasswd, we can create a username-password pair easily. People will need to input the credential first in their web browser before the actual pages load.

Create a user credential:

apt-get install -y apache2-utils

# create password file for a new user
/etc/apache2/.htpasswd $username

Update the vhost setting to enforce the authentication from...

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html">
    </Directory>
</VirtualHost>

...to:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Directory>
</VirtualHost>

Verify the setting and open http://$domain_name:$port in your web browser.

Enforce username and password for apache

Monitor Your Websites with Free SaaS Monitoring

Check your URL every five minutes. If the URL doesn’t return HTTP 200 OK or tcp ports down, then we get alerts.

From my experience, I highly recommend uptimerobot. It’s a very reliable and light-weight SaaS monitoring service and it’s totally free. You can even integrate the alert notification with Slack via a Slack email robot.

More Reading: Effectively Technical Writing in GitHub

Check out tips for blazing the way from agile to DevSecOps with security built into your mobile app toolchain.

Like This Article? Read More From DZone

Pulling Git Into a Docker Image Without Leaving SSH keys Behind
Git Tutorial: What Is SSH? [Video]
Need an SSH Client on Windows? Don't Use Putty or Cygwin... Use Git

Free DZone Refcard

Code Review Patterns and Anti-Patterns
DOWNLOAD
Topics:
saas ,ssh ,devops ,git

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

DevOps Partner Resources

Why Time Series matters for metrics, real-time, and sensor data
Ben Golub, former CEO of Docker: What’s the Secret to Improving Security for DevOps?
Incidents Are Costly. Prevention is Free. xMatters Free: on-call scheduling, notifications, and integrations
Fix IT Problems Faster with xMatters Free. Integrate Your Existing Systems and Minimize Downtime
The Importance of Historical Log Data
Make Keys and Certificates Secure Without Breaking Your DevOps Practices
The Fastest Way From Node to Kubernetes
Get a comprehensive view into the health of your EC2 server instances
The DevOps Challenge: Open Source Security at Scale [Webinar]
Open Source Security Management in the Age of DevOps [White Paper]
A Phased Approach to Securing DevOps for Mobile Apps
Troubleshoot Slow MongoDB Queries in Minutes

DevOps Partner Resources

Why Time Series matters for metrics, real-time, and sensor data
Ben Golub, former CEO of Docker: What’s the Secret to Improving Security for DevOps?
Incidents Are Costly. Prevention is Free. xMatters Free: on-call scheduling, notifications, and integrations
Fix IT Problems Faster with xMatters Free. Integrate Your Existing Systems and Minimize Downtime

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone